The worldwide shift to a hybrid workplace has pushed us all to embrace ubiquitous connectivity. Those new connections have helped us become more collaborative; routinely editing and sharing documents in real-time from wherever we happen to be working. Instant messaging went from being a tool of convenience to a cornerstone of communication. People in business, operations, and technical roles became adept at stitching together disparate solutions to meet changing needs.
But constant connectivity brings evolving, inherent risks. Over the past two years, organizations have seen a massive increase in their digital footprint, leading to data fragmentation and growth across a multitude of applications, devices, and locations. The Great Reshuffle left blind spots within ever-enlarging data estates.1 Dark data, which organizations pay to store, but goes underutilized in decision making, is now growing at a rate of 62 percent per year.2 Even the virtual office has created the risk of new collaboration mediums opening doors to harassment, sensitive data leaks, and other workplace policy infractions. It’s a big digital world for any organization to try to manage.
The lines between risk roles are blurring
Just as today’s big-data, multiplatform, hyper-connected workplace brings new vulnerabilities, the responsibility for protecting it is also in flux. For example, an organization with a Chief Data Officer (CDO), Chief Risk Officer (CRO)/Chief Compliance Officer (CCO), Chief Information Security Officer (CISO), and Chief Information Officer (CIO) has to choose whether they will duplicate, compete, or collaborate. Conditions that are driving the need for integrated risk management include:
- The pandemic: Ongoing decentralized work has reinforced the need for strategic, operational, and business continuity management. All of this requires cross-functional data sharing and coordination.
- Nation-state attacks: Increasing sophistication and frequency of nation-state attacks is driving collaboration between compliance, data, and security functions.
- Remote work: Virtual communication spaces require coordination between compliance, IT, and HR.
- Evolving regulations: New requirements, like those from the Office of Foreign Assets Control (OFAC), Department of Justice (DOJ), and the European Union Whistleblower Directive require collaboration among all risk-management leaders.
- Data sharing: Requirements for continuous access to operational data across functions (read the DOJ’s requirements for compliance programs).
- Growing CDO responsibilities: The CDO’s role may go beyond data management and protection to include business intelligence, AI, and machine learning. Because this role can overlap with a Chief Analytics Officer (CAO) and CISO, a unified solution for risk management is vital to eliminating redundancies.
- Governance and compliance: Overlap between information governance, records management, and data collection is driving the need for a comprehensive solution for managing data risk.
The market has responded with dozens of products that force security, data governance, compliance, and legal teams to stitch together a patchwork of solutions. This approach not only strains resources, but it’s also ineffective. Security outcomes are worse—audits are failed and brand reputations are damaged.
Introducing Microsoft Purview
To meet the challenges of today’s decentralized, data-rich workplace, we’re introducing Microsoft Purview—a comprehensive set of solutions that help you govern, protect, and manage your entire data estate. This new brand family combines the capabilities of the former Azure Purview and the Microsoft 365 Compliance portfolio that customers already rely on, providing unified data governance and risk management for your organization.
The new Microsoft Purview:
- Helps you gain visibility into assets across your entire data estate.
- Enables easy access to all your data, security, and risk solutions.
- Helps safeguard and manage sensitive data across clouds, apps, and endpoints.
- Manages end-to-end data risks and regulatory compliance.
- Empowers your organization to govern, protect, and manage data in new, comprehensive ways.
Microsoft Purview brings together data governance from Microsoft Data and AI, along with compliance and risk management from Microsoft Security. Microsoft Purview is also complemented by identity and access management, threat protection, cloud security, endpoint management, and privacy management capabilities—creating a truly comprehensive approach to security.
Microsoft Purview at a glance
Securing multicloud and multiplatform environments
Because organizations now operate across multiple clouds and on-premises platforms, we’ve expanded Microsoft Purview’s capabilities to include data protection for macOS users, as well as offering new data classifiers, protection for mobile devices, and data lifecycle management.
- To extend Microsoft Purview’s capabilities for macOS users, we’re excited to announce the general availability (GA) of Microsoft Purview Data Loss Prevention (DLP) for macOS endpoints. Now organizations can extend their endpoint DLP insights and controls to devices running macOS (Catalina or higher). In addition, the preview of restricted app groups for Windows endpoints allows organizations to scope different access restrictions to sensitive files between a set of sanctioned or unsanctioned applications. Learn about Microsoft Purview DLP for macOS endpoint.
