This chapter provides a comprehensive overview of the Microsoft Purview portal, the unified interface for managing data security, compliance, and governance in Microsoft 365. For the MS-102 exam, this topic falls under Domain: Security Threats, Objective 3.3, and is foundational to understanding how to configure and manage Purview solutions. Approximately 10-15% of exam questions touch on Purview portal navigation, role assignments, and integration with other Microsoft 365 security tools.
Jump to a section
Imagine a large corporate headquarters with multiple buildings, each with its own security guards, cameras, and access logs. Historically, each building operated independently—if you wanted to investigate a security incident, you had to visit each building, review separate logs, and correlate timestamps manually. Now, the company builds a Central Security Command Center (CSCC) with a single pane of glass. All buildings stream their camera feeds, badge swipes, and alarm events into the CSCC in real time. The CSCC has specialized workstations: one for data loss prevention (monitoring what documents leave the building), one for insider risk (detecting suspicious behavior patterns), one for compliance (ensuring records are retained properly), and one for eDiscovery (searching for specific documents during lawsuits). Each workstation has its own tools, but they all share the same underlying data lake. The CSCC also has a unified audit log that records every action taken in any workstation. A security analyst can sit at any workstation and, using the same authentication badge, access the relevant tools without needing separate credentials. The CSCC is the Microsoft Purview portal—a unified, role-based interface that aggregates compliance and security solutions across Microsoft 365, replacing the separate Security & Compliance Center and other portals.
What is the Microsoft Purview Portal?
The Microsoft Purview portal (https://purview.microsoft.com) is the single, unified web-based interface for managing Microsoft's data security, compliance, and governance solutions. It was launched in April 2023 to replace the legacy Microsoft 365 compliance center (compliance.microsoft.com) and the security center (security.microsoft.com) for compliance-related tasks. The Purview portal is not a separate service but a new user experience that aggregates capabilities from Microsoft Purview (formerly known as Microsoft 365 Compliance) and Azure Purview (now part of Microsoft Purview Data Governance). The portal provides a consistent navigation, unified role-based access control (RBAC), and integrated workflows across solutions such as:
Data Loss Prevention (DLP)
Information Protection (sensitivity labels, encryption)
Insider Risk Management
eDiscovery (Standard and Premium)
Audit (Standard and Premium)
Records Management
Data Lifecycle Management
Communication Compliance
Data Catalog and Data Map (from Azure Purview)
How the Purview Portal Works Internally
Under the hood, the Purview portal is a thin client that communicates with multiple backend services via REST APIs. When a user navigates to the portal, the following occurs:
Authentication: The user is redirected to Azure Active Directory (now Microsoft Entra ID) for authentication. The portal uses modern authentication (OAuth 2.0) and supports conditional access policies.
Authorization: After authentication, the portal queries the Purview role-based access control (RBAC) engine to determine the user's permissions. Permissions are assigned via role groups (e.g., Compliance Administrator, eDiscovery Manager) or specific solution roles (e.g., DLP Manager). The portal dynamically shows or hides menu items based on the user's roles.
Data Fetching: Each page in the portal is a SPA (Single Page Application) that fetches data from the relevant backend service. For example, the DLP page fetches policies from the DLP service endpoint, while the Audit page queries the unified audit log. Data is rendered on the client side using React.
Unified Audit Log: All actions performed within the Purview portal (e.g., creating a DLP policy, running an eDiscovery search) are logged to the unified audit log. This ensures an immutable record of administrative activities.
Cross-Solution Integration: The portal enables workflows across solutions. For example, an insider risk alert can trigger a DLP policy investigation, and eDiscovery can hold content that is subject to a records management retention label. This integration is powered by shared data schemas and event-driven triggers.
Key Components, Values, and Defaults
- Role Groups: The Purview portal uses predefined role groups that grant permissions to multiple solutions. Key role groups include: - Compliance Administrator: Full access to all compliance features (except eDiscovery and some advanced features). - Data Investigator: View-only access to most compliance data. - eDiscovery Manager: Full access to eDiscovery cases, holds, and searches. - Insider Risk Management Admin: Full access to insider risk features. - Communication Compliance Admin: Full access to communication compliance policies. - Records Management: Full access to records management and retention labels. - Default Roles: By default, Global Administrators have all Purview permissions. However, Microsoft recommends using least-privilege roles. - Audit Retention: Standard audit logs are retained for 90 days; Audit (Premium) extends retention to 1 year (default) or up to 10 years with add-on licenses. - Data Location: The Purview portal itself is hosted in Microsoft's global datacenters, but customer data (e.g., DLP policies, retention labels) is stored in the tenant's home region. - Licensing Requirements: Many Purview features require specific licenses:
- DLP and Information Protection: Microsoft 365 E3/A3/G3 or higher. - Insider Risk Management: Microsoft 365 E5/A5/G5 or add-on. - eDiscovery (Premium): Microsoft 365 E5/A5/G5 or add-on. - Audit (Premium): Microsoft 365 E5/A5/G5 or add-on. - Communication Compliance: Microsoft 365 E5/A5/G5 or add-on.
Configuration and Verification Commands
While the Purview portal is primarily GUI-based, administrators can use PowerShell cmdlets from the Exchange Online PowerShell module or the Security & Compliance Center PowerShell (still functional for backward compatibility). Key cmdlets include:
To connect to Security & Compliance Center PowerShell:
Connect-IPPSSession -UserPrincipalName admin@contoso.comTo list available Purview role groups:
Get-RoleGroup | Where-Object {$_.RoleGroupType -eq 'Compliance'}To assign a user to a role group:
Add-RoleGroupMember -Identity "eDiscovery Manager" -Member user@contoso.comTo get audit log configuration:
Get-AdminAuditLogConfig | Format-List UnifiedAuditLogIngestionEnabledTo check DLP policy status:
Get-DlpCompliancePolicy | Format-Table Name, Mode, WorkloadNote: The classic Security & Compliance Center PowerShell is deprecated for new features. Microsoft recommends using the Microsoft Graph PowerShell SDK for advanced automation.
Interaction with Related Technologies
Microsoft Entra ID: The Purview portal uses Entra ID for authentication and conditional access. Role assignments can be managed via Entra ID admin center as well.
Microsoft 365 Defender: The Purview portal focuses on compliance and data governance, while the Microsoft 365 Defender portal (security.microsoft.com) focuses on security incidents and threat protection. They share some data (e.g., alerts) but have distinct scopes.
Azure Purview (Data Map): The Purview portal includes the Data Map and Data Catalog capabilities from Azure Purview, allowing organizations to scan and classify data across on-premises, multi-cloud, and SaaS sources. This is separate from Microsoft 365 Purview but integrated into the same portal.
Microsoft 365 Compliance Center (Legacy): The legacy compliance center (compliance.microsoft.com) still exists but is being phased out. New features are only available in the Purview portal. The legacy portal automatically redirects to Purview for most pages.
Microsoft 365 Admin Center: The admin center (admin.microsoft.com) provides tenant-wide settings, user management, and billing. Purview settings (e.g., role groups) can be accessed from the admin center via the "Roles" page, but the Purview portal provides a more focused compliance experience.
Step-by-Step Navigation and Roles
When you first access the Purview portal, you land on the Home page, which displays a dashboard of recent alerts, pending tasks, and compliance posture. The left navigation pane is organized into solution groups:
Solutions: Lists all Purview solutions (e.g., Data Loss Prevention, Information Protection, Insider Risk Management).
Data Catalog: For data governance and data map.
Settings: Tenant-wide settings for auditing, roles, and connectors.
Reports: Pre-built compliance reports and analytics.
Roles & scopes: Manage role groups and administrative units (scopes).
Each solution has its own sub-navigation. For example, under Data Loss Prevention, you'll find: - Overview: Dashboard with policy matches and alerts. - Policies: Create and manage DLP policies. - Alerts: View and triage DLP alerts. - Activity explorer: Detailed activity logs.
Common Misconfigurations
Incorrect role assignment: A common mistake is assigning the Global Administrator role to users who only need compliance permissions. This violates least-privilege and increases risk. Instead, use compliance-specific role groups.
Missing licenses: Some Purview features appear in the portal but require specific licenses. If a user tries to access a feature without the required license, they may see an error or the feature may be grayed out.
Audit log not enabled: The unified audit log must be enabled for many Purview features to work (e.g., DLP alerts, eDiscovery). By default, audit logging is enabled for Microsoft 365 tenants. Verify with Get-AdminAuditLogConfig.
Cross-tenant collaboration: When managing multiple tenants, the Purview portal does not natively support cross-tenant views. Administrators must switch tenants manually.
Access the Purview Portal
Navigate to https://purview.microsoft.com. If your organization has not yet transitioned, you may be redirected to the legacy compliance center. You can force the Purview portal by appending ?force=1 to the URL. The portal uses Azure AD authentication; ensure your account has the necessary licenses and role assignments. If you are a Global Administrator, you automatically have full access. For non-admins, the portal will only show solutions for which you have permissions.
Review the Home Dashboard
The Home page provides a summary of your compliance posture. It includes cards for active alerts, recent policy matches, pending tasks, and compliance score. Each card is clickable and takes you to the relevant solution. The dashboard is customizable—you can add or remove cards using the "Edit dashboard" button. The data shown is near real-time, updated every few minutes.
Navigate to a Solution (e.g., DLP)
Click on "Solutions" in the left navigation, then select "Data Loss Prevention". This opens the DLP overview page, which shows policy matches, alerts, and activity explorer. From here, you can create new policies, view existing ones, and configure settings. The DLP solution integrates with Microsoft 365 services like Exchange Online, SharePoint Online, OneDrive, Teams, and endpoints.
Check Role Assignments in Settings
Go to "Settings" > "Roles & scopes" to view all role groups. You can see which users are assigned to each role group. To add a user, click on a role group, then "Add member". You can also create custom role groups by combining permissions from multiple solutions. Note that changes may take up to 30 minutes to propagate across services.
Enable Audit (Premium) if Needed
Under "Settings" > "Audit", you can enable Audit (Premium) logging. This requires appropriate licensing (E5 or add-on). Once enabled, you can set retention policies for audit logs (up to 10 years). The audit log records all actions taken in the Purview portal and Microsoft 365 services. Use the "Audit" solution to search and export logs.
Create a Retention Label in Records Management
Navigate to "Solutions" > "Records Management" > "File plan" or "Label policies". Create a retention label with specific retention settings (e.g., keep for 7 years then delete). Then publish the label to locations like Exchange, SharePoint, or OneDrive. Labels can be auto-applied based on sensitive information types or trainable classifiers.
Enterprise Scenario 1: Global Law Firm with Data Residency Requirements
A large law firm with offices in the US, EU, and Asia needs to manage client data across jurisdictions while complying with GDPR, CCPA, and other regulations. They use the Purview portal to:
Create DLP policies that block sharing of sensitive legal documents (e.g., attorney-client privileged) outside the firm.
Apply retention labels to emails and documents based on practice area (e.g., litigation files retained for 7 years after case closure).
Use eDiscovery (Premium) to search for specific communications during litigation.
Configure Audit (Premium) to log all access to sensitive data for 5 years.
The firm assigns Compliance Administrators for each region, using role groups scoped to specific administrative units (e.g., US, EU). This ensures that EU administrators cannot see US data. Performance is generally good, but the portal can feel slow when searching large audit logs (millions of events). They mitigate this by using date ranges and filters. A common misconfiguration is forgetting to enable Audit (Premium) for all workloads, causing gaps in logging.
Enterprise Scenario 2: Retail Company with Insider Risk Concerns
A retail company with 50,000 employees uses Microsoft 365 E5 licenses. They are concerned about employees exfiltrating customer data or trade secrets. They deploy Insider Risk Management via the Purview portal:
They configure indicators for data theft (e.g., downloading large volumes of files, copying to personal cloud storage).
They set up communication compliance policies to monitor Teams chats and emails for harassment or confidential data sharing.
They use the Activity explorer to investigate suspicious behavior.
The HR department is given "Insider Risk Management Analyst" role to review alerts without access to other compliance features.
A challenge they face is tuning the risk indicators to reduce false positives. Initially, they received hundreds of alerts per day, overwhelming the HR team. They adjusted thresholds and added exclusion rules (e.g., exclude IT admins performing legitimate backups). The portal's built-in analytics helped them identify the most relevant indicators.
Enterprise Scenario 3: Healthcare Provider with Data Classification Needs
A healthcare provider must classify and protect patient health information (PHI) under HIPAA. They use:
Information Protection: Sensitivity labels auto-applied to documents containing PHI (e.g., patient records, lab results).
DLP: Policies that prevent sharing PHI via email or Teams with external parties.
Data Lifecycle Management: Retention policies for medical records (e.g., keep for 6 years after last patient visit).
They also use the Data Catalog from Azure Purview to scan on-premises file servers and classify data. The Purview portal provides a unified view of both cloud and on-premises data. A common mistake is not training users on sensitivity labels—users may override labels incorrectly, leading to misclassification. The provider uses mandatory labeling (via label policies) to enforce correct classification.
What Goes Wrong When Misconfigured
Overly broad roles: A user with Compliance Administrator role can delete retention policies, causing data loss. Least-privilege is critical.
Missing licensing: Attempting to use Insider Risk Management without E5 licenses results in errors or missing features.
Audit log disabled: Without audit logging, eDiscovery and DLP alerts cannot function properly.
Cross-tenant confusion: Administrators managing multiple tenants often forget to switch contexts, applying policies to the wrong tenant.
What MS-102 Tests on This Topic (Objective 3.3)
The MS-102 exam focuses on the Purview portal as the central management interface for compliance solutions. Specifically, Objective 3.3 (Security Threats) includes:
Understanding the Purview portal's role in managing Data Loss Prevention, Information Protection, Insider Risk Management, eDiscovery, and Audit.
Navigating the portal and identifying where to configure specific solutions.
Assigning roles and permissions using role groups.
Understanding licensing requirements for different Purview features.
Knowing the difference between the Purview portal, the legacy compliance center, and the Microsoft 365 Defender portal.
Common Wrong Answers and Why Candidates Choose Them
"The Purview portal replaces the Microsoft 365 admin center." — WRONG. The Purview portal replaces the compliance center, not the admin center. The admin center remains for user management, billing, and tenant-wide settings.
"All Purview features are available with Microsoft 365 E3." — WRONG. Many advanced features (Insider Risk Management, eDiscovery Premium, Audit Premium) require E5 or add-on licenses. E3 covers basic DLP and Information Protection.
"The Purview portal is the same as the Microsoft 365 Defender portal." — WRONG. The Defender portal focuses on security incidents and threat protection, while Purview focuses on compliance and data governance. They are separate but can share alerts.
"You can assign Purview roles only from the Purview portal." — WRONG. Roles can also be assigned from the Microsoft 365 admin center (Roles page) or via PowerShell. The Purview portal is one method.
Specific Numbers and Terms That Appear on the Exam
Audit retention: Standard 90 days; Premium 1 year (default), up to 10 years.
Role group names: Compliance Administrator, eDiscovery Manager, Insider Risk Management Admin, Communication Compliance Admin, Records Management.
Licensing: E3 for basic, E5 for advanced.
Portal URLs: purview.microsoft.com (new), compliance.microsoft.com (legacy), security.microsoft.com (Defender).
PowerShell module: Connect-IPPSSession for Security & Compliance Center.
Edge Cases and Exceptions
Hybrid deployments: The Purview portal can manage on-premises data via Azure Purview connectors, but this is an advanced scenario.
Government clouds: The Purview portal is available in GCC, GCC High, and DoD, but some features may be limited.
Multi-geo tenants: The portal automatically routes data to the correct geography, but administrators must be aware of data residency.
How to Eliminate Wrong Answers
If a question mentions "compliance" or "data governance," the answer likely involves Purview portal, not Defender.
If the question asks about "role assignment," look for options that mention role groups specific to compliance (e.g., Compliance Administrator).
If the question mentions "audit log retention," remember the 90-day standard vs. 1-year premium.
For licensing, remember that E3 is base, E5 is advanced.
The Microsoft Purview portal (purview.microsoft.com) is the unified interface for compliance and data governance, replacing the legacy compliance center.
Key solutions include DLP, Information Protection, Insider Risk Management, eDiscovery, Audit, Records Management, and Communication Compliance.
Role assignments are done via role groups (e.g., Compliance Administrator, eDiscovery Manager) and can take up to 30 minutes to propagate.
Audit (Standard) retains logs for 90 days; Audit (Premium) retains for 1 year (default) up to 10 years with add-on licenses.
Advanced Purview features require Microsoft 365 E5 or add-on licenses; E3 covers basic DLP and Information Protection.
