How to use DSPM for AI Data Risk Assessment to Address Internal Oversharing
Background Oversharing and data leak risks may occur with or without GenAI use. However, leaders are concerned that GenAI tools might grant faster access to content with incorrect permissions, making these files easier to locate. Oversharing occurs when an employee has access to information beyond what is necessary to do their jobs. It often happens accidentally, for example if a user saves sensitive files to a SharePoint site without realizing everyone has access to that location. It could also happen when people share files too broadly (e.g. everyone in the organization sharing a link). Or it can happen when files lack protection regardless of location. Microsoft Purview Data Security for Posture Management (DSPM) for AI’s Data Risk Assessment helps to address oversharing by allowing security teams to scan files containing sensitive data and identifying data repositories such as SharePoint sites with overly permissive user access. It provides visibility into overshared content, risk assessment, remediation actions, and detailed reports. Introduction Purview Data Security Posture Management for AI (DSPM for AI)’s Data Risk Assessment is for you if you: Are an existing Microsoft 365 Copilot customer, or someone wanting to deploy Microsoft 365 Copilot: or Want to address oversharing but have not yet deployed Microsoft 365 Copilot. Prerequisites Please refer to the prerequisites for DSPM for AI in the Microsoft Learn Docs. Log in to the Purview portal To begin, start by logging into Microsoft 365 Purview portal with your admin credentials: In the Microsoft Purview portal, go to the Home page. Find DSPM for AI under solutions. Head to Purview DSPM for AI -> Data Assessment. The Data Assessments tool identifies potential oversharing risks in your organization. It also provides fixes to limit access to sensitive data. As shown on the Data Risk Assessment landing page, there are two types of assessments: A Default Assessment. This assessment runs automatically every week. Custom Assessments. This assessment is user-triggered. This blog will focus on the Default assessment and will not cover Custom assessments. The Default assessment will run automatically weekly. Additionally, the Default assessment runs weekly and targets the top 100 SharePoint sites based on usage. Default assessment Next, click the View details button for the Default data risk assessment report on the Overview page. In the Oversharing Assessment for the week page, locate the visual reports bar. The visual reports bar provides a general overview of, Assessment details, which includes: Description. Top 100 accessed SharePoint sites by usage. Last updated, next updated, and frequency. Frequency of updates for the default assessment. Total items - a visual graph of the number of items scanned and/or not scanned for sensitive information types (SITs). Sensitivity labels on data – a visual graph that includes, The number of labeled SITs detected and not detected. The number of Not labeled SITs detected and not detected. The number of data not scanned. Items shared with – a visual graph that includes the number of links, Shared with anyone. Shared organization wide. Shared with specific people. Shared outside your organization. The following data points may indicate that oversharing has occurred in the tenant: Large amount of data not scanned. Large amount of data containing SITs but not labeled. Large amount of data shared externally. Site-specific data Next, locate the list of sites (Data source ID) and their info on the table below the visual reports bar, which includes information on: Source type Total items Total items accessed Times users accessed items Unique users accessing items Total Sensitive items Total scanned items Total unscanned items Items shared with Scroll through the list and identify potential sites that may contain oversharing based on the knowledge of whether the site is private or public, and the possible conditions below: A private site that is being shared externally based on sharing links info. A private site that has a high level of documents being shared outside of the org based on a high level of total items accessed and/or unique users accessed and/or times users accessed. A public site that has a high level of sensitive items based on total sensitive items count. A site that has a high level of total unscanned items. By clicking on the Export button, you can export the Data source IDs to an Excel, CSV, JSON, and TSV file. The rollout of the export capability has started and will be complete by end of the week (week of April 28, 2025). Secure and Govern Each Site Click into each site of interest, or sites may have potential oversharing, to review the site info in the flyout panel. Overview – provides an overview of the details for the site. Data source details – provides details of where the data comes from (i.e. SharePoint) and its corresponding URL Data coverage – displays the total items scanned in the site that are either: Labeled and SITs detected, or No SITs detected Not labeled and SITs detected, or No SITs detected *Data points that may indicate that oversharing has occurred in the tenant: 1. Lots of unscanned documents. 2. Lots of documents that contain SITs but not labeled. Identify – scans your data for sensitive information. Use Microsoft Purview On-demand classification data scan to scan for sensitive information for all content in this site. Microsoft Purview On-demand classification data scan is a feature to help discover and classify sensitive content in historical data across Microsoft 365. Protect – provides remediation actions that you can take to address internal oversharing: Limit Microsoft 365 Copilot access to this site - Restrict access or block processing of certain content in SharePoint - you can choose two methods of how Copilot accesses data in SharePoint: Restrict access by label – Block processing of content with a specific sensitivity label using Purview Data Loss Prevention (DLP) policy for Copilot Restrict all items – Restrict access to site(s) using SharePoint Advanced Management (SAM) restricted content discovery (RCD) Other labeling policies - Create sensitivity label taxonomy and publish labels to SharePoint via: Default sensitivity label for SharePoint document library Default labels – setup default labels to label all new items by default using sensitivity labels. Sensitive information auto-labeling policy - Use auto-labeling policies based on sensitive content or keywords. You can click View items to view the files with SITs. SharePoint site sensitivity label to apply a sensitivity container label to the site. Review unused files - Protect sensitive data from oversharing by deleting unused files with Purview Data Lifecycle Management (DLM) retention policies. Monitor – Ongoing access monitoring Run a site access review This section displays the number of sites: Shared with anyone. Shared organization wide. Shared with specific people. Shared externally. You can then run a SharePoint site access review using SAM Run an access review through Microsoft Entra to make sure access granted is up to date. Conclusion In this blog, we explored the concept of oversharing and its implications in collaborative environments. We discussed how Microsoft Purview DSPM for AI Data Risk Assessments can help identify and mitigate risks associated with sensitive data. Additionally, this blog provided a detailed guide on using the Data Risk Assessments tool, focusing on the Default assessment, which runs automatically every week. We covered how to interpret the visual reports and identify potential oversharing risks based on various data points. Additionally, we outlined steps to secure and govern each site, including remediation actions and access monitoring. For detailed guidance on all Purview + SAM features to address oversharing, please reference the oversharing blueprint - https://aka.ms/Copilot/Oversharing. Be sure to also check out the blog on How to deploy DSPM for AI to secure and govern all types of AI, including Microsoft Copilot experiences, Enterprise AI apps, and other AI apps! Resources Address oversharing concerns with Microsoft 365 blueprint - aka.ms/Copilot/Oversharing Public webinar on oversharing - Secure AI: Practical Steps for Addressing Oversharing Concerns Microsoft Purview data security and compliance protections for Microsoft 365 Copilot and other generative AI apps | Microsoft Learn Considerations for deploying Microsoft Purview AI Hub and data security and compliance protections for Microsoft 365 Copilot and Microsoft Copilot | Microsoft Learn Downloadable whitepaper - Data Security for AI Adoption | Microsoft Public roadmap for DSPM for AI - Microsoft 365 Roadmap | Microsoft 365
Optimizing Cybersecurity Costs with FinOps
This blog highlights the integration of two essential technologies: Cybersecurity best practices and effective budget management across tools and services. Let’s understand FinOps FinOps is a cultural practice for cloud cost management. It enables teams to take ownership of cloud usage. It helps organizations maximize value by fostering collaboration among technology, finance, and business teams on data-driven spending decisions. FinOps Framework The FinOps Framework works across the following areas: Principles Collaborate as a team. Take responsibility for cloud resources. Ensure timely access to reports. Phases Inform: Visibility and allocation Optimize: Utilization Operate: Continuous improvement and operations Maturity: Crawl, Walk, Run Key Components of Cybersecurity Budgets Preventive Measures Preventive measures serve as the initial line of defense in cybersecurity. These measures encompass firewalls, antivirus software, and encryption tools. The primary objective of these measures is to avert cybersecurity incidents from occurring. They constitute a critical component of any comprehensive cybersecurity strategy and often account for a substantial portion of the budget. Detection & Monitoring Tools like Azure Firewalls and Azure monitoring are essential for identifying potential security threats and alerting teams early to minimize impact. Incident Response Incident response comprises the measures taken to mitigate the impact of a security breach after its occurrence. This process includes isolating compromised systems, eliminating malicious software, and restoring affected systems to their normal functionality Training & Awareness Training and awareness are crucial for cybersecurity. Educating employees about threats, teach them how to avoid risks, and inform them of company security policies. Investing in training can prevent security incidents. FinOps approach to managing the cost of Security Security Cost-Optimization Security is crucial as threats and cyber-attacks evolve. Azure FinOps helps identify and remove cloud spending inefficiencies, allowing resources to be reallocated to advanced threat detection, robust controls like MFA and ZTNA, and continuous monitoring tools. Azure FinOps provides visibility into cloud costs, identifying underutilized or redundant resources and over-provisioned budgets that can be redirected to cybersecurity. Continuous real-time monitoring helps spot trends, anomalies, and inefficiencies, aligning resources with strategic goals. Regular audits may reveal overlapping subscriptions or unused security features, while ongoing monitoring prevents these issues from recurring. The efficiency gained can fund advanced threat detection, new protection measures, or security training. FinOps ensures every dollar spent on cloud services adds value, transforming waste into a secure, efficient cloud environment. Risk Mitigation FinOps boosts visibility and transparency, helping teams find weaknesses and risks in licenses, identities, devices, and access points. This is crucial for improving IAM, configuring access controls correctly, and using MFA to protect systems and data, also involves continuous monitoring to spot security gaps early and align measures with organizational goals. It helps manage financial risk by estimating breach costs and allocating resources efficiently. Regular risk assessments and budget adjustments ensure effective security investments that balance defense and business objectives. Improved Compliance and Governance Complying with standards like GDPR, HIPAA, or PCI-DSS is essential for strong cyber defenses. A FinOps approach helps by automating compliance reporting, allowing organizations to use cost-effective tools such as Azure FinOps toolkit to meet regulations. Conclusion Azure FinOps is a useful tool for managing cybersecurity costs. It enhances cost visibility and accountability, enables budget optimization and assists with compliance audits and reporting, also helps businesses invest their resources effectively and efficiently.Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series
Over the past two years, there has been a significant increase in nation-state attacks leveraging OAuth apps. These attacks often serve as entry points for privilege escalation, lateral movement, and damage. To effectively mitigate these risks, security teams need visibility and control over SaaS apps including GenAI apps to ensure that only trusted and compliant apps are in use. Join one of these workshops to learn: Real-world examples of OAuth attacks New pre-built templates and custom rules to simplify app governance How to quickly identify and mitigate risks from high-risk or suspicious apps Best practices for operationalizing app governance to improve your security posture These workshops are designed to accommodate global participation, with flexible date and time options. Who Should Attend: This training is ideal for anyone interested in securing OAuth apps and improving their organization’s overall SaaS security. Date Time Registration Link April 22 8:30-9:30am UTC (1:30-2:30am PST) Registration Closed April 23 6-7pm UTC (11am-12pm PST) Registration Closed May 1 3:30-4:30pm UTC (8:30-9:30am PST) Register May 8 (UPDATED) 1-2pm UTC (6-7am PST) Register May 14 (UPDATED) 10am-11am UTC (3-4am PST) Register More about app governance App governance in Defender for Cloud Apps is a set of security and policy management capabilities designed for OAuth-enabled apps registered on Microsoft Entra ID, Google, and Salesforce. App governance delivers visibility, remediation, and governance into how these apps and their users access, use, and share sensitive data in Microsoft 365 and other cloud platforms through actionable insights and automated policy alerts and actions. App governance also enables you to see which user-installed OAuth applications have access to data on Microsoft 365, Google Workspace, and Salesforce. It tells you what permissions the apps have, and which users have granted access to their accounts. Getting started with App governance View the App Governance> Overview tab in the Microsoft Defender Portal. Your sign-in account must have one of the administrator roles to view any app governance data. For more information, see Turn on app governance for Microsoft Defender for Cloud Apps. Questions? Please post below.The Crucial Role of Data Security Posture Management in the AI Era
In an era where artificial intelligence (AI) is rapidly transforming business operations, the importance of Data Security Posture Management (DSPM) cannot be overstated. Data Security Posture Management plays an important role in modern digital infrastructure by providing a comprehensive framework to manage and mitigate data security risks. DSPM also helps in identifying and mitigating security risks associated with AI adoption along with ensuring that organizations can leverage AI technologies safely and effectively. Key aspects of DSPM: 360-degree view approach for data at rest, in-transit, and risk associated to users. Centralized Visibility and monitoring approach into sensitive data, it's usage and access across different systems. Regular risk assessments are performed to determine any vulnerabilities within the infrastructure Direct integrations with various third-party tools and CSP's Exponential Increase in Data Threats The rise of AI has brought about an exponential increase in data threats. Here are some alarming statistics: Data Security Incidents: A staggering 83% of organizations have experienced more than one data breach throughout their existence, underscoring the prevalence of security incidents. Insider Threats: Accounting for 20% of data breaches, insider threats pose significant risks, with the average cost to resolve such threats reaching $15.4 million over a 12-month period. Generative AI Concerns: The adoption of generative AI brings its own set of challenges, with over 80% of organizations expressing concerns about the potential leakage of sensitive data during the training and implementation phases. Enhancing and securing Data Security with Microsoft Purview Microsoft Purview offers an integrated solution for securing and governing data across multi-cloud and hybrid environments. Its adaptive features continuously evaluate and adjust risk levels to prevent unauthorized data use. Here are some of the key features that play a crucial role in strengthening Data Security Posture: Data Security: Data Loss Prevention: Safeguards data throughout its lifecycle, wherever it resides. Insider Risk Management: Addresses internal threats effectively. Information Protection: Ensures sensitive information remains confidential. Data Governance: Data Discovery: Identifies and classifies data across the organization. Data Quality: Maintains the integrity and accuracy of data. Data Curation: Organizes and manages data for easy access and analysis. Data Estate Insights: Provides visibility into data usage and storage. Data Compliance: Compliance Manager: Helps meet regulatory requirements and manage risks. eDiscovery and Audit: Facilitates legal investigations and compliance checks. Communication Compliance: Monitors and controls communication channels to prevent data leaks. Data Lifecycle Management: Manages the retention and deletion of data. Records Management: Ensures proper record-keeping for compliance and governance. Conclusion The integration of AI into business processes necessitates a robust approach to data security. Data Security Posture Management, as part of an organization's cybersecurity strategy, is critical for identifying, managing, and mitigating risks associated with AI adoptionGetting started with the new Purview Content Search
“I’m looking to get started with the new Content Search experience in Purview. Where do I get started?” Welcome to the exciting new world of Content Search! This revamped experience is designed to be more intuitive, making it easier for you to navigate and find what you need. The modern Content Search experience offers additional capabilities like enhanced data sources to make it easier to identify the locations that you want to search, an improved condition builder, and a streamlined export experience. Also, you will now be able to take advantage of Premier features if you have E5 licensing, further elevating your search experience. Privacy is a key focus in this update, allowing you to restrict access to your content searches and ensure that sensitive information remains secure. Additionally, the ability to configure Role-Based Access Control (RBAC) permissions means you can customize Content Search functionality to suit your needs, granting or limiting access as necessary. There are two different ways of accessing Content Search. You can access content search by clicking on the eDiscovery solution card under the Purview portal and select Content Search on the left nav. ation pane within the eDiscovery section. The "Content Search" option is highlighted, indicating its selection for searching emails, documents, and other content across Microsoft 365. This is a shortcut that will take you to the Content Search case in the new unified Purview eDiscovery. You will see all of your existing content searches here. “What do I need to do first?” First, let’s talk about permissions and privacy. The first step in using the new content search is to make sure that you have access to the new Content Search. eDiscovery managers and administrators will automatically have access to new content search. However, if you are not a member of either of these built-in role groups or in a custom role group, you may need to have either an eDiscovery manager or an eDiscovery administrator grant you access to the new content search. You will need to take the following steps if you receive this message when attempting to access the new content search: Figure 2: A screenshot of a web application displaying a 'Permission Error' message in a pop-up window, indicating that the user does not have access to the requested page. Here are the steps for assigning a custom RBAC group or individual user to the Content Search: 1) NOTE: You will need to have someone with eDiscovery manager or eDiscovery admin permissions to assign these permissions. This is done through the Case settings button under Content Search: & Eliza Gallager Incident" is listed with details such as description, query text, created by, created date, modified by, and modified date. 2) This will take you to the case settings page. You will need to click Permissions. After you select Permissions, you will have the options to add an individual user (Users) or all members of a built-in or custom role group (Role groups) You can see where I have added a custom role group named “Content Search” in this example. 3) Once you have added either the user or the role group, they will then be able to access the new Content Search! “Thanks! I can now access the new Content Search, but it looks like I now have access to holds. My team should not have the ability to place holds. What can we do?” Have no fear! The new Content Search will not provide admins the permission to apply holds. This is tightly controlled via the Purview roles assigned to you by an authorized administrator. If the holds tab is present in the new Content Search case, it is because you already have the Hold Purview role assigned to you. You can learn more about the different roles that eDiscovery and Content Search use in this article: Assign permissions in eDiscovery. You can customize what content search activities a user can perform by using Purview custom role groups. Let’s say that you want to restrict the ability to create and manage holds with Microsoft Purview. We are going to do that by creating a new custom role group named Content Search. Here are the steps for creating a custom role group. 1) The Microsoft Purview portal supports directly managing permissions for users who perform tasks within Microsoft Purview including eDiscovery and Content Search. Using the Roles and scopes area in Settings in the Purview portal, you can manage permissions for your users. IMPORTANT: To view Role groups in the Roles and scopes area in the Microsoft Purview portal, users need to be a global administrator or need to be assigned the Role Management role (a role is assigned only to the Organization Management role group). The Role Management role allows users to view, create, and modify role groups. 2) Next, click the +Create role group button to create a new role group in Purview. You can learn more about the different roles that eDiscovery and Content Search use in this article: Assign permissions in eDiscovery. After reviewing the different Content Search-related roles, select the ones applicable to your Content Search users. Here are the roles that we selected for our Content Search users: 3) Microsoft always recommends that you use roles with the fewest permissions. When planning your access control strategy, it's a best practice to manage access for the least privilege for your eDiscovery and Content Search users. Least privilege means you grant your administrators exactly the permission they need to do their job. 4) Please refer to this article if you need any other assistance creating custom role groups in Purview: Permissions in the Microsoft Purview portal. “Excellent! I can’t see the holds tab anymore. However, I’m noticing that I have access to E5 features like review sets. We only have E3 licenses. What can we do to disable the Premium features?” Depending on your tenant configuration, the new Content Search may have eDiscovery (Premium) features enabled (these features include review sets, advanced indexing, cloud attachment support, and many others). The eDiscovery (Premium) features can be disabled via the Content Search case settings. This can be done by clicking on the Case settings button from the new Content Search. Within the Case details page there is a toggle to enable or disable the eDiscovery (Premium) features. & analytics, and Review sets. The Case details section shows information such as the license type (eDiscovery Premium), premium features toggle, case name ('Content Search'), case number, and a description field. The status of the case is marked as active with a creation date and time. “Thanks! It looks like I have the correct permissions and settings. Where do I get started?” 1) Let’s start with creating a new search. Under the new Content Search, you’re going to click the Create a search button. ry text, created by, last modified date, and status. 2) Give your new search a unique name and description. 