Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Data lifecycle management
Rules-based automatic retention policies
Automatically apply retention or deletion rules to student and staff data based on location, content type, or user attributes, helping educational institutions meet regulatory and archival requirements.
- Automatically apply a retention label to Microsoft 365 items
- Learn how to automatically apply retention labels based on conditions like sensitive information types, keywords, or trainable classifiers. Includes simulation mode and policy configuration steps
- Automatically retain or delete content by using retention policies
- Guide to creating retention policies that automatically retain or delete content across Microsoft 365 workloads like Exchange, SharePoint, and Teams
- Learn about retention policies & labels to retain or delete
- Overview of Microsoft 365 retention capabilities, including the differences between retention labels and policies, and how to use them together
Machine Learning-based retention
Uses machine learning to intelligently identify and retain educational content—such as student records or sensitive communications—based on patterns and context rather than static rules.
- Auto Apply Retention Labels in Office 365 Using Content Types and Metadata
- Explains how to automatically apply retention labels using metadata, content types, and trainable classifiers. Includes licensing details and implementation tips.
- Configure Microsoft 365 retention settings
- Overview of how to configure retention policies and labels to automatically retain or delete data across Microsoft 365
- Get started with trainable classifiers
- Learn how to train classifiers to recognize content types and apply retention labels based on machine learning
Records management
Enables schools to declare content as official records, apply regulatory-grade retention labels, and manage disposition reviews to ensure compliance with FERPA, GDPR, and institutional policies.
- Get started with records management in Microsoft 365
- Step-by-step guidance for setting up records management using retention labels, policies, and file plans in Microsoft Purview
- Records management for documents and emails in Microsoft 365
- Overview of how Microsoft Purview Records Management supports legal, business, and regulatory record-keeping requirements
- Manage records in Microsoft Purview - Training Module
- Microsoft Learn training module on using intelligent classification and automation for managing records
Data Loss Prevention (DLP)
DLP for Teams chat
Applies data loss prevention policies to Microsoft Teams messages, helping schools prevent the sharing of sensitive information like student IDs or health data in chat environments.
- Data loss prevention and Microsoft Teams
- Explains how DLP policies help prevent sharing sensitive information in Teams chats, channels, and shared documents. Covers guest access, external access, and shared channel scenarios.
- Learn about the default DLP policy in Microsoft Teams
- Describes the default DLP policy automatically created for new Microsoft Teams customers in the Microsoft Purview portal
- Learn about data loss prevention
- General overview of DLP in Microsoft Purview, including policy creation, monitoring, and protection across Microsoft 365 services.
Endpoint DLP
Extends data loss prevention to Windows 10/11 devices, allowing schools to monitor and restrict actions like copying to USB or printing sensitive student or faculty data.
- Get started with Endpoint DLP
- Step-by-step guide to onboard devices and begin monitoring sensitive data activity on Windows and macOS endpoints
- Learn about Endpoint DLP
- Overview of Endpoint DLP capabilities, supported platforms, and how it extends Microsoft Purview DLP to endpoint devices.
- Configure Endpoint DLP settings.
- Instructions for managing global settings that control Endpoint DLP behavior across all policies.
Meeting, Calling, Chat
Teams Phone Standard
Microsoft Teams Phone Standard for Education is a cloud-based telephony add-on license for Microsoft Teams that transforms it into a full-featured PBX system, enabling faculty, staff, and administrators to make and receive PSTN calls, use voicemail, call queues, and auto attendants—all integrated within Teams for secure, flexible communication across campuses and remote environments.
- Teams Phone features – Microsoft Learn
- All Microsoft Teams Product Plans
- Microsoft Teams Add-on Licensing
Audio Conferencing
Microsoft Teams Audio Conferencing for Education enables students, faculty, and staff to join Teams meetings via traditional telephone lines—by dialing in or using the "call me" feature—supporting inclusive, flexible participation in hybrid learning environments, especially where internet access is limited.
Analytics
Power BI Pro
Power BI Pro in education enables educators and administrators to create, share, and collaborate on interactive data visualizations and reports to drive data-informed decisions across schools and institutions.
