NOW IN PUBLIC PREVIEW Custom Posture Reports are the authoritative proof that Microsoft Purview controls are not only configured, but actively protecting data at scale. They transform raw policy signals and configuration data into measurable, defensible security posture, providing clear, tailored insights that demonstrate control effectiveness and real‑world impact.
For more insights on OOB Reports, check out this article.
Overview: NOW IN PUBLIC PREVIEW
Microsoft Purview Posture Reports provide a clear, outcome‑based view of how effectively data protection controls, such as Sensitivity Labels and Data Loss Prevention (DLP) policies, are working across Microsoft 365. Rather than focusing on individual alerts or isolated events, Posture Reports help organizations answer a higher‑level, executive‑ready question:
Are our data protection controls consistently applied and actually reducing risk at scale?
Posture Reports transform complex telemetry from Audit logs, Activity Explorer, and policy enforcement into measurable, defensible insights that security, compliance, and business leaders can act on with confidence. Building on the out‑of‑the‑box experience, Custom Posture Reports enable teams to create scenario‑specific views tailored to their organization’s risk priorities.
Key capabilities include:
- Custom dashboards with drag‑and‑drop sections and cards
- Built‑in and custom metric or chart cards powered by Activity Explorer data
- Flexible filtering to support focused investigations and reporting
Tips:
- Start with clear questions, then choose cards that answer them
- Avoid overcrowding reports; fewer, well‑chosen cards are more effective
- Use metric cards for status, analytics cards for understanding
- Treat custom reports as living assets, iterate as needs evolve
This allows security teams to move beyond one‑size‑fits‑all reporting and build views aligned to their unique data protection strategy.
Preview note: As this feature is in Preview, capabilities, terminology, and UX may change, and not all scenarios are fully documented yet.
Key Concepts
What is a Custom Report?
A Custom Report is a user‑created report container where you assemble one or more cards to visualize Information Protection–related data (for example, labeling, classification, or protection activity). Unlike the built‑in reports, custom reports are designed to be adaptable to different audiences and questions.
Typical use cases include:
- Tracking adoption of sensitivity labels over time
- Monitoring where sensitive data is most concentrated
- Creating executive‑friendly, KPI‑style summaries
- Building analyst views for deeper investigation
Core Actions in the Custom Reports Experience
Add Report creates a new, empty report canvas. This is the starting point where you define:
- The report name and purpose
- Create custom reports with your preferred cards and analytics.
Add section is used to create a logical grouping within a custom report. A section acts as a container that helps organize cards on the report canvas into meaningful groupings based on purpose, audience, or storyline.
What a section does |
How sections are used |
|---|---|
|
|
Add Card lets you place a visualization or metric onto the report canvas. Each card answers a specific question, such as “How much data is labeled Confidential?” or “Where is sensitive content growing fastest?”
Cards are the building blocks of custom reports and can be mixed and matched within the same report.
Permissions: in order to create these reports, you must have permissions to create labels and DLP policies.
Built‑in (OOB – Out of the Box) cards:
Custom reports include two built‑in card types that can be added to sections:
- Metric cards – predefined cards used to display key metrics and trends
- Analytics cards – predefined cards that provide deeper analytical insights
Note: In addition to built‑in cards, you can add custom cards (such as metric‑based or chart‑based custom cards) to tailor the report to your scenario.
What is a Metric Card? |
What is an Analytic Card? |
|---|---|
| Metric cards are designed to highlight a single, high‑level value or KPI and are also the foundation for building custom cards that combine metrics with trend context. | Analytics cards provide richer visualizations that help users explore patterns and trends in the data. |
|
What they do:
|
What they do:
|
Custom cards allow you to define tailored views aligned to your organization’s unique questions.
What they do:
- Focus on specific scenarios not covered by default cards
- Combine dimensions or filters relevant to your business context
- Adapt reporting to regulatory, regional, or operational needs
When to use them:
- Organization‑specific KPIs
- Regulatory or audit‑driven reporting
- Advanced scenarios that go beyond standard dashboards
Custom cards are especially useful for mature programs where built‑in reports are no longer sufficient on their own.
Custom Card Configuration
The following example illustrates how a metric‑based custom card can be configured to track adoption trends.
Scenario: Track adoption of the Confidential sensitivity label over the last 30 days.
Card type:
- Custom card (built from a Metric card)
|
Metric configuration |
Filters applied |
What this card shows |
|---|---|---|
|
|
|
This type of custom card is well‑suited for adoption tracking, executive summaries, and ongoing compliance health monitoring.
Metric card configuration:
- Metric cards currently surface up to 7 days of data, providing recent context for the selected metric. Custom surfaces up to the last 30 days of data.