3) Under the Query tab in your new search, you will see Data sources on the left side. The new Content Search’s enhanced data sources will make it a lot easier for you to set the locations that you would like to search. You can use Content Search to search for M365 content such as email, documents, and instant messaging conversations in your organization. Use search to find content in these cloud-based Microsoft 365 data sources: Exchange Online mailboxes SharePoint sites OneDrive accounts Microsoft Teams Microsoft 365 Groups Viva Engage In this example, we will be searching a Nestor’s mailbox and OneDrive site for an email sent in March 2025 that contains the keyword string “Project 9” 4) Click Add sources under Data sources to add your locations (you can also search all your mailboxes or sites by selecting Add tenant-wide sources if needed) 5) Type in the name of the user or their email address to find the user that you’re wanting to search and then select them. reenshot shows the 'Search for sources' interface in Microsoft 365 compliance center, where users can add people, groups, SharePoint sites, OneDrive accounts, and Microsoft Teams as sources. The search results display one item matching the query 'Nestor Wilke,' with an option to select or deselect it. 6) Click the Manage button to see the locations associated with this user. The enhanced data source experience will automatically identify a user’s mailbox and OneDrive site if they have one enabled. 7) Select Save to continue. Optional: you can exclude either their Mailbox or OneDrive site by unchecking them under the Manage sources view. 8) Now that we have identified the locations that we want to search. The next step is to create a query to define what we are wanting to search for within the locations. 9) Under the Keywords condition, make sure that Equal is selected, and type in Project 9 and hit enter. This will let you specify that you are looking for any chat, email, or document that contains the phrase “Project 9” 10) Next, click on the + Add conditions button to add the date range condition. Select Date from the list and hit Apply. 11) Switch the Date operator from Before to Between and select March 1, 2025 through March 31, 2025 as the date range. 12) Click the Run query button to generate the search estimate. Then click Run Query after selecting any additional options that you may want. 13) After the search has run, the Statistics tab will help you verify whether the relevant content was found. You can also generate a sample of the results by going under the Sample tab and hitting the Generate sample results button. 14) You can export the results of your search after you have verified that the relevant content has been returned by your search by selecting the Export button. Please give your export a name and description. 15) You can choose what format you want the results to be exported in by scrolling down. enshot displays the "Export" settings window from a software application, detailing options for exporting data. Users can choose to include Teams and Viva Engage conversations, organize conversations into an HTML transcript, and collect items linked to SharePoint or OneDrive. Additional settings allow users to select the export type, format the export into PSTs or .msg files, organize data into separate folders, condense paths to fit within 259 characters, and give items a friendly name. In the Export type section, choose one of the following options: Export items report only: Only the summary and item report are created. The various options for organizing data, folder and path structure, condensing paths, and other structures are hidden. Export items with items report: Items are exported with the item report. Other export format options are available with this option in the Export format section. In the Export formatsection, choose one of the following options: Create PSTs for messages: This option creates .pst files for messages. Create .msg files for messages: This option creates .msg files for messages Select one or more of the following output package options: Organize data from different locations into separate folders or PSTs: This option organizes data into separate folders for each data location. Include folder and path of the source: This option includes the original folder and folder path structure for items. Condense paths to fit within 256 characters: This option condenses the folder path for each item to 259 characters or less. Give each item a friendly name: This option creates a friendly name for each item. 16) After you have selected the options for your export, select the Export button. 17) Click the Export button to go to the Export tab. 18) Select your export once the status shows as “Complete” 19) Select the export packages that you wish to download and hit the Download button. Clicking the Download button will kick off a browser download. The new Content Search does not use classic Content Search and eDiscovery (Standard)’s .NET eDiscovery Export Tool application. NOTE: You may have to disable popup blocking depending on your browser settings. The download report relating to the export is named Reports-caseName-EntityName-ProcessName-timestamp.zip. With EntityName being the user given name to the export. This will include several .CSV files including items.csv which provides details of all items exported, including information such as item ID, location of the item, subject/title of the item, item class/type, and success/error status. The .PST files exported will be included in an export package called "PSTs.00x.zip" 20) Files exported (e.g. files stored in OneDrive and SharePoint) will be included in an export package called Items.00x.zip To learn more about the Microsoft Purview eDiscovery and Content Search solutions and become an eDiscovery Ninja, please check out our eDiscovery Ninja Guide at https://aka.ms/eDiscoNinja!“Build Your Own” O365 Data Protection Impact Assessment for the Public Sector
