Microsoft Purview service description
Microsoft Purview is a comprehensive set of solutions that can help your organization govern, protect, and manage data, wherever it lives. Microsoft Purview solutions provide integrated coverage and help address the fragmentation of data across organizations, the lack of visibility that hampers data protection and governance, and the blurring of traditional IT management roles.
Available plans
For the purposes of this article, a tenant-level service is an online service that is activated in part or in full for all users in the tenant (standalone license and/or as part of a Microsoft 365 or Office 365 plan). Though some tenant services are currently not capable of limiting benefits to specific users, appropriate subscription licenses are required for use of each online service. To review the terms and conditions governing the use of Microsoft products and Professional Services acquired through Microsoft Licensing programs, see the Product Terms.
To view how users benefit from Microsoft 365 features, download the Microsoft 365 Comparison table for Enterprise and Frontline Workers Plans or the Microsoft 365 Comparison table for Small and Medium Business Plans.
For detailed plan information on subscriptions that enable users for Microsoft 365 features and are currently available in European Economic Area (EEA) countries and Switzerland, see the Microsoft 365 business plan comparison for EEA and Microsoft 365 Enterprise plan comparison for EEA.
Feature availability
Microsoft Purview Audit (Standard)**
Microsoft Purview Audit (Standard) provides you with the ability to log and search for audited activities and power your forensic, IT, compliance, and legal investigations. To learn more, see Learn about auditing solutions in Microsoft Purview.
| Feature | Microsoft 365 E5 + Microsoft 365 Copilot | Microsoft 365 E3 + Microsoft 365 Copilot | Microsoft 365 E5/A5/G5 |
|---|---|---|---|
| Audit (Standard) | Yes | Yes | Yes |
| Audit (Standard) for Microsoft 365 Copilot interactions | Yes | Yes | No |
Microsoft Purview Audit (Premium)
Audit (Premium) (formerly named Microsoft 365 Advanced Audit) provides one-year retention of audit logs for user and admin activities and provides the ability to create custom audit log retention policies to manage audit log retention for other Microsoft 365 services. It also provides access to crucial events for investigations and high-bandwidth access to the Office 365 Management Activity API.
Users benefit from Audit (Premium) because audit records related to user activity in Microsoft 365 services can be retained for up to one year. Additionally, high-value auditing events are logged, such as when items in a user's mailbox are accessed or read.
By default, Audit (Premium) is enabled at the tenant level for all users that benefit from the service, and automatically provides one-year retention of audit logs for activities (performed by users with the appropriate license) in Microsoft Entra ID, Exchange, and SharePoint.
Additionally, organizations can use audit log retention policies to manage the retention period for audit records generated by activity in other Microsoft 365 services.
One-year retention of audit logs and the auditing of crucial events only apply to users with the appropriate license. Additionally, admins can use audit log retention policies to specify shorter retention durations for the audit logs of specific users.
10-year retention of audit logs only applies to users with the appropriate add-on license.
| Feature | Microsoft 365 E5 + Microsoft 365 Copilot | Microsoft 365 E3 + Microsoft 365 Copilot | Microsoft 365 E5 Compliance + Copilot1 Microsoft 365 E5 eDiscovery & Audit + Copilot1 | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/F5/G5 Compliance, Microsoft 365 F5 Security & Compliance, Microsoft 365 E5/A5/F5/G5 eDiscovery and Audit, Office 365 E5/A5/G5 |
|---|---|---|---|---|
| Audit (Premium) | Yes | No | Yes | Yes |
| Audit (Premium) for Microsoft 365 Copilot interactions | Yes | No | Yes | No |
For more information about Audit, check out the following resources:
- For more information, see Audit (Premium) and Audit (Standard).
- Users benefit from Audit (Premium) because audit records related to user activity in Microsoft 365 services can be retained for up to one year. Additionally, high-value auditing events are logged, such as when items in a user's mailbox are accessed or read.
- The 10-year Audit Log Retention functionality is also enabled using the same retention policies. For more information, see Manage audit log retention policies.
