Which tool to use for Data Discovery (as part of AIP)?

Shim Kwan 286 Reputation points


According to previous questions on this forum and the responses from Microsoft, once we have the E5 license (or AIP equivalent license), the built-in data classifier runs (by itself) and we see results in the Content Explorer of the detected sensitive data types (https://compliance.microsoft.com/dataclassification?viewid=contentexplorer).
In other words, without any configuration on our part, we right away see the different Sensitive Info Types across various location in our tenant (not all location though).


So does this mean we do not need to create an Information Protection 'Discovery' Policy in Defender for Cloud Apps (as circled in the screenshot below)


Thank you,

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
527 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 30,851 Reputation points Microsoft Employee

    @Shim Kwan

    Thank you for reaching out to us. As I understand from your query your ask is why to create a policy in Defender for Cloud app portal when data is discovered/classified in Exchange/SharePoint/OneDrive/Teams apps.

    Now a days, organization moves all important data to the cloud and has mandated cloud storage to be the primary data repository for new data ( like box, dropbox etc ).

    Microsoft Defender for Cloud Apps provides you with an expansive suite of DLP capabilities that cover the various data leak points that exist in organization, so the policies created in Defender for cloud apps portal will help in protecting/classify/discovering data applying the policies.

    Let me know if my understanding of the issue is incorrect or you have any further question.

    Reference: https://learn.microsoft.com/en-us/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps