Analytics and governanceComplianceSecurity and complianceIntermediate22 min read

What Is Microsoft Purview? Security Definition

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security
On This Page

Quick Definition

Microsoft Purview is a tool that helps businesses keep track of their data, know what kind of information they have, and make sure it is used safely and follows rules. It combines two older Microsoft services: data governance and compliance management. By using Purview, companies can see where sensitive data lives, who has access to it, and how to protect it from leaks or misuse. Think of it as a central control room for all the data across your organization.

Commonly Confused With

Microsoft PurviewvsAzure Policy

Azure Policy is used to enforce rules and compliance on Azure resource configurations (like VM sizes or region restrictions), while Microsoft Purview focuses on data governance and data themselves (classification, DLP, catalog). Azure Policy applies to infrastructure, Purview applies to data content.

Azure Policy can prevent users from creating a storage account without encryption, while Purview can scan that storage account to find and classify credit card numbers inside the text files.

Microsoft PurviewvsMicrosoft 365 Defender

Microsoft 365 Defender is a security solution that detects and responds to cyber threats like malware, phishing, and brute-force attacks. Purview handles compliance and data governance, not threat detection. They can work together, but they serve different purposes.

Defender alerts you if an employee's account is compromised and an attacker starts downloading files, while Purview's DLP can stop sensitive files from being emailed out in the first place.

Microsoft PurviewvsAzure Information Protection (AIP)

Azure Information Protection (now part of Purview) was a separate service for classifying and protecting documents, but Purview is the unified platform that includes AIP's functionality along with data catalog, DLP, eDiscovery, and insider risk management. Purview is broader.

If you only need to label a Word document as 'Confidential', AIP could do that. But if you also want to scan your databases for sensitive data and track lineage, you need Purview.

Microsoft PurviewvseDiscovery (Microsoft Purview eDiscovery)

eDiscovery is a specific capability within Purview that helps search, hold, and export data for litigation or investigations. It is not the whole Purview service. Purview offers eDiscovery as one of several compliance tools.

A legal team might use Purview eDiscovery to find all emails related to a lawsuit, while the IT team uses Purview's DLP to prevent data leaks.

Must Know for Exams

Microsoft Purview is a significant topic in several Microsoft certification exams, particularly the SC-900 (Microsoft Security, Compliance, and Identity Fundamentals), MS-102 (Microsoft 365 Administrator), and DP-900 (Microsoft Azure Data Fundamentals). For SC-900, Purview appears under the 'compliance management capabilities of Microsoft 365' and 'data governance' objectives. Exam questions often ask about the core features of Purview, such as data classification, sensitivity labels, Data Loss Prevention (DLP), and the data catalog.

You should know that Purview replaced the Microsoft 365 Compliance Center and Azure Purview and that it unifies data governance and compliance. Questions may ask you to identify the correct tool for a specific scenario: for example, you might be asked which service should be used to automatically classify sensitive data in SharePoint Online, and the answer would be Microsoft Purview. For MS-102, which focuses on Microsoft 365 administration, Purview topics include configuring DLP policies, managing data retention labels, and understanding insider risk management.

You might get a scenario where a company needs to prevent employees from sharing confidential documents via email, and you need to know that Purview's DLP policies are the solution. For DP-900, Purview is mentioned in the context of data governance and cataloging within Azure data services. Exam questions may ask about Purview's ability to scan and catalog data from Azure Data Lake, Azure SQL, and Power BI.

You should understand the concept of a data map and lineage. In all these exams, common question types include multiple-choice questions that ask to identify the purpose of a feature, case-study-based questions that require you to choose the best solution, and 'drag-and-drop' questions where you match capabilities to descriptions. For example, a question might describe a company that has customer data in Azure SQL and wants to see where that data flows; the correct answer might be 'use Purview's data lineage feature'.

Knowing that Purview provides both governance and compliance solutions in one platform is key. Also, be aware that Purview uses 'Microsoft Information Protection' (MIP) sensitivity labels and that these labels travel with the data (persistent protection). Traps often involve confusing Purview with other tools like Azure Policy or Microsoft 365 Defender.

Remember: Purview focuses on data governance and compliance, not on infrastructure security or threat detection.

Simple Meaning

Imagine you run a large library with thousands of books scattered across many rooms, some on shelves, some in boxes, and some even stored in other buildings. You need to know what each book is about, who has borrowed it, and whether any of them contain private information like someone's address. Without a system, you would have to walk through every room and check every box by hand, which would take forever and you would probably miss things.

Microsoft Purview is like a smart library catalog system that automatically finds every book, reads the title and summary, tags it with labels like 'contains personal data' or 'finance report', and then sets rules about who can take it out and when it must be returned or destroyed. In the digital world, organizations have data in many places: emails, databases, files on laptops, cloud storage like OneDrive or AWS S3, and even old servers. Microsoft Purview scans all those places, classifies the data, and helps enforce policies to keep everything secure and compliant with laws like GDPR or HIPAA.

It also gives you dashboards to show where your most sensitive data lives, whether it is being shared too widely, and what actions you need to take. So instead of manual checks, you get a clear, automated view of your entire data landscape, with alerts and reports to help you stay out of trouble.

Full Technical Definition

Microsoft Purview is a cloud-based suite of services that combines data governance, data cataloging, and compliance management into a single platform. It was formed from the merger of Azure Purview (data governance) and the Microsoft 365 Compliance Center (compliance and risk management). At its core, Purview provides automated data discovery, classification, lineage tracking, and policy enforcement across on-premises, multi-cloud, and hybrid environments.

It supports scanning of various data sources including Azure Blob Storage, Azure SQL Database, Amazon S3, Google Cloud Storage, Power BI datasets, Microsoft 365 workloads (Exchange, SharePoint, Teams), and SQL Server on-premises. The scanning process uses system- and custom-classification rules to identify sensitive information types such as credit card numbers, passport IDs, health records, and custom business data. It creates a metadata-rich data map that shows where data lives, its schema, and its lineage (how it flows from source to destination).

The data catalog allows data consumers to search, find, and understand datasets using business glossaries and technical metadata. Policy enforcement is handled through compliance solutions such as Data Loss Prevention (DLP), eDiscovery, insider risk management, and records management. DLP policies can block or warn when sensitive data is shared externally via email or cloud apps.

Purview also integrates with Microsoft 365 Defender for extended detection and response. On the governance side, Purview includes an asset management system where you can register data sources, schedule scans, and apply classification rules. These scans can be full scans or incremental scans to minimize performance impact.

The system supports both manual and automated classification using machine learning-based classifiers. Purview also supports Microsoft Information Protection (MIP) sensitivity labels, which can be automatically applied to documents and emails based on content. These labels travel with the data even if it is moved or copied.

All activities are logged and can be audited through the Azure Activity Log or Microsoft 365 Audit Log. Real-world IT implementation often involves deploying Purview as a central governance hub, with multiple data source registrations, custom classification rules for industry-specific data, and strict DLP policies to prevent data breaches. Performance tuning is important because scanning large data lakes can be resource-intensive, so scheduling scans during off-peak hours and using incremental scans are best practices.

Purview pricing is consumption-based, meaning you pay based on the number of data assets scanned and stored.

Real-Life Example

Think of Microsoft Purview as the security and catalog system of a huge public museum. The museum has many galleries, storage rooms, and even a few off-site warehouses filled with art pieces. Some paintings are priceless, others contain hidden details that are private or sensitive, and all need to be tracked so that nothing gets lost or mishandled.

Without a system, the museum staff would have to walk around with clipboards, manually write down where each painting is, hope they do not miss any, and trust that no one sneaks a painting out the back door. Microsoft Purview is like an intelligent security camera and catalog system combined. It automatically identifies every painting, reads its description, and tags it with labels like 'contains historical secret' or 'public exhibit'.

It also tracks who has the keys to each gallery, whether a painting has been moved, and if someone tries to take a painting to the loading dock without permission, an alert goes off. In the analog world, this prevents art theft and ensures the museum follows regulations about displaying certain artifacts. In the digital world, Purview does the same for company data: it finds all files, databases, and emails, tags sensitive content, monitors data movement, and enforces rules to prevent unauthorized sharing.

For example, if an employee tries to email a spreadsheet containing customer credit card numbers to their personal account, Purview's DLP policy can block that action and notify the security team. This helps the organization avoid data breaches and stay compliant with privacy laws.

Why This Term Matters

In today's IT landscape, data is one of the most valuable assets a company owns, but it is also one of the most difficult to manage. Organizations generate and store massive amounts of data across cloud apps, on-premises servers, endpoints, and third-party services. Without a unified governance strategy, this data can become a liability.

Sensitive information may sit unprotected in forgotten folders, compliance violations can lead to heavy fines, and data silos prevent teams from making informed decisions. Microsoft Purview matters because it provides a single pane of glass to see and control all that data. For IT professionals, Purview simplifies compliance with regulations such as GDPR, HIPAA, and CCPA by automating data classification and retention policies.