Microsoft Purview Communications Compliance
Microsoft Purview Communication Compliance is an insider risk solution that helps you detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within your organization. Communication compliance evaluates text and image-based messages in Microsoft and third-party apps (Teams, Copilot for Microsoft 365, Viva Engage, Outlook, WhatsApp, etc.) for potential business policy violations including inappropriate sharing of sensitive information, threatening or harassing language as well as potential regulatory violations (such as stock and capital manipulations).
Communication compliance's mission is to foster safe and compliant communications across customers' enterprise communication channels. With role-based access controls, human investigators can take remediation actions such as removing a message from Teams or notifying senders of potentially inappropriate conduct.
Communication compliance uses machine learning models and keyword matching to identify messages containing potential business conduct or regulatory policy violations that are then reviewed by an investigator. Communication compliance cultivates user privacy with pseudonymization and responsible use of the product by providing role-based access controls.
| Feature | Microsoft 365 E5 + Microsoft 365 Copilot | Microsoft 365 E5 Compliance + Microsoft 365 Copilot | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance, and Microsoft 365 E5/A5/F5/G5 Insider Risk Management | Office 365 E5/A5/G5 |
|---|---|---|---|---|
| Communication Compliance | Yes | Yes | Yes | Yes |
| Microsoft Copilot for Microsoft 365 prompt and response analysis | Yes | Yes | No | No |
| Microsoft Teams chats | Yes | Yes | Yes | Yes |
| Viva Engage conversations | Yes | Yes | Yes | Yes |
| Exchange Online emails | Yes | Yes | Yes | Yes |
For more information, see Get started with communication compliance.
Microsoft Purview Compliance Manager
Compliance Manager is a feature in the Microsoft Purview compliance portal that helps you manage your organization’s compliance requirements with greater ease and convenience. Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.
Compliance Manager helps simplify compliance and reduce risk by providing:
- Prebuilt assessments for common industry and regional standards and regulations.
- Workflow capabilities to help you efficiently complete your risk assessments through a single tool.
- Detailed step-by-step guidance on suggested improvement actions to help you comply with the standards and regulations that are most relevant for your organization. For actions that are managed by Microsoft, you’ll see implementation details and audit results.
- A risk-based compliance score to help you understand your compliance posture by measuring your progress in completing improvement actions.
Compliance Manager is available to organizations with Office 365 and Microsoft 365 licenses, and to US Government Community Cloud (GCC), GCC High, and Department of Defense (DoD) customers. Assessment availability and management capabilities depend on your licensing agreement.
| Feature | Office 365 and Microsoft 365 licenses, and to US Government Community Cloud (GCC), GCC High, and Department of Defense (DoD) customers |
|---|---|
| Compliance Manager | Yes |
Learn more about the list of premium templates for Compliance Manager.
Microsoft Purview Customer Lockbox
Customer Lockbox provides an additional layer of control by offering customers the ability to give explicit access authorization for service operations. By demonstrating that procedures are in place for explicit data access authorization, Customer Lockbox may also help organizations meet certain compliance obligations such as HIPAA and FedRAMP.
Customer Lockbox ensures that no one at Microsoft can access customer content to perform a service operation without the customer's explicit approval. Customer Lockbox brings the customer into the approval workflow for requests to access their content. Occasionally, Microsoft engineers are involved during the support process to troubleshoot and fix customer-reported issues. In most cases, issues are fixed through extensive telemetry and debugging tools that Microsoft has in place for its services. However, there may be cases that require a Microsoft engineer to access customer content to determine the root cause and fix the issue. Customer Lockbox requires the engineer to request access from the customer as a final step in the approval workflow. This gives organizations the option to approve or deny these requests, which gives them direct control over whether a Microsoft engineer can access the organizations' end-user data. Admins can turn on Customer Lockbox in the Microsoft 365 admin center.
