Microsoft Purview and Modern Work (Part 3) - Communication Overview
Published Dec 08 2022 03:45 PM 827 Views
Microsoft

James_Havens_1-1670274083848.png

 

 

Before we start, please note that if you want to see a table of contents for all the sections of this blog, you can locate them at the following URL:

Microsoft Purview and Modern Work (Part 1) - Overview

 

Disclaimer

This document is not meant to replace any official documentation, including those found at docs.microsoft.com.  Those documents are continually updated and maintained by Microsoft Corporation.  If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed.  Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.

 

All of the following steps should be done with test data, and where possible, testing should be performed in a test environment.  Testing should never be performed against production data.

 

Target Audience

The Information Life Cycle Management section of this blog series is aimed at Security and Compliance and Modern Work officers who need to properly label data, encrypt it where needed.

 

Document Scope

This blog and document are meant to help an IT administrator who is looking to secure their data throughout the lifecycle of the data.

It is presumed that you already have a basic understanding of the Purview tools and the Modern Work tools (including Exchange, Teams, SharePoint and OneDrive).

 

Out-of-Scope

This document does not cover configuring any of the below, ie. Holding your hand through the process of configuration”, as that is covered via other blogs, official Microsoft documents, or through the aid of Microsoft implementation teams or Microsoft partners:

  • Audit
  • Communications Compliance
  • Compliance Manager
  • Data Classification (Sensitive Information Types)
  • Data Classification (Exact Data Matching)
  • Data Classification (Trainable Classifiers)
  • Data Lifecycle Management (retention and disposal)
  • Data Protection Loss (DLP) for Exchange, OneDrive, Devices, etc
  • Information Barriers
  • Information Protection (labeling, encrypting, watermarking, etc of files)
  • Insider Risk Management
  • Microsoft Defender for Cloud Apps (MDCA)
  • Privacy Management (Priva)
  • Records Management (retention and disposal)
  • Standard or Premium eDiscovery

 

This blog entry is only addressing Communication (creation, usage, sharing of emails andTeams chats), not Collaboration (creation, usage, sharing of files and SharePoint/Teams Sites).

 

Notes

After each section of this blog, I will make a note of which of the 3 parts of the CIA Triad that Microsoft tool will help you meet.  Here are a few examples.

 

Example #1 –

James_Havens_2-1668709007654.png CIA component – Integrity & Availability

 

Example #2 –

James_Havens_3-1668709007657.png CIA component – Confidentiality & Availability

 

Example #3 –

James_Havens_4-1668709007657.png CIA component – Integrity

 

Mapping Purview to Communications

Here we will map the Lifecycle of the data (Create -> Use -> Retain -> Delete) of data in Exchange and Teams.

 

When looking at the Information Lifecycle, it is important to understand which Purview tools map to which Communication activities within that Information Lifecycle.  Here is a high-level map. 

 

 

James_Havens_0-1668709115137.png

 

 

As this is a bit of an eye chart, we will look at each stage of the Information Lifecycle individually.

 

Please note that Use & Retain are placed together as these tend to be interchangeable.

 

Create (data)

In the Create phase of ILM, here are the recommended Purview Tools.

  • Auto/Manual (Information Protection - sensitivity labels)
  • Data Lifecycle Mgmt/Records Mgmt (Auto/Manual Retention label)
  • Premium Audit

 

In the Create phase of ILM, here are the Communication-based workloads.

  • Exchange -> Create message
  • Teams -> Create message

James_Havens_1-1668709115145.png

 

 

 

Use & Retain (data)

In the Use & Create phase of ILM, here are the recommended Purview Tools.

  • Information Protection (sensitivity labels)
  • Information Barriers
  • Communications Compliance
  • eDiscovery
  • Data Loss Prevention
  • Data Lifecycle Mgmt/Records Mgmt (Auto/Manual Retention label)
  • Insider Risk Mgmt
  • Premium Audit

 

In the Use & Create phase of ILM, here are the Communication-based workloads.

 

  • Exchange -> Type message / Auto save message, Send message
  • Teams -> Type message / Auto save message, Send message

James_Havens_2-1668709115157.png

 

 

 

Destroy (data)

In the Delete phase of ILM, here are the recommended Purview Tools.

  • Data Lifecycle Mgmt/Records Mgmt (Auto/Manual Retention label)
  • Insider Risk Mgmt
  • Premium Audit

 

In the Delete phase of ILM, here are the Communication-based workloads.

  • Exchange -> Manual / Auto delete of message
  • Teams -> Manual / Auto delete of chat

 

James_Havens_3-1668709115161.png

 

 

Next Steps

We will now move to look at Teams and specific Purview workloads that can be mapped to communication data within that platform.

 

Appendix and Links

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Co-Authors
Version history
Last update:
‎Dec 05 2022 01:07 PM
Updated by: