Your organization is implementing a data loss prevention (DLP) strategy using Microsoft Purview. The compliance team needs to automatically classify and label sensitive data in Microsoft 365, Azure SQL Database, and Amazon S3. Which Purview feature should you use?
Data Map scans and classifies data across on-prem, Azure, and other clouds.
Why this answer
Microsoft Purview Data Map is the correct choice because it provides unified data governance across hybrid and multi-cloud environments, including Microsoft 365, Azure SQL Database, and Amazon S3. It automatically scans, classifies, and labels sensitive data using built-in classifiers and sensitivity labels, enabling consistent DLP policies across these disparate data sources.
Exam trap
The trap here is that candidates often confuse the scanning and classification capabilities of Microsoft Purview Data Map with the labeling and protection features of Microsoft Purview Information Protection, but the Data Map is the service that actually discovers and classifies data across multiple clouds, while Information Protection applies the labels after classification.
How to eliminate wrong answers
Option B is wrong because Microsoft Purview Information Protection focuses on applying sensitivity labels and encryption to data within Microsoft 365 and Azure, but it does not natively scan or classify data in Amazon S3. Option C is wrong because Microsoft Purview Records Management is designed for managing retention, disposition, and legal hold of records, not for automatic classification and labeling of sensitive data across multi-cloud sources. Option D is wrong because Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that provides threat protection and visibility for cloud apps, but it does not perform automatic data classification and labeling across Microsoft 365, Azure SQL, and Amazon S3 as a primary function.