When Customer Lockbox is turned on, Microsoft is required to obtain an organization's approval prior to accessing any of their content.
| Feature | Office 365 E5/A5/G5 | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance, and Microsoft 365 E5/A5/F5/G5 Insider Risk Management |
|---|---|---|
| Customer Lockbox | Yes | Yes |
For more information, see Customer Lockbox.
Microsoft Purview Data Connectors
Microsoft provides third-party data connectors that can be configured in the Microsoft Purview compliance portal. For a list of data connectors provided by Microsoft, see the Third-party data connectors table. This table also summarizes the compliance solutions that you can apply to third-party data after you import and archive data in Microsoft 365, and links to the step-by-step instructions for each connector.
The primary benefit of using Data Connectors (formerly named Microsoft 365 Data Connectors) to import and archive third-party data in Microsoft 365 is that you can apply various Microsoft Purview solutions to the data after it's been imported. This helps ensure that your organization's non-Microsoft data is in compliance with the regulations and standards that affect your organization.
For data connectors in the Microsoft Purview compliance portal that are provided by a Microsoft partner, your organization will need a business relationship with the partner before you can deploy those connectors.
Data Connectors services are a tenant-level value. Every user intended to benefit from this service must be licensed.
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/F5/G5 Information Protection & Governance, Microsoft 365 E5/A5/G5/F5 Compliance, Microsoft 365 F5 Security & Compliance, Microsoft 365 E5/A5/F5/G5 Insider Risk Management, Microsoft 365 E5/A5/F5/G5 eDiscovery and Audit | Office 365 E5/A5/G5 |
|---|---|---|
| Data Connectors | Yes | Yes |
Microsoft Purview Data Lifecycle & Records Management
For more information, see: Microsoft Purview Data Lifecycle and Records Management service description - Service Descriptions | Microsoft Learn
Microsoft Data Loss Prevention Endpoint Data Lost Protection (DLP)
Endpoint data loss prevention (Endpoint DLP) extends the activity detection and protection capabilities of DLP to sensitive items that are physically stored on Windows 10, Windows 11, and macOS (Catalina 10.15 and higher) devices.
Organizations can use Microsoft Purview Data Loss Prevention (DLP) to detect activity on items determined to be sensitive and to help prevent the unintentional sharing of those items. For more information on DLP, see Learn about data loss prevention.
Endpoint data loss prevention (Endpoint DLP) extends the activity detection and protection capabilities of DLP to sensitive items that are physically stored on Windows 10, Windows 11, and macOS (Catalina 10.15 and higher) devices.
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/F5/G5 Compliance and F5 Security & Compliance, Microsoft 365 E5/A5/F5/G5 Information Protection & Governance |
|---|---|
| Endpoint Data Loss Prevention (DLP) | Yes |
For more information, see Get started with Endpoint data loss prevention - Microsoft Purview (compliance) | Microsoft Docs and Learn about data loss prevention - Microsoft Purview (compliance) | Microsoft Docs.
Using the Microsoft Purview compliance portal, Endpoint DLP policies can be scoped to users logging into onboarded devices. Policies are evaluated when a scoped user logs onto an onboarded device. Please review the Microsoft Endpoint DLP interactive guide for devices for more details.
For more information about using DLP policies, see Overview of data loss prevention.
Microsoft Purview Data Loss Prevention (DLP) for Teams
With DLP for Teams, organizations can block chats and channel messages that contain sensitive information, such as financial information, personally identifying information, health-related information, or other confidential information.
Senders benefit by having sensitive information in their outgoing chat and channel messages inspected for sensitive information, as configured in the organization's DLP policy.
By default, Teams chat and channel messages are an enabled Location (workload) for these DLP features for all users within the tenant. To enable Data Loss Prevention for Teams, the “Microsoft Communications DLP” service must be selected under one of the above licenses in the Microsoft 365 Administration portal.
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance, Microsoft 365 E5/A5/F5/G5 Information Protection and Governance | Office 365 E5/A5/G5 |
|---|---|---|
| Purview Data Loss Prevention (DLP) for Teams | Yes |
Microsoft Purview Data Loss Prevention Graph APIs for Teams Data Loss Prevention (DLP) and for Teams Export
These APIs let developers build Security and Compliance apps that can “listen” to Microsoft Teams messages in near-real time or export teams messages in 1:1/group chat or Teams channels. These APIs enable DLP and other Information Protection and Governance scenarios for both customers and ISVs. Additionally, Microsoft Graph Patch API allows applying DLP actions to Teams messages.
Data loss prevention (DLP) capabilities are widely used in Microsoft Teams, particularly as organizations have shifted to remote work. If your organization has DLP, you can now define policies that prevent people from sharing sensitive information in a Microsoft Teams channel or chat session.
Information protection and governance capabilities are widely used in Microsoft Teams, particularly as organizations have shifted to remote work. With Teams Export API, data can be exported to a third-party eDiscovery or Compliance Archiving application to ensure compliance practices are met.
API access is configured at the tenant level. To enable Microsoft Graph APIs for Teams DLP, the “Microsoft Communications DLP” service must be selected under one of the above licenses in the Microsoft 365 Administration.
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/F5/G5 Compliance and Microsoft 365 F5 Security & Compliance, Microsoft 365 E5/A5/F5/G5 Information Protection and Governance | Office 365 E5/A5/G5 |
|---|---|---|
| Purview Data Loss Prevention Graph APIs for Teams Data Loss Prevention (DLP) and for Teams Export | Yes |
For more information on the seeded capacity and consumption fees, see Graph requirements for accessing chat messages.
Microsoft Purview eDiscovery
eDiscovery (Standard) enables you to create eDiscovery cases and assign eDiscovery managers to specific cases. eDiscovery managers can only access the cases of which they are members. eDiscovery (Standard) also lets you associate searches and exports with a case and lets you place an eDiscovery hold on content locations relevant to the case.
eDiscovery (Premium) provides an end-to-end workflow to preserve, collect, analyze, review, and export content that's responsive to your organization's internal and external investigations. It also lets legal teams manage the entire legal hold notification workflow to communicate with custodians involved in a case.
By default, eDiscovery features are enabled at the tenant level for all users within the tenant when admins assign eDiscovery permissions in the Microsoft Purview compliance portal.
Though some tenant services aren't currently capable of limiting benefits to specific users, appropriate subscription licenses are required for use of each online service. To review the terms and conditions governing the use of Microsoft products and Professional Services acquired through Microsoft Licensing programs, see the Product Terms.
Here are examples of users in your organization benefiting from the service:
- Custodians (any users) that are part of a case that's placed on hold or who are custodians of data sources that are part of a Search, Collection, or Review set.
- Owners and members of a SharePoint site that is on hold or contains content that is part of a Search, Collection, or Review set.
- Owners of Exchange mailboxes that are placed on hold or contain content that is part of a Search, Collection, or Review set.
- Owners and members of Teams chats, channels or private channels that are placed on hold or contain content that is part of a Search, Collection, or Review set.
| Feature | Microsoft 365 E5 + Microsoft 365 Copilot | Microsoft 365 E3 + Microsoft 365 Copilot | Microsoft 365 E5 Compliance + Copilot 1 Microsoft 365 E5 eDiscovery & Audit + Copilot 1 | E5/A5/F5/G5, Microsoft 365 E5/A5/F5/G5 Compliance, Microsoft 365 E5/A5/F5/G5 eDiscovery and Audit, Office 365 E5/A5/G5 | Microsoft Office 365 E1/E3/A3/G3/F3 |
|---|---|---|---|---|---|
| eDiscovery (Premium) | Yes | No | Yes | Yes | No |
| Premium search for Copilot interactions | Yes | No | Yes | No | No |
| eDiscovery content search, legal hold, export search results for Copilot interactions | Yes | Yes | Yes | No | No |
| eDiscovery (Standard) for sites and files | Yes | Yes | Yes | Yes | Yes |
| eDiscovery (Standard) for email | Yes | Yes | Yes | Yes | Yes |
1 Requires Microsoft 365 E3.
For more information about eDiscovery, check out the following resources:
- Comparison of key capabilities: Microsoft Purview eDiscovery Solutions.