- Get Data with Power BI Desktop – Microsoft Learn
- Virtual Workshops and Training to Get Started with Power BI
eDiscovery and Auditing
eDiscovery (Premium)
Provides advanced case management, machine learning-based content review, and legal hold capabilities to support investigations into student misconduct, data breaches, or compliance violations.
- Overview of Microsoft Purview eDiscovery (Premium)
- Provides a comprehensive overview of eDiscovery (Premium), including its end-to-end workflow for preserving, collecting, analyzing, reviewing, and exporting content across Microsoft 365
- Get started with eDiscovery (Premium)
- Step-by-step guidance to begin using eDiscovery (Premium) for internal and external investigations.
- Create and manage an eDiscovery (Premium) case
- Instructions for setting up and managing cases, including legal hold and custodian management.
Audit (Premium)
Captures detailed logs of user and admin activity across Microsoft 365—including file access and permission changes—supporting forensic investigations and long-term compliance audits in education.
- Learn about auditing solutions in Microsoft Purview
- Overview of Audit (Standard) and Audit (Premium), including retention policies, intelligent insights, and access to the Office 365 Management Activity API.
- Get started with auditing solutions
- Step-by-step guidance to begin using Microsoft Purview Audit (Premium) for tracking user and admin activity across Microsoft services
- Search the audit log
- Instructions for using the audit search tool in the Microsoft Purview portal to locate and export audit records
Identity and Access Management
Microsoft Entra ID Protection
Detects and responds to identity-based risks such as compromised student or faculty accounts using risk-based conditional access and automated remediation to protect educational environments.
- Microsoft Entra ID Protection Overview
- Learn how Microsoft Entra ID Protection detects, investigates, and remediates identity-based risks using real-time signals and automation
- Microsoft Entra ID Protection Documentation Hub
- Centralized hub for all Microsoft Entra ID Protection documentation, including setup, policies, and API usage
- What are risks in Microsoft Entra ID Protection
- Detailed explanation of risk types, detection methods, and how to interpret risk signals in your tenant
Microsoft Entra ID Plan 2
Microsoft Entra ID Plan 2 in education provides advanced identity governance, risk-based conditional access, and lifecycle management tools to help schools and universities secure user access, automate identity processes, and ensure compliance across their digital environments.
Information Protection
Azure Information Protection Plan 2 (AIP)
Microsoft Azure Information Protection Plan 2 in education is an advanced data classification and protection solution within Microsoft Purview that enables educational institutions to automatically discover, label, and protect sensitive information—such as student records and research data—across cloud and on-premises environments, with capabilities like document tracking, revocation, and content-aware labeling.
- Azure Information Protection Service Description
- What is Azure Information Protection?
- AIP Plan 2 Functionality and Pricing
Automatic sensitivity labeling in Microsoft 365 apps
Automatically applies sensitivity labels to documents and emails in apps like Word, Excel, PowerPoint, and Outlook based on content, helping educators and students protect sensitive data without manual intervention.
- Automatically Apply a Sensitivity Label
- Manage Sensitivity Labels in Office Apps
- Learn About Sensitivity Labels
Automatic sensitivity labels in Exchange, SharePoint, and OneDrive
Uses service-side policies to automatically label data at rest in SharePoint and OneDrive, and data in transit in Exchange Online, ensuring consistent protection of educational content across platforms.
- Automatically Apply a Sensitivity Label
- Enable Sensitivity Labels in SharePoint and OneDrive
- Get Started with Sensitivity Labels
- Recommended Auto-Labeling Methods
Default sensitivity labels for SharePoint document libraries
Allows educational institutions to configure default sensitivity labels for SharePoint libraries so that all uploaded or created documents inherit a baseline level of protection automatically.
- Configure Default Sensitivity Label
- Add Sensitivity Label to Library
- Troubleshooting Default Labeling
Sensitivity labels based on advanced classifiers (for example, Trainable Classifiers, EDM, Named Entities, Contextual)
Enables automatic labeling of educational data using AI-driven classifiers that detect patterns like student IDs, names, or contextual behavior, enhancing compliance with FERPA and institutional policies.