- You can choose different display formats, such as:
- Number – a raw count or value
- Percentage – a proportional view of the metric
- Compound – a combination of value and trend for quick interpretation
- You can apply filters to limit the data set to specific criteria (for example, a particular label, location, or workload), allowing the metric to reflect a targeted scenario rather than all data
Chart cards are used to visualize data as a graphical chart and can be created as custom cards when you need a visual representation rather than a single metric.
Click on Chart Card and under Chart card configuration, select the primary activities: Sensitivity Label
Then define the Chart Type
Based on the configuration options shown in the UI, the following chart types are available:
- Vertical bar – compares values across categories using vertical bars; commonly used for side‑by‑side comparisons
- Horizontal bar – compares values across categories using horizontal bars; useful when category labels are long
- Pie – shows proportional distribution of values across categories
- Donut – similar to a pie chart, with a central area that improves readability
- Line chart – visualizes trends or changes over time
Selecting the appropriate chart type helps ensure the custom card clearly communicates the intended insight and improves overall report readability.
These cards are commonly used for trend analysis, distribution views, and comparative reporting. Both make patterns easier to understand.
Real World Example
The business goal this report is addressing is to prove security value and risk reduction, especially to leadership and stakeholders, by tying data protection investments to measurable outcomes.
Primary Business Goal: demonstrate that the organization’s data protection controls are effective in reducing financial data risk.
The report shows that sensitive financial data is not only being found, but consistently labeled and enforced through DLP, validating that controls are working as intended.
Supporting Business Objectives
|
Executive assurance & trust
|
Provide leadership with evidence that compliance and security controls are actively protecting financial data, not just configured. |
|
Risk reduction validation |
Show that financial SITs are being systematically identified and governed, reducing exposure and improper data handling. |
|
Value justification for security investments |
Correlate auto labeling and DLP outcomes to demonstrate ROI on Purview, labeling, and policy investments. |
|
Operational confidence |
Confirm that auto‑labeling policies are accurately detecting sensitive data at scale and triggering appropriate DLP enforcement. |
|
Audit and compliance readiness |
Establish defensible proof that sensitive financial data is discovered, classified, and protected consistently across the environment. |
Step 1: Create a report, add a name, and description
Step 2: Add a section called Key Outcomes (title and description) and add metric cards to show the data at a glance.
Step 3: Add another section. Include the following two out of the box charts available.
Step 4: Add another section with the out of the box charts
Step 5: Add the last section that ties everything together. One out of the box chart and another custom chart.
Step 6: for the custom chart above, Do a vertical bar, pivot (the groupings at the bottom of the chart) to Activity. Then, add filters (Sensitive info type: the SITs and Activity: DLPRuleMatch.
The report highlights key outcomes, label adoption, application areas, and auto labeling policies. It identifies the main SITs used in labeling and connects them to DLP, demonstrating that the admin's data security measures are effective, particularly with financial information.
Using AI to simplify insights
This AI integration builds on Microsoft Purview’s existing reporting stack (Posture Reports, Activity Explorer and Audit) and introduces AI-assisted interpretation, summarization, and report composition to reduce manual analysis and accelerate decision-making.
To access the report AI Summary: Click on the report and open “View Details”
AI will prepare and summarize the report.
AI Report Components
|
Executive Summary |
Delivers a high level, leadership friendly narrative of the most important insights.
This section answers: “What happened, and what should I know without reading the full report?” |
|
|---|---|---|
|
Key metrics |
This section provides the essential quantitative data that forms the foundation of the report.
This section answers: “What are the exact numbers this report is based on?” |
|
|
Distribution Breakdown |
This section shows how activity is distributed across categories or dimensions.
This section answers: “Where is activity happening the most?” |
|
|
Trend Analysis |
Evaluates changes over time when historical data is available.
This section answers: “is behavior improving, worsening, or staying the same over time?” |
|
|
Key Findings |
Synthesizes insights derived from metrics, distributions, and trends.
This section answers: “What stands out as important or concerning?” |
|
|
Assessment |
Provides an overall evaluation of the security or compliance posture
This section answers: “How healthy is our current posture?” |
|
|
Status |
Summarizes the assessment into a simple outcome indicator. |
|
|
Recommendations |
Guides next steps based on observed gaps and risks.
This section answers: “What should we do nex |
|
|
References |
Provides traceability and supporting documentation.
This section answers: “Where can I verify or learn more?” |
|
Full AI Report Summary
Summary
Posture Reports represent a shift from security configuration to security outcomes. They empower organizations to confidently answer critical questions about risk, readiness, and return on security investment, especially in an AI‑driven world.
As reporting continues to evolve, Posture Reports will play a foundational role in how customers prove, improve, and communicate their data security posture.
Microsoft