Deploy an information protection solution with Microsoft Purview
Your information protection strategy is driven by your business needs. Many organizations must comply with regulations, laws, and business practices. Additionally, organizations need to protect proprietary information, such as data for specific projects.
Microsoft Purview Information Protection (formerly Microsoft Information Protection) provides a framework, process, and capabilities you can use to accomplish your specific business objectives.
Microsoft Purview Information Protection framework
Use Microsoft Purview Information Protection to help you discover, classify, protect, and govern sensitive information wherever it lives or travels.
Watch the following Ignite session to see how these capabilities support and build on each other: Know your data, protect your data, and prevent data loss with Microsoft Information Protection.
For data governance, see Deploy a data governance solution with Microsoft Purview.
Microsoft Purview Information Protection capabilities are included with Microsoft Purview. The licensing requirements can vary even within capabilities, depending on configuration options. To identify licensing requirements and options, see the Microsoft 365 guidance for security & compliance.
Know your data
Knowing where your sensitive data resides is often the biggest challenge for many organizations. Microsoft Purview Information Protection data classification helps you to discover and accurately classify ever-increasing amounts of data that your organization creates. Graphical representations help you gain insights into this data so you can set up and monitor policies to protect and govern it.
|1||Describe the categories of sensitive information you want to protect.
You already have an idea of what types of information are most valuable to your org and what types aren't. Work with stakeholders to describe these categories that are your starting point.
|Learn about sensitive information types|
|2||Discover and classify sensitive data.
Sensitive data in items can be found by using many different methods that include default DLP policies, manual labeling by users, and automated pattern recognition using sensitive information types or machine learning.
|Learn about data classification|
|3||View your sensitive items.
Use content explorer and activity explorer for a deeper analysis of sensitive items and the actions that users are taking on these items.
|Get started with content explorer|
Protect your data
Use the information from knowing where your sensitive data resides to help you more efficiently protect it. But there's no need to wait—you can start to protect your data immediately with a combination of manual, default, and automatic labeling. Then use content explorer and activity explorer from the previous section to confirm what items are labeled and how your labels are being used.
If you're a developer who wants to extend sensitivity labels to line-of-business apps or third-party SaaS apps, see Microsoft Information Protection (MIP) SDK setup and configuration.
Additional protection capabilities
Microsoft Purview includes additional capabilities to help protect data. Not every customer needs these capabilities, and some might be superseded by more recent releases.
Use the Protect your data with Microsoft Purview page for the full list of protection capabilities.
Prevent data loss
Deploy Microsoft Purview Data Loss Prevention (DLP) policies to govern and prevent the inappropriate sharing, transfer, or use of sensitive data across apps and services. These policies help users make the right decisions and take the right actions when they're using sensitive data.
|1||Learn about DLP.
Organizations have sensitive information under their control, such as financial data, proprietary data, credit card numbers, health records, or social security numbers. To help protect this sensitive data and reduce risk, they need a way to prevent their users from inappropriately sharing it with people who shouldn't have it. This practice is called data loss prevention (DLP).
|Learn about data loss prevention|
|2||Plan your DLP implementation.
Every organization will plan for and implement data loss prevention (DLP) differently, because every organization's business needs, goals, resources, and situation are unique to them. However, there are elements that are common to all successful DLP implementations.
|Plan for data loss prevention|
|3||Design and create a DLP policy.
Creating a data loss prevention (DLP) policy is quick and easy, but getting a policy to yield the intended results can be time consuming if you have to do a lot of tuning. Taking the time to design a policy before you implement it will get you to the desired results faster, and with fewer unintended issues, than tuning by trial and error alone.
|Design a DLP policy|
|4||Tune your DLP policies.
After you deploy a DLP policy, you'll see how well it meets the intended purpose. Use that information to adjust your policy settings for better performance.
|Create, test, and tune a DLP policy|
Learning modules for consultants and admins:
- Introduction to information protection and data lifecycle management in Microsoft Purview
- Classify data for protection and governance
- Protect information in Microsoft Purview
- Prevent data loss in Microsoft Purview
To help train your users to apply and use the sensitivity labels that you configure for them, see End-user documentation for sensitivity labels.
When you deploy data loss prevention policies for Teams, you might find useful the following end-user guidance as an introduction to this technology with some potential messages that they might see: Teams messages about data loss prevention (DLP) and communication compliance policies .
Submit and view feedback for