Before we start, please not that if you want to see a table of contents for all the sections of this blog and their various Purview topics, you can locate the in the following link:
Microsoft Purview- Paint By Numbers Series (Part 0) - Overview - Microsoft Tech Community
This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.
All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.
The Information Life Cycle Management section of this blog series is aimed at Security and Compliance officers who need to deal with data related to Viva.
This document is meant to guide an administrator who is “net new” to Microsoft E5 Purview through.
We will be addressing the 4 parts of Viva:
This document does not cover any other aspect of Microsoft E5 Purview, including:
In addition, this document will not have any walk-throughs/hand holding of activities, workloads or configurations as those are covered in other documentation
We will look at each of the 4 basic Viva components, where their data resides or does not reside, and what types of Purview (compliance) workloads should be run against those Viva components.
An organization wants to know what Purview (compliance) workloads should be leveraged against the 4 components of Viva (Insights, Learning, Connections, and Topics)
None
For the purpose of this document, Purview workloads are considered the following:
Before we start, let us look at where Viva holds its information (see the screenshot below).
Purview workloads (applicable):
None
Reason:
Viva Insights compiles its data from the Graph API. The exception is the personalized user’ report which is stored in each users’ corresponding mailboxes. Those reports are anonymized and refreshed on a regular basis. It is more effective to apply your Purview workloads and policies against them because there is no standalone data repository(s).
Purview workloads (applicable):
None.
Reason:
Viva Learning does not store any data in a repository of its own. It aggregates its data from either external training sites (ex. LinkedIn Learning) or internal training (ie, organization driven training sites)
Purview workloads (applicable):
Note – You can see high level information around these workloads on other sections of this blog series.
Reason:
Viva Connections stores data in SharePoint Online. This is collected into a single Home Site for the organization.
You can 1) apply an overarching set of Purview policies (listed above) to all internal SharePoint sites or 2) apply more granular Purview policies against subsets of internal SharePoint sites, including one specifically for the Viva Connections Home Site.
Purview workloads (applicable):
None.
Reason:
Viva Topics does have its own SharePoint site, but it is continually refreshed and does not possess any data on its own. The Viva Topics site references content from the original SharePoints sites within your tenant. Essentially this Topics site is only a list of pointers.
In theory, you could run an Information Governance (retention/disposal) policy against the Viva Topics site as a secondary measure to ensure references to other sites are deleted. However, the simpler path would be to apply your Purview workloads and policies against all other SharePoint sites inside your tenant, as is best practice.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.