At Microsoft, we are committed to helping our public sector customers embrace the most cutting-edge technologies while ensuring they have the information they need to enable them to continue to meet their compliance obligations. It is in that spirit, and based on customer feedback that we are pleased to share our revamped “Build Your Own” Data Protection Impact Assessment template for Office 365. A Data Protection Impact Assessment (“DPIA”) is a process for assessing and demonstrating data protection compliance as mandated by the General Data Protection Regulation (“GDPR”). The GDPR requires controllers to prepare a DPIA for operations that are “likely to result in a high risk to the rights and freedoms of natural persons”. However, based on conversations we have had with a number of public sector customers who are subject to the GDPR, we understand that even when this threshold is not necessarily met or is unlikely to be met, some customers are keen to take a more cautious approach and choose to complete a DPIA. In order to provide public sector customers with clear and concise information to support their completion of DPIAs, the “Build Your Own” DPIA is a customizable and illustrative template guide Microsoft has produced, by reference to our Product Terms and our Data Protection Addendum (“DPA”). It is designed to help public sector organizations systematically identify, assess, and address potential data protection risks, making it easier to evaluate compliance with the GDPR. We recognize that compliance tools like the “Build Your Own” DPIA will need to evolve as our technology evolves and the ways in which our customers use our technology change. As such, we are committed to continually refining and improving the document, including based on customer feedback, with the goal of helping make our customers’ digital transformation compliance journey as friction-free as possible. Download the template here: https://servicetrust.microsoft.com/DocumentPage/176bc7d7-ab27-48ea-a829-7e041a22e6821000 Data Map Collections
We are pleased to announce the general availability of the "1000 collections" in Data Map. Collections in the Data Map serve as a logical construct designed to organize assets and data sources within a customer’s data estate by business units. Additionally, collections are utilized to manage access within Microsoft Purview’s unified catalog. The increase in collection limit from 400 to 1000 will offer enterprise customers greater flexibility and control over data source segregation in response to evolving business requirements. Even though the limit has been increased, we recommend following the best practice guide shared here. Useful Links: Governance Domain and Domain Recommendations (Preview) | Microsoft Learn Microsoft Purview domains and collections architecture and best practices | Microsoft Learn How to manage domains and collections | Microsoft LearnPurview AMA March 12 - Ask Questions Below!
The next Purview AMA covering Data Security, Compliance, and Governance takes place on 12 March at 8am Pacific. Register HERE! Your subject matter experts are: Maxime Bombardier - Purview Data Security and Horizontals Sandeep Shah - Purview Data Governance Peter Oguntoye - Purview Compliance And, if you'd like to get started now, feel free to post your questions as comments below. They may be answered live, or if we don't get to them, they will be answered in-text below (you may also note what you'd prefer!) Thank you for being a part of the Purview community, we can't do exciting events like this without you! Don't forget to register ✏️Microsoft Purview Best Practices
Microsoft Purview is a solution that helps organizations manage data and compliance. It also uses AI to classify data, monitor compliance, and identify risks. Key features include data discovery, classification, governence, retention, compliance management, encryption, and access controls. Purview ensures data security, prevents insider threats, and helps implement data loss prevention policies to meet compliance requirements. Hello everyone - This is just a short introduction, I am Dogan Colak. I have been working as an M365 Consultant for about 5 years, holding certifications such as MCT, SC-100, SC-200, SC-300, and MS-102, with a focus on Security & Compliance. This year, I am excited to share what I have learned with the Microsoft Technology Community. In the coming days, I will be publishing videos and articles based on the training agenda I have created. I will also share these articles on LinkedIn, so feel free to follow me there. I am always open to feedback and suggestions. See you soon!
