Protect your sensitive data with Microsoft Purview
Implement capabilities from Microsoft Purview Information Protection (formerly Microsoft Information Protection) to help you discover, classify, and protect sensitive information wherever it lives or travels.
Use the following sections to learn more about the available capabilities and how to get started with each one. However, if you're looking for a guided deployment, see Deploy an information protection solution with Microsoft Purview.
For information about governing your data for compliance or regulatory requirements, see Govern your data with Microsoft Purview.
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
Know your data
To understand your data landscape and identify sensitive data across your hybrid environment, use the following capabilities:
|Capability||What problems does it solve?||Get started|
|Sensitive information types||Identifies sensitive data by using built-in or custom regular expressions or a function. Corroborative evidence includes keywords, confidence levels, and proximity.||Customize a built-in sensitive information type|
|Trainable classifiers||Identifies sensitive data by using examples of the data you're interested in rather than identifying elements in the item (pattern matching). You can use built-in classifiers or train a classifier with your own content.||Get started with trainable classifiers|
|Data classification||A graphical identification of items in your organization that have a sensitivity label, a retention label, or have been classified. You can also use this information to gain insights into the actions that your users are taking on these items.||Get started with content explorer|
Protect your data
To apply flexible protection actions that include encryption, access restrictions, and visual markings, use the following capabilities:
|Capability||What problems does it solve?||Get started|
|Sensitivity labels||A single labeling solution across apps, services, and devices to protect your data as it travels inside and outside your organization.
- Manage sensitivity labels for Office apps
- Encrypt documents and emails
- Protect calendar items, Teams meetings, and chat
For a comprehensive list of supported scenarios for sensitivity labels, see the Get started documentation.
|Get started with sensitivity labels|
|Azure Information Protection unified labeling client||For Windows computers, extends labeling to File Explorer and PowerShell, with additional features for Office apps if needed||Azure Information Protection unified labeling client administrator guide|
|Double Key Encryption||Under all circumstances, only your organization can ever decrypt protected content or for regulatory requirements, you must hold encryption keys within a geographical boundary.||Deploy Double Key Encryption|
|Message Encryption||Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information.
Example scenario: Revoke email encrypted by Advanced Message Encryption
|Set up Message Encryption|
|Service encryption with Customer Key||Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters.||Set up Customer Key|
|SharePoint Information Rights Management (IRM)||Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify.||Set up Information Rights Management (IRM) in SharePoint admin center|
|Rights Management connector||Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI).||Steps to deploy the RMS connector|
|Information protection scanner||Discovers, labels, and protects sensitive information that resides in data stores that are on premises.||Configuring and installing the information protection scanner|
|Microsoft Defender for Cloud Apps||Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud.||Discover, classify, label, and protect regulated and sensitive data stored in the cloud|
|Microsoft Purview Data Map||Identifies sensitive data and applies automatic labeling to content in Microsoft Purview Data Map assets. These include files in storage such as Azure Data Lake and Azure Files, and schematized data such as columns in Azure SQL DB and Azure Cosmos DB.||Labeling in Microsoft Purview Data Map|
|Microsoft Information Protection SDK||Extends sensitivity labels to third-party apps and services.
Example scenario: Set and get a sensitivity label (C++)
|Microsoft Information Protection (MIP) SDK setup and configuration|
Prevent data loss
To help prevent accidental oversharing of sensitive information, use the following capabilities:
License requirements to protect your sensitive data depend on the scenarios and features you use. Rather than set licensing requirements for each capability listed on this page, for more information, see the Microsoft 365 guidance for security & compliance and the related PDF download for feature-level licensing requirements.