- Any user benefiting from the service requires a license. For more information about service terms & conditions, see Product Terms.
- For information regarding eDiscovery and non-custodial data sources, see Add non-custodial data sources to an eDiscovery (Premium) case.
- eDiscovery administrators can select specific users as data custodians for a case by using the built-in custodian management tool in eDiscovery (Premium) as described in Add custodians to an eDiscovery (Premium) case.
Microsoft Purview Information Barriers
Information Barriers are policies that an admin can configure to prevent individuals or groups from communicating with each other. This is useful if, for example, one department is handling information that shouldn't be shared with other departments, or a group needs to be prevented from communicating with outside contacts. Information barrier policies also prevent lookups and discovery. This means that if you attempt to communicate with someone you should not be communicating with, you won't find that user in the people picker.
Users benefit from the advanced compliance capabilities of information barriers when they're restricted from communicating with others. Information barriers policies can be defined to prevent a certain segment of users from communicating with each or allow specific segments to communicate only with certain other segments. For more information on defining information barrier policies, see Define information barrier (IB) policies. While defining IB Policy (Block or Allow), users belonging to segments defined under "Assigned Segments" require licenses. Here are two sample scenarios:
For more information about information barriers, see Learn about information barriers | Microsoft Learn.
Microsoft Purview Information Protection Customer Key
With Customer Key (formerly named Customer Key for Microsoft 365), you control your organization's encryption keys and configure Microsoft 365 to use them to encrypt your data at rest in Microsoft data centers. In other words, Customer Key allows you to add a layer of encryption that belongs to you, using your own keys. Customer Key provides data-at-rest encryption support for multiple Microsoft 365 workloads through Microsoft 365 Data-At-Rest Encryption Service. In addition, Customer Key provides encryption for SharePoint Online and OneDrive for Business data as well as Exchange Online mailbox level encryption.
Users benefit from Customer Key by having their data at rest encrypted at the application layer using encryption keys that are provided, controlled, and managed by their own organization.
Microsoft 365 data-at-rest service that provides multi-workload encryption support is a tenant level service. Although some unlicensed users may technically be able to access the service, a license is required for any user that you intend to benefit from the service. For Exchange Online mailbox level encryption, the user mailbox needs to be licensed to assign a data encryption policy.
The following table lists Customer Key availability across plans. The Set up Customer Key article describes the steps you need to follow to create and configure the required Azure resources and then provides the steps for setting up Customer Key.
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/F5/G5 Compliance, Microsoft 365 E5/A5/F5/G5 Information Protection and Governance | Office 365 E5/A5/G5 |
|---|---|---|
| Customer Key | Yes | Yes |
To enable Customer Key within your tenant: Set up Customer Key - Microsoft Purview | Microsoft Learn
Availability Key uses in Customer Key: Learn about the availability key for Customer Key - Microsoft Purview | Microsoft Learn
Manage your Customer Key configuration: Manage Customer Key - Microsoft Purview | Microsoft Learn
Microsoft Purview Information Protection Double Key Encryption
Double Key Encryption (formerly named Double Key Encryption for Microsoft 365) lets you protect your highly sensitive data to meet specialized requirements and maintain full control of your encryption key. Double Key Encryption uses two keys to protect your data, with one key in your control and the second key stored securely by Microsoft Azure. To view the data, you must have access to both keys. Since Microsoft can access only one key, your key and also your data are unavailable to Microsoft, ensuring that you have full control over the privacy and security of your data.
Users benefit from Double Key Encryption by being able to migrate their encrypted data to the cloud, which prevents third-party access as long as the key remains in control of the users. Users can protect and consume Double Key Encrypted content similar to any other sensitivity label protected content.
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/F5/G5 Compliance and Microsoft 365 F5 Security & Compliance, Microsoft 365 E5/A5/F5/G5 Information Protection and Governance | EMS E5 |
|---|---|---|
| Double Key Encryption | Yes | Yes |
To assign encryption keys to data within an Office 365 and/or Microsoft 365 organization for licensed users, follow the Double Key Encryption deployment instructions https://aka.ms/dke.
