Blog Post

Security, Compliance, and Identity Blog
4 MIN READ

Microsoft Information Protection and Microsoft Azure Purview: Better Together

sanjay_kidambi's avatar
Dec 07, 2020

 

Data is growing exponentially. Organizations are under pressure to turn that data into insights, while also meeting regulatory compliance requirements. But to truly get the insights you need – while keeping up with compliance requirements like the General Data Protection Requirement (GDPR) – you need to know what data you have, where it resides, and how to govern it. For most organizations, this creates arduous ongoing challenges.

 

On Dec 3, Microsoft announced Azure Purview, a unified data governance service that sets the foundation for data governance across your data estate. It is available in public preview. In this blog, you will learn how you can build on your existing investments in Microsoft Information Protection to gain additional value from Azure Purview.

 

Unified data governance for your hybrid data estate with Azure Purview

Azure Purview enables you to map, catalog, understand, classify, and manage your operational and analytical data – whether on-premises, across your multi-cloud environment, or within SaaS applications.

 

With Azure Purview Data Map, you can automate the metadata scanning of on-premises, multi-cloud, and SaaS data and applications so that you can find and classify this data. With Purview Data Catalog, users can now search, understand the underlying sensitivity, and view how data is being used across the organization with its Lineage functionality.

 

Building on the power of Microsoft Information Protection

You’ve been using Microsoft Information Protection (MIP)—a built-in, intelligent, unified, and extensible solution to protect sensitive data in documents and emails across your organization. MIP provides a unified set of capabilities to know and protect your data and prevent data loss across Microsoft 365 apps (e.g. Word, PowerPoint, Excel, Outlook), services (e.g., Microsoft Teams, SharePoint, Exchange, Power BI), on-premises locations (e.g., SharePoint Server, on-premises files shares), devices, and third-party apps and services (e.g., Box and Dropbox).

 

Core to Microsoft Information Protection is its classification capabilities, like the built-in sensitive information types that enable you to detect sensitive information in your data estate. Examples of sensitive information include social security numbers, addresses, credit card numbers, and other personally identifiable information that are mapped to various global regulations. Also core to MIP are sensitivity labels. Organizations create these sensitivity labels in the Microsoft 365 compliance center after considerable thought and cross-group collaboration. Once defined and deployed, sensitivity labels (e.g., Confidential or Public) help to ensure a uniform understanding among employees on how sensitive certain labeled data is to their organization.

 

Of course, the first step is to know your data. We know that many of you are looking to use automation to expand data discovery, classification, and labeling to your entire hybrid data estate. You want a consistent approach to classify and label data, no matter where that data resides, whether it is part of a Word document or a relational database, or whether it’s stored on-premises or in the cloud.

 

We are excited to announce that with the new Microsoft Azure Purview, you can now extend the reach of your MIP sensitivity labels and the value from built-in sensitive information types to a much broader set of data locations and data types.

 

With Azure Purview, your ability to know your data expands to cover operational and analytical data, and more data locations like SQL Server, Azure SQL, and Azure Storage. Microsoft 365 compliance center enables you to quickly extend your sensitivity labels to Azure Purview. The built-in sensitive information types you have in Microsoft 365 compliance center are also available to Azure Purview. This way, you can apply your automatic data labeling policies to more of your data estate and achieve consistent classification and labeling of sensitive data across data types and locations.

 

 

          Figure 1: Label creation flow in Microsoft 365 compliance center to extend a label to Azure Purview.

 

                   Figure 2: New option to also auto-label sensitive data in locations like columns in Azure SQL.

 

Once you deploy the automatic labeling policy, you can start to benefit from reports on your operational and analytical data within ‘Azure Purview Studio’, which answer questions like what types of sensitive data you have and where exactly this sensitive data is located. You also gain the ability to search and find data tagged by your various sensitivity labels. This is similar to the reports and insights you get for your sensitive data in documents and emails in locations like SharePoint and Exchange, from the Overview and Content Explorer capabilities in the Microsoft 365 compliance center.

 

 

 

Figure 3: Microsoft 365 compliance center and Azure Purview Studio show how an organization's labels are used consistently across data types and data locations.

 

                     Figure 4: Details about sensitive data in a file labeled “Confidential” in Azure Storage.

 

When you use Azure Purview with Power BI, you can also search, and view Power BI reports based on the same set of sensitivity labels applied on them in the Power BI service. Using Lineage in Azure Purview you can also track your organizational data journey across your various data sources, all the way down to the Power BI assets, including dataflows, datasets, reports, and dashboards, that are connected to them.

 

                      Figure 5: Lineage tab in Azure Purview shows the journey of this confidential data

 

Getting Started

Here is some helpful information about licensing and how to get started with these new Azure Purview capabilities as a part of the public preview:  

  • Below licenses enable use of MIP sensitivity labels for auto classification and labeling with Azure Purview: Microsoft 365 E5, Microsoft 365 E5 Compliance, Microsoft 365 E5 Information Protection and Governance, Microsoft 365 E5 Information Protection and DLP (add-on).
  • For detailed steps on how to extend your sensitivity labels to locations supported by Azure Purview, please start with the online technical documentation here.
  • To learn more about Microsoft Information Protection, start with online documentation here.  Check out our compilation of past product announcements for Microsoft 365 Compliance’s Information Protection and Governance solution area.  To learn more about Microsoft 365 Compliance and to access technical training, visit the Virtual Hub today.
  • To learn more about Azure Purview, you can visit the product page, watch this video and read latest product news

 

Laurie Litwack and Tony Themelis, Principal Program Managers

Updated May 11, 2021
Version 7.0
  • Psouthway's avatar
    Psouthway
    Copper Contributor

    Please remove the animated screenshots - the animation adds nothing and is just distracting.

  • Azure Data Catalog gen1 allowed us to get metadata from tables inside a Databricks workspace, by using ODBC connection. Do we have have ODBC connectivity for Azure Purview too? If so, can someone share the details?

  • Martin Alter's avatar
    Martin Alter
    Brass Contributor

    Great news and great new feature 👌🏻 This is the next step for more global classification and more security for data.

     

    I like it and I will use the preview to learn how to handle it.