It also helps reduce the risk of data exfiltration through DLP policies that monitor and control data movement. For data analysts and scientists, Purview's catalog makes it easy to find and trust datasets, knowing that they have been classified and governed properly. From a cost perspective, Purview can help avoid the expensive consequences of data breaches, which average millions of dollars in damages and reputational harm.

Purview integrates with existing Microsoft security tools like Defender and Sentinel, giving a holistic view of threats and risks. In practice, IT admins use Purview to register all data sources, set up scanning schedules, and define classification rules. They also configure DLP policies to prevent sensitive data from leaving the organization.

As more companies adopt hybrid and multi-cloud strategies, having a central governance tool like Purview becomes a necessity rather than an option.

How It Appears in Exam Questions

In Microsoft certification exams, Microsoft Purview typically appears in scenario-based multiple-choice questions, drag-and-drop matching tasks, and sometimes in case studies. A common pattern is a scenario describing an organization's data compliance challenge, and you must select the correct Microsoft Purview feature that solves it. For example, a question might say: 'A company wants to automatically find and classify personal data in their Azure Blob Storage and apply retention policies based on data type.

Which Microsoft service should they use?' The answer would be Microsoft Purview. Another pattern is where you are given a list of tasks and must match each to the appropriate Microsoft solution.

For instance, tasks like 'prevent sensitive data from being shared externally via email' would match to Purview's DLP, while 'monitor user behavior for risky activities' would match to Insider Risk Management (also part of Purview). In drag-and-drop questions, you might see features like 'Data Catalog', 'Data Map', 'Data Loss Prevention', 'eDiscovery', and 'Records Management', and you need to place them under the correct categories of 'Data Governance' or 'Compliance'. Configuration-based questions are also common: 'You are configuring a DLP policy in Purview.

Select the two actions that will prevent data leakage.' Possible answers include 'Block sharing with external users' and 'Send an alert to the admin'. Troubleshooting questions may read: 'Users report that sensitive data is still being shared even though a DLP policy is active.

What should you check first?' The correct answer might be 'Ensure the policy is scoped to the correct locations (e.g., Exchange Online, SharePoint)'. Another trick is that questions may refer to the older name 'Azure Purview' or 'Microsoft 365 Compliance Center' and ask which newer service replaced them.

You need to know that both were merged into Microsoft Purview. Also, keep in mind that Purview integrates with other services, so a question might ask about the combination: 'Which two components in Purview work together to apply sensitivity labels and enforce DLP?' The answer includes MIP (Microsoft Information Protection) and the Purview Compliance Portal.

Practise Microsoft Purview Questions

Test your understanding with exam-style practice questions.

Practise

Example Scenario

Scenario: You work for a mid-sized healthcare company that stores patient records in multiple places: an on-premises SQL Server database, a cloud storage bucket on Azure, and email communications in Exchange Online. Your compliance officer has just informed you that the company must comply with HIPAA regulations, which require you to know where all Protected Health Information (PHI) is located, ensure it is encrypted, and prevent it from being shared with unauthorized people. Currently, you have no central system to discover, classify, or protect this data.

You decide to implement Microsoft Purview. First, you register the on-premises SQL Server as a data source in Purview and schedule a scan. The scan identifies tables containing patient names, diagnosis codes, and social security numbers, automatically classifying them as 'Medical Records' and 'PHI'.

Next, you register the Azure Blob Storage containing backup files and set up a scan; it finds documents with similar sensitive data and applies the same classifications. For Exchange Online, you configure Purview to scan emails and apply DLP policies that block any external email containing PHI. You also create sensitivity labels called 'Confidential - Patient Data' and apply them automatically based on content detection.

Now, when a staff member tries to email a patient's lab report to their personal Gmail account, the DLP policy blocks the email and sends a notification to the compliance officer. The compliance officer can use Purview's dashboard to see a unified view of all PHI across the organization, track who has accessed it, and set retention policies to delete data after the required retention period. This scenario shows how Purview solves a real-world compliance and governance need for a healthcare organization.

Common Mistakes

Thinking Microsoft Purview is just a data catalog tool with no compliance features.

Purview actually combines data governance (catalog, map, lineage) with full compliance capabilities including DLP, eDiscovery, insider risk management, and records management.

Remember that Purview unifies both governance and compliance into one service. It is not just a catalog; it also enforces policies and manages risks.

Confusing Purview's DLP with Microsoft 365 Defender or Azure Security Center.

Microsoft 365 Defender is for threat protection (malware, phishing), while Azure Security Center focuses on infrastructure security (firewalls, patching). Purview's DLP specifically prevents data leakage by monitoring and controlling data sharing.

Understand that DLP in Purview is about data in use and data in motion-stopping sensitive data from being shared inappropriately-not about detecting security threats.