The Purview portal is separate from the Microsoft 365 Defender portal (security.microsoft.com), which handles security incidents.
Use Connect-IPPSSession in PowerShell to manage Purview settings via cmdlets.
Cross-solution workflows are enabled (e.g., insider risk alerts triggering DLP investigations).
The portal supports conditional access policies from Microsoft Entra ID.
Data location for policies and labels is the tenant's home region.
These come up on the exam all the time. Here's how to tell them apart.
Purview Portal (purview.microsoft.com)
Unified interface for all compliance and data governance solutions.
New features are only available here.
Modern navigation with left-side solutions menu.
Integrates with Azure Purview Data Map.
Role-based access control with predefined role groups.
Legacy Compliance Center (compliance.microsoft.com)
Legacy interface, being phased out.
Limited to classic compliance features (e.g., eDiscovery, DLP).
Older navigation with top-level tabs.
No Azure Purview integration.
Uses older role model (e.g., Compliance Admin role in Exchange admin center).
Mistake
The Purview portal is the same as the Microsoft 365 compliance center.
Correct
The Purview portal is the new, unified interface that replaces the legacy compliance center. The legacy compliance center (compliance.microsoft.com) still exists but is being phased out. New features are only available in the Purview portal.
Mistake
All Purview features are available with any Microsoft 365 subscription.
Correct
Many advanced Purview features (e.g., Insider Risk Management, eDiscovery Premium, Audit Premium, Communication Compliance) require Microsoft 365 E5 or add-on licenses. E3 covers basic DLP, Information Protection, and retention policies.
Mistake
The Purview portal can manage security incidents like Defender.
Correct
The Purview portal focuses on compliance and data governance. Security incident management (e.g., threat investigation, response) is handled in the Microsoft 365 Defender portal (security.microsoft.com). They are separate tools.
Mistake
Role assignments in the Purview portal are immediate.
Correct
Role assignments can take up to 30 minutes to propagate across all Microsoft 365 services. This is due to caching and replication delays.
Mistake
The Purview portal requires no additional licensing beyond Microsoft 365 E3.
Correct
While the portal itself is accessible, many solutions within it require specific licenses. For example, Audit (Premium) requires E5 or add-on. Without the license, the solution may appear but be non-functional.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The URL is https://purview.microsoft.com. This is the new unified portal for compliance and data governance. The legacy compliance center (compliance.microsoft.com) still exists but is being deprecated. If you are redirected to the legacy portal, you can force the Purview portal by appending ?force=1 to the URL.
Basic features like DLP, Information Protection, and retention policies are included with Microsoft 365 E3/A3/G3. Advanced features such as Insider Risk Management, eDiscovery (Premium), Audit (Premium), and Communication Compliance require Microsoft 365 E5/A5/G5 or add-on licenses. Always verify licensing before deploying a feature.
Go to Settings > Roles & scopes in the Purview portal. You can view existing role groups (e.g., Compliance Administrator, eDiscovery Manager) and add members. Alternatively, you can use the Microsoft 365 admin center (Roles page) or PowerShell (Add-RoleGroupMember cmdlet). Changes may take up to 30 minutes to propagate.
The Purview portal (purview.microsoft.com) is for compliance and data governance—managing DLP, retention, eDiscovery, etc. The Microsoft 365 Defender portal (security.microsoft.com) is for security incident management—threat investigation, response, and advanced hunting. They share some data (e.g., alerts) but have distinct purposes.
Yes, you can use the Exchange Online PowerShell module (Connect-IPPSSession) to manage many Purview settings, such as DLP policies, retention policies, and role groups. For advanced automation, Microsoft recommends the Microsoft Graph PowerShell SDK.
Standard audit logs are retained for 90 days. With Audit (Premium) licensing (E5 or add-on), retention is 1 year by default, and you can extend it up to 10 years using retention policies. Audit (Premium) also provides higher bandwidth and more detailed logs.
The feature may appear in the portal but will be non-functional or grayed out. You may see an error message indicating that a license is required. To use the feature, you must assign the appropriate license to the user or the tenant.
You've just covered Microsoft Purview Portal Overview — now see how well it sticks with free MS-102 practice questions. Full explanations included, no account needed.
Done with this chapter?