Microsoft Purview Information Protection Sensitivity Labeling
Information Protection helps organizations discover, classify, label, and protect sensitive documents, emails and meetings, and groups and sites. Admins can define rules and conditions to apply labels automatically, users can apply labels manually, or a combination of the two can be used—where users are given recommendations on applying labels.
Users benefit by having the ability to create, manually apply or automatically apply sensitivity labels, and consume content that has sensitivity labels applied.
By default, information protection features are enabled at the tenant level for all users within the tenant. For information on configuring policies for licensed users, see Activating Azure Rights Management.
| Feature | Microsoft 365 E5/A5/G5/E3/A3/G3/F1/F3/Business Premium | OneDrive for Business (Plan 2) | Enterprise Mobility + Security E3/E5 | Office 365 E5/A5/E3/A3 | AIP Plan 1, AIP Plan 2 |
|---|---|---|---|---|---|
| Manual Sensitivity Labeling | Yes | Yes | Yes | Yes | Yes |
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5/F5 Compliance, Microsoft 365 F5 Security & Compliance, Microsoft 365 E5/A5/F5/G5 Information Protection and Governance | Office 365 E5/A5 |
|---|---|---|
| Manual Sensitivity Labeling for scheduled meetings | Yes | Yes |
| Feature | Microsoft 365 E5/A5/G5 + Teams Premium, Microsoft 365 E5/A5/G5/F5 Compliance + Teams Premium, Microsoft 365 F5 Security & Compliance + Teams Premium, Microsoft 365 E5/A5/F5/G5 Information Protection and Governance | Office 365 E5/A5 + Teams Premium |
|---|---|---|
| Manual Sensitivity Labeling for Teams online meetings | Yes | Yes |
| Feature | Microsoft 365 E3/E5 + Microsoft 365 Copilot |
|---|---|
| Inheriting labels from input to output for Microsoft 365 Copilot | Yes |
| Feature | Microsoft 365 E5 + Microsoft 365 Copilot, Microsoft 365 E3 + Microsoft E5 Compliance + Microsoft 365 Copilot, Microsoft 365 E3 + Microsoft E5 Information Protection and Governance + Microsoft 365 Copilot |
|---|---|
| Sensitivity labels for content generated by Microsoft 365 Copilot | Yes |
| Feature | Microsoft 365 E5/A5/G5, Microsoft E5/F5/G5 Compliance, Microsoft F5 Security & Compliance | Office 365 E5/A5/G5 |
|---|---|---|
| Client and service-side automatic sensitivity labeling | Yes | Yes |
| Feature | Enterprise Mobility + Security E5/A5/G5 |
|---|---|
| Client-side automatic sensitivity labeling only | Yes |
| Feature | Microsoft 365 E5/A5/G5, Microsoft E5/F5/G5 Compliance, Microsoft F5 Security & Compliance, Microsoft 365 E5/A5/G5 Information Protection and Governance | Office 365 E5/A5/G5 | Enterprise Mobility + Security E5/A5/G5 |
|---|---|---|---|
| Client-side labeling to automatically apply pre-configured S/MIME protection in Outlook | Yes | Yes | Yes |
| Feature | Microsoft 365 E5/A5/G5/E3/A3/G3/F1/F3/Business Premium | Enterprise Mobility + Security E3/E5 |
|---|---|---|
| Apply and view sensitivity labels in Power BI and to protect data when it's exported from Power BI to Excel, PowerPoint, or PDF | Yes | Yes |
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5/F5 Compliance, Microsoft 365 F5 Security and Compliance, Microsoft 365 E5/A5/G5/F5 Information Protection and Governance | Office 365 E5/A5/G5 | Microsoft Syntex - SharePoint Advanced Management |
|---|---|---|---|
| Apply default Manual Sensitivity Labeling for SharePoint Document library | Yes | Yes | Yes |
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 A5/E5/F5/G5 Information Protection and Governance | Office 365 E5/A5/G5 |
|---|---|---|
| Apply conditional access policies via authentication context to SharePoint sites using Sensitivity Labels | Yes | Yes |
For information on how a user can benefit from the AIPService PowerShell module to administer the Azure Rights Management protection service for Azure Information Protection, see Azure Information Protection.
For information on how to create and publish sensitivity labels, see.
When using the Microsoft Purview information protection scanner (formerly known as AIP scanner and accessible now via the Purview Compliance Portal) feature, policies can be scoped to specific groups or users and registries can be edited to prevent unlicensed users from running classification or labeling features.
- Learn about the Microsoft Purview Information Protection scanner - Microsoft Purview (compliance) | Microsoft Learn
- Get started with the Microsoft Purview Information Protection scanner - Microsoft Purview (compliance) | Microsoft Learn
- Azure Information Protection service description - Service Descriptions | Microsoft Docs
- For information on how a user can benefit from the AIPService PowerShell module to administer the Azure Rights Management protection service for Azure Information Protection, see Azure Information Protection.
- For more information, see: Azure Information Protection service description
Note
You can also apply conditional access policies via authentication context to SharePoint sites directly via Set-SPOSite PowerShell cmdlet and the following licenses provide user rights:
- Microsoft 365 E5/A5/G5
- Microsoft 365 E5/F5 Compliance
- Microsoft 365 E5 Information Protection and Governance
- Office 365 E5/A5/G5
- Microsoft Syntex - SharePoint Advanced Management
Note
In addition to the licensing information above:
- A standard/Plan 1 license must be assigned in addition to the premium/P2 license for users to have access to sensitivity labelling for Information Protection for Office 365 and AIP, even if the premium licenses/Plan 2 are assigned. For example, if Information Protection for Office 365 Premium is assigned to a user, that user must also have Information Protection for Office 365 Standard assigned for sensitivity labelling to be available. Anf if AIP P2 is assigned to a user, that user must also have AIP P1 assigned.
- Power BI is included with Microsoft 365 E5/A5/G5; in all other plans, Power BI must be licensed separately.
- For user benefit information regarding automatic classification based on Machine Learning, (trainable classifiers), see Information Governance and/or Records Management.
Microsoft Purview Insider Risk Management
Insider Risk Management (formerly named Microsoft 365 Insider Risk Management) is a solution that helps minimize internal risks by letting you detect, investigate, and take action on risky activities in your organization.
Custom policies allow you to detect and take action on malicious and inadvertently risky activities in your organization, including escalating cases to Microsoft Purview eDiscovery (Premium) (formerly named Microsoft Advanced eDiscovery), if needed. Risk analysts in your organization can quickly take appropriate actions to make sure users are compliant with your organization's compliance standards. Users benefit by having their activities monitored for risk. Insider Risk Management policies must be created in the Microsoft Purview compliance portal and assigned to users.
| Feature | Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance, and Microsoft 365 E5/A5/F5/G5 Insider Risk Management |
|---|---|
| Insider Risk Management | Yes |
For more information, see Get started with insider risk management.
Microsoft Purview Insider Risk Management Forensic Evidence
Forensic evidence is an opt-in, capacity add-on feature in Microsoft Purview Insider Risk Management that gives security teams visual insights into potential insider data security incidents, with user privacy built in.
Customers can purchase the forensic evidence add-on in units of 100 GB per month. The purchased capacity will be metered based on forensic evidence ingestion at the tenant level for the users scoped in forensic evidence policies configured by admins.
Customers can access the service in the Microsoft Purview compliance portal.
You can learn more about forensic evidence in our technical documentation.
Messaging
To stay informed of upcoming changes, including new and changed features, planned maintenance, or other important announcements, visit the Message Center. For more information, see Message center.
Licensing terms
For licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the Product Terms site.
Accessibility
Microsoft remains committed to the security of your data and the accessibility of our services. For more information, see the Microsoft Trust Center and the Office Accessibility Center.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for