Assuming Purview only works with Microsoft cloud services like Azure and M365.

Purview can scan and catalog data from on-premises sources (like SQL Server), and also from third-party clouds such as Amazon S3, Google Cloud Storage, and Snowflake.

Learn that Purview supports multi-cloud and hybrid environments, not just Microsoft's own platforms.

Believing that sensitivity labels applied in Purview stay only in the original location and do not travel with the data.

Microsoft Information Protection (MIP) sensitivity labels are persistent-they stick with the data even when it is copied, moved, or shared outside the organization.

Remember that labels applied via Purview are like permanent tags that follow the data everywhere, allowing continued protection even after it leaves your environment.

Thinking that scanning data sources in Purview requires manual intervention every time new data is added.

Purview supports automated incremental scans that detect new or changed data without manual re-scanning. You can schedule scans to run regularly.

Know that Purview is designed for automation: set up a scan rule set once, and it will discover new data automatically.

Exam Trap — Don't Get Fooled

{"trap":"In an exam question, you are asked which Microsoft tool provides 'data lineage' and 'data catalog' capabilities. The options include Microsoft Purview, Microsoft 365 Defender, and Azure Synapse Analytics. Many learners choose Azure Synapse because it is a data analytics service, but the correct answer is Microsoft Purview."

,"why_learners_choose_it":"Learners assume that data catalog and lineage are part of data analytics tools like Azure Synapse because they deal with data pipelines. They do not realize that Purview specializes in metadata management and governance across sources.","how_to_avoid_it":"Focus on the exact keywords in the question: 'data catalog', 'data map', 'data lineage', and 'governance'.

Those are hallmark features of Purview. Azure Synapse is about processing and analyzing data, not about cataloging and governing it across multiple sources."

Step-by-Step Breakdown

1

Register Data Sources

First, you identify and register all the places where your data resides. This includes Azure Blob Storage, Azure SQL Database, Power BI datasets, on-premises SQL Server, Amazon S3, Google Cloud Storage, and Microsoft 365 workloads like SharePoint and Exchange. Registering them in Purview creates a connection that allows Purview to scan them.

2

Create a Scan Rule Set

You define what Purview should look for during scanning. This includes file types (e.g., .docx, .csv, .parquet), classification rules (e.g., 'Credit Card Number' or 'Social Security Number'), and whether to use custom or system-defined classifiers. This helps Purview understand which data patterns are sensitive in your context.

3

Schedule and Run Scans

After setting up the scan rule set, you schedule scans to run automatically (e.g., nightly) or run them on demand. Scans can be full (all data) or incremental (only changed data). During a scan, Purview connects to each data source, reads metadata and content, and applies the classification rules.

4

Explore the Data Map and Catalog

Once scans are complete, you can use Purview's data map to see a visual representation of where your data comes from, its lineage, and how it transforms. The data catalog allows users to search for datasets, view their classifications, and see business glossaries. This helps analysts find the right data quickly.

5

Configure Sensitivity Labels and DLP Policies

Now that your data is classified, you can create sensitivity labels (e.g., 'Highly Confidential') and apply them automatically based on the classifications. Then you set up Data Loss Prevention (DLP) policies to control actions like sharing, printing, or copying sensitive data. These policies can block risky actions and notify admins.

6

Monitor and Adjust

After implementation, use Purview's dashboards and alerts to monitor policy violations, see data trends, and adjust rules as needed. You can also set up retention labels to automatically delete data after a certain period. Regular reviews ensure that governance stays effective as new data sources and regulations appear.

Practical Mini-Lesson

Microsoft Purview is not just a theoretical concept; it is a practical tool that IT professionals must configure, maintain, and troubleshoot. Let us walk through a realistic implementation. Suppose you are hired as a data governance administrator for a financial services company.

Your first task is to register the company's data sources: a SQL Server database on-premises containing customer transactions, an Azure Data Lake Storage Gen2 with logs, and a SharePoint Online site with loan applications. You open the Azure Portal, search for Microsoft Purview, and create a Purview account (a resource in Azure). Inside the Purview governance portal, you use the 'Sources' section to add each source.

For the on-premises SQL Server, you need to install a self-hosted integration runtime (a software gateway) to allow Purview to connect through your firewall. After registration, you create a scan rule set named 'Financial Sensitive Data' and add classifications like 'SWIFT Code', 'Bank Account Number', and 'Credit Card Number'. You also add a custom classification for 'Internal Loan ID' using a regex pattern.