- Trainable Classifiers Overview
- Learn about sensitivity labels
- Apply Sensitivity Labels Automatically
Advanced Message Encryption
Provides enhanced email protection by allowing senders in education to revoke access, set expiration dates, and require authentication for sensitive messages shared externally.
- Advanced Message Encryption | Microsoft Learn
- Overview of AME features, licensing, branding, and policy configuration.
- Microsoft Purview Message Encryption | Microsoft Learn
- General documentation on Microsoft Purview Message Encryption.
- Office 365 Message Encryption Overview
- High-level overview of encryption capabilities in Microsoft 365.
Customer Key
Gives educational institutions control over their own encryption keys used to protect Microsoft 365 data, ensuring that only authorized access is permitted—even by Microsoft.
- Manage Customer Key - Microsoft Purview | Microsoft Learn
- Covers lifecycle management, revocation, and exit planning for Customer Key deployments.
- Set up Microsoft Purview Customer Key for Windows 365 Cloud PCs
- Specific instructions for encrypting Cloud PC disks, snapshots, and images using Customer Key
Viva Insights
Premium Personal Insights and Experience
Viva Insights Premium Personal Insights and Experience in education empowers educators and staff with data-driven, privacy-protected insights to improve well-being, productivity, and work habits—fostering a healthier and more effective learning environment.
Insider risk management
Purview - Privileged Identity Management
Microsoft Purview Privileged Identity Management (PIM) is a Microsoft Entra ID feature that enables educational institutions to manage, control, and monitor privileged access to critical resources—such as Microsoft 365, Azure, Intune, and other Microsoft Online Services—through just-in-time, approval-based, and time-bound role activation, helping reduce the risk of excessive, unnecessary, or misused access in dynamic academic environments.
What is Microsoft Entra Privileged Identity Management?
Purview - Privileged Access Management
Privileged Access Management (PAM) in education is a Microsoft Entra ID and Microsoft Purview feature that enforces just-in-time and approval-based access to critical systems like Microsoft 365 and Azure, helping institutions reduce standing privileges, enhance compliance, and protect sensitive student and faculty data from misuse or breach.
- Learn about privileged access management
- Get started with privileged access management
- What is privileged access management (PAM)?
- What is Privileged Access Management (PAM)? – Microsoft Security
- Privileged Access Management for Active Directory Domain Services
- Deploying a Privileged Access Solution
- Privileged Access Workstations (PAW)
Insider Risk Management
Microsoft Insider Risk Management in education is a Microsoft 365 A5 compliance solution that uses machine learning and behavioral analytics to detect, investigate, and mitigate internal risks—such as data leaks, policy violations, and insider threats—while preserving student and faculty privacy and supporting regulatory compliance like FERPA and GDPR.
- Insider Risk Management Setup Guide
- Risk Identification and Assessment Training
- Microsoft 365 Education Service Descriptions
Communication Compliance
Microsoft Communication Compliance in education is a Microsoft 365 A5 feature that uses machine learning, keyword detection, and policy-based rules to monitor and remediate inappropriate or non-compliant communications across platforms like Teams, Exchange, and Yammer—helping institutions detect bullying, harassment, and policy violations while supporting FERPA, Title IX, and institutional codes of conduct.
- Communication Compliance Overview
- Configure Communication Compliance for AI
- Microsoft 365 Security & Compliance Licensing Guidance
- Microsoft Learn for Educators Community
Customer Lockbox
Microsoft Customer Lockbox in education is a Microsoft 365 A5 compliance feature that ensures Microsoft engineers can't access student or institutional data during support operations without explicit approval from the organization, providing an added layer of control and transparency for sensitive educational environments.
- Customer Lockbox Requests – Microsoft Purview
- Microsoft Entra Permissions Reference
- Multi-Tenant Architecture for EDU
- Microsoft 365 Education Service Descriptions
Threat Protection
Safe Documents
Microsoft Safe Documents in education is a premium security feature in Microsoft 365 A5 that automatically scans Office files opened in Protected View using Microsoft Defender for Endpoint’s cloud intelligence, helping protect students and educators from malicious content without requiring local antivirus installation.
