Microsoft Purview is a comprehensive portfolio of products spanning data governance, information protection, risk management, and compliance solutions.
Microsoft Purview helps organizations to:
- Protect sensitive data across clouds, apps, and devices.
- Identify data risks and manage regulatory compliance requirements.
- Get started with regulatory compliance.
Below table shows the different capabilities available based on the acquired license type –
| Capability | Microsoft 365 E3 | Microsoft 365 E5 | Microsoft 365 E5 Compliance (requires Microsoft 365 E3) |
|---|---|---|---|
| Data Classification |  | | |
| Information Protection | | | |
| Data Loss Prevention | | | |
| Records Management | | | |
| eDiscovery | | | |
| Auditing | | | |
| Advanced Data Classification | | | |
| Insider Risk Management | | | |
| Privileged Access Management | | | |
| Customer key | | | |
| Advanced message encryption | | | |
| Customer Lockbox | | | |
| Communications compliance | | | |
| Information Barriers | | |
Microsoft Purview has a large ecosystem and implementing it in its entirety, all at once is risk prone. It is advisable to implement the Purview platform in a few key areas, learn from that experience and then implement the other areas.
Here are some tips and best practices to successfully deploy a Microsoft Purview project –
- Brainstorm with different department leads like HR, Finance, PMO etc. to identify compliance goals, regulations that may apply to your business, success criteria when it comes to compliance solutions. Once you have your goals defined, you can begin planning the implementation.
- Identifying good use cases helps to define the scope of the project such as the types and amount of data that needs to be protected, the correct selection of tools with robust integrations if needed and the right compliance controls.
- Identify key Stakeholders early. Get their buy-in, inform them frequently and consult with them on any obstacles you face or changes you need to make during the project.
- Identify the tools that will be used to accomplish the project goals. Microsoft Purview compliance tools provide a lot of features but supplemental tools like Sentinel SIEM, Microsoft Defender etc. may be required to provide a complete solution based on the business use case.
- Create a detailed project plan, document the use cases tackled in the solution and illustrate the architecture plan to get management to support your project. Without management buy-in it will be very difficult for the solution to get implemented successfully.
- Communication is essential to ensure that all organization users understand the purpose of Microsoft Purview and how it can benefit their organization. Communicating with users on benefits of compliance, explaining new policies and procedures, training on compliance tools, providing FAQs and setting up Office hours with SMEs are all critical aspects of the communication and adoption plan. Monitoring the compliance solution and measuring its success is also important for ongoing development and maintenance of the solutions.
- Create a feedback channel to receive end user feedback. Ensuring that user feedback is heard, and any issues are resolved is crucial to adoption. New use cases arise with time and should be addressed with regular updates to the solution.
- Create a governance plan that will document the goals of your Microsoft Purview rollout, the roles and responsibilities of key stakeholders, and the processes and procedures for managing compliance. Creating a compliance roadmap will help identify the specific compliance requirements that need to be met and timescale of their implementation.
A study by IDC found that Microsoft Security and Compliance can deliver a significant return on investment (ROI) for organizations of all sizes. The study found that organizations that implemented Microsoft Purview realized an average ROI of 465%, with a payback period of less than 6 months.