You schedule the scans to run every Sunday at midnight to avoid performance impact. Once the scans finish, you check the 'Data Map' and see that Purview has automatically drawn lineage from the SQL Server tables to the Azure Data Lake files, showing how data flows. This helps you verify that ETL processes are correctly documented.

Next, you create sensitivity labels: 'Public', 'Internal', 'Confidential', and 'Highly Confidential - Financial'. You configure auto-labeling rules so that any file containing a credit card number is automatically marked 'Highly Confidential - Financial'. For DLP, you create a policy that blocks emailing any file with that label outside the company and shows a policy tip to the user.

You also enable auditing so all events are logged. A common issue you might face: after deploying the DLP policy, users start reporting that they cannot send legitimate financial reports to external auditors. You then create an exception rule that allows specific domains (e.

g., '@auditfirm.com') with admin approval. This shows the importance of balancing security with business needs. Another best practice: test policies in audit-only mode before enabling them to block actions, so you can see what would be flagged without disrupting users.

In production, you monitor the DLP reports daily to identify false positives and adjust classification rules accordingly. Professionals also use Purview's 'Insider Risk Management' module to detect unusual data access patterns, such as an employee downloading thousands of records before leaving the company. This practical knowledge is essential for any IT role involving data compliance.

Memory Tip

Purview = Purr-view over all data: it sees, classifies, and protects everything like a cat watching its territory.

Covered in These Exams

Current Exam Context

Current exam versions that test this topic — use these objectives when studying.

Related Glossary Terms

Frequently Asked Questions

Is Microsoft Purview free?

No, Microsoft Purview has a consumption-based pricing model. You pay for the number of data assets scanned and stored, plus additional costs for some compliance features like DLP or eDiscovery. There is a free tier with limited capabilities for small-scale testing.

What is the difference between Microsoft Purview and Azure Purview?

Azure Purview was the original name for the data governance service. Microsoft later merged it with the Microsoft 365 Compliance Center and rebranded the combined service as 'Microsoft Purview'. The new name reflects that it covers both Azure data and M365 data in one platform.

Can Purview scan data in non-Microsoft clouds like AWS?

Yes, Microsoft Purview supports scanning data sources in Amazon S3, Google Cloud Storage, and Snowflake, among others. You need to provide credentials and network connectivity to scan these external sources.

Do I need to know Purview for the DP-900 exam?

Yes, DP-900 includes questions about data governance and cataloging, and Purview is the primary service mentioned. You should understand its role in data discovery, classification, and lineage.

How does Purview handle personal data under GDPR?

Purview can automatically identify personal data using classification rules (e.g., email addresses, phone numbers). It can then apply retention or deletion policies to comply with the 'right to erasure' and data minimization principles.

What happens if a DLP policy in Purview conflicts with another policy?

Purview evaluates DLP policies in order of priority. You can set a higher priority to override conflicting rules. It is best to test policies in audit mode first to detect conflicts before enforcing them.

Can I use Purview without Azure?

Purview is a cloud service hosted in Azure, so you need an Azure subscription to use it. However, it can govern data from on-premises and other clouds, not just Azure.

Is Microsoft Purview the same as the Microsoft 365 Compliance Center?

Not exactly. Purview replaces and expands the Microsoft 365 Compliance Center by adding data governance capabilities like data map and catalog. The compliance portal is now part of Purview.

Summary

Microsoft Purview is a comprehensive, unified platform for data governance and compliance that every IT professional should understand. It combines the ability to discover and catalog data across on-premises, Azure, and third-party clouds with powerful compliance tools such as Data Loss Prevention, sensitivity labels, eDiscovery, and insider risk management. By using Purview, organizations gain full visibility into their data landscape, can automatically classify sensitive information, and enforce policies that prevent data breaches and ensure regulatory compliance.

For IT certification learners, Purview is a key topic in exams like SC-900, MS-102, and DP-900. In SC-900, you need to know the basic features and how it fits into the Microsoft security and compliance portfolio. For MS-102, expect questions on configuring DLP and managing data governance within Microsoft 365.

For DP-900, focus on Purview's role in metadata management, data cataloging, and lineage tracking across Azure data services. Common exam traps include confusing Purview with Azure Policy or Microsoft 365 Defender, or forgetting that Purview can scan non-Microsoft sources. Practical implementation involves setting up data source registrations, scanning, classification rules, and DLP policies, along with monitoring and adjustments.

Remember that Purview is not just a catalog; it is your organization's central hub for data control and risk reduction. As you study, use the memory tip that Purview is like a watchful cat that 'purrs over' all your data, seeing everything, classifying it, and keeping it safe. By mastering Purview, you add a vital skill to your IT toolkit and increase your value in any role involving data management, security, or compliance.