- Safe Documents in Microsoft 365 A5
- Teams for Education Policy Wizard
- Microsoft Security Resources
- Microsoft 365 Security & Compliance Licensing Guidance
Microsoft Defender for Endpoint Plan 2
Microsoft Defender for Endpoint Plan 2 enhances security in education by adding advanced threat detection, endpoint detection and response (EDR), threat analytics, and automated investigation and remediation capabilities.
- Microsoft Defender for Endpoint Overview
- Microsoft Defender for Endpoint P2 for Students
- Microsoft 365 Education - Service Descriptions
- Student EndPoint Information
Microsoft Defender for Identity
Microsoft Defender for Identity is a cloud-based security solution included in Microsoft 365 A5 for Education that helps schools detect and investigate identity-based threats by analyzing signals from on-premises Active Directory and cloud environments to protect students, faculty, and infrastructure from advanced cyberattacks and insider threats.
- Microsoft Defender for Identity Overview
- Deploy Microsoft Defender for Identity
- Microsoft 365 for Education Cybersecurity Solutions
Microsoft Defender for Office 365 Plan 2
Microsoft Defender for Office 365 Plan 2 for Education is an advanced threat protection solution included in Microsoft 365 A5 that builds on Plan 1 by adding automated investigation, response, threat simulation, and campaign views to help educational institutions detect, analyze, and respond to sophisticated email and collaboration-based attacks.
- Microsoft Defender for Office 365 Overview
- Microsoft 365 for Education Cybersecurity Solutions
- Microsoft 365 Education Service Descriptions
- Deep dive into Plan 2 features like Threat Explorer, Campaign Views, and Automated Investigation and Response (AIR)
Microsoft Defender Application Guard for Office
Microsoft Defender Application Guard for Office uses hardware-based isolation to open untrusted Word, Excel, and PowerPoint files in a secure container, protecting students and educators from potential threats while maintaining productivity in Microsoft 365 Education environments.
A5 - Advanced (Student Use)
The Microsoft Student Use Benefit allows educational institutions to provide students with free access to certain Microsoft products—like Microsoft 365, Microsoft Entra ID P1/P2, and Intune—based on the number of paid faculty or staff licenses, under qualifying academic agreements such as OVS-ES, EES, or CSP.
Automation, app building, chatbots
Cloud access Security Broker
App Governance in Defender for Cloud Apps (Only A5)
App Governance in Microsoft Defender for Cloud Apps empowers educational institutions to monitor, assess, and control third-party OAuth apps connected to Microsoft 365, helping protect student and staff data from risky or non-compliant applications.
- Overview of App Governance in Microsoft Defender for Cloud Apps
- Get Started with App Governance
- Create App Governance Policies
Email, Calendar, scheduling
- Exchange Plan 2 (100 GB mailbox + up to 1.5 TB archive)
- Auto-expanding email archive
- Microsoft Bookings
Identity and Access Management, student use
- Cloud user self-service password reset
- Hybrid user self-service password change/reset with on premises write-back
- Advanced Security Reports
- DirectAccess supported
- Microsoft Advanced Threat Analytics
Risk Based Conditional Access / Identity Protection (Only A5)
Risk-based Conditional Access in Microsoft Entra ID (formerly Azure AD) for Education dynamically evaluates user and sign-in risk to enforce adaptive access policies, helping protect student and faculty data while maintaining a seamless learning experience.
- Sign-in Risk-Based Conditional Access Policy
- Overview of Conditional Access in Microsoft Entra ID
- Remediate Risks and Unblock Users
Access Reviews (Only A5)
Access Reviews in Microsoft Entra ID help educational institutions regularly validate who has access to groups, apps, and resources—ensuring only the right students, faculty, and staff retain access, supporting security, compliance, and governance goals.
- Overview of Access Reviews in Microsoft Entra
- Plan a Microsoft Entra Access Reviews Deployment
- Review Recommendations for Access Reviews
Entitlement Management (Only A5)
Entitlement Management in Microsoft Entra ID enables educational institutions to automate and govern access to resources like Teams, SharePoint, and applications through access packages, ensuring the right students, faculty, and guests have timely and compliant access.