- Before sensitive data can be safely shared, it first needs to be identified. To that end, we’re extending our sensitive information type catalog with more than 50 new classifiers. The new classifiers are available for DLP, Information Protection (auto-labeling), Data Lifecycle Management, Insider Risk Management, Records Management, eDiscovery, and Microsoft Priva. Explore the new data classifiers in Microsoft Purview.
- With remote users now regularly accessing files from multiple locations, devices, and apps, organizations shouldn’t have to compromise on security for productivity. To help address this, the preview of co-authoring of encrypted documents for mobile devices (iOS and Android) enables multiple users to work simultaneously on Microsoft 365 apps and documents with autosave, allowing for enhanced real-time collaboration and productivity. Learn about co-authoring of encrypted documents.
- Within any document file’s lifecycle, organizations need to be able to configure retention and deletion settings. To help simplify that process, we’re announcing the preview of multi-stage retention in Microsoft Purview Data Lifecycle Management (formerly Microsoft Information Governance), which automatically applies a new label when an item reaches the end of its retention period. Learn more about multi-stage retention from Microsoft Purview Data Lifecycle Management.
Protecting your business and employees in a hybrid work environment
Employees don’t gather around the water cooler anymore. They’re communicating across digital channels and personal and corporate devices. Microsoft Purview helps protect your organization’s data with Insider Risk Management, eDiscovery, Communication Compliance, and more.
- Many organizations have had to adapt to a changing workforce during the Great Reshuffle. Recent enhancements to the detection and investigation capabilities of Microsoft Purview Insider Risk Management help provide security teams with additional context and actionable insights to keep data secure, including expanded coverage with Microsoft Defender for Cloud Apps. Learn about Microsoft Purview Insider Risk Management.
- Sensitive data isn’t confined to business transactions. According to the 2022 Work Trend Index annual report from Microsoft, employees are communicating over a greater variety of digital channels. With so much internal chatter, robust data and document discovery are essential for organizations responding to both internal investigations and external inquiries. To help meet that need, we’re excited to announce additional capabilities for Microsoft Purview eDiscovery (Premium), which improve the identification of relevant data in Microsoft Teams and help manage legal holds with new reporting functionality. Learn about Microsoft Purview eDiscovery.
- To help organizations maintain a positive work culture and a strong commitment to user privacy, Microsoft Purview Communication Compliance helps detect code of conduct violations (including harassing or threatening language, adult content, and sharing sensitive information). We’re excited to announce new features, including expanded optical character recognition, machine learning model highlighting, reduced detection-to-investigation time, and step-by-step onboarding guidance. Protect your employees and business with Microsoft Purview Communications Compliance.
- To help organizations save time and manual efforts, we’re excited to announce the general availability of continuous compliance assessments in Microsoft Purview Compliance Manager. This feature allows customers to understand and act on over 150 recommendations across our suite of solutions—increasing customers’ ability to measure and manage their data handling from a single location. Learn more about continuous assessments in Microsoft Purview Compliance Manager.
Enhancing data governance across compliance and privacy imperatives
Microsoft Priva complements Microsoft Purview’s data governance and compliance portfolio. Acting as a separately available privacy management solution that proactively identifies and helps protect against privacy risks, Priva provides visibility into organizations’ privacy postures. This includes associated privacy risks arising from personal data transfers, overexposure, and hoarding. Priva’s policy-driven templates also help customers adhere to common privacy regulations and requirements.
At the same time, Priva provides the flexibility to customize policies for user groups, data locations, conditions, and notifications. As the foundation of enterprise privacy management, Priva automatically recommends risk-remediation actions and subject rights requests at scale—offering built-in review and redact capabilities and integration with business processes and APIs.
We protect data to protect people
Regulations regarding data governance don’t exist in a vacuum. Their purpose is to help create a more ethical digital world. A strong solution is built around strong principles. It’s designed to protect customers’ data, keep employees’ workplaces safe, and protect the business. At Microsoft, we don’t do these things just because they’re required, we do them because they’re right.
There’s no going back to the days of perimeter-based security. Enabling an effective Zero Trust approach requires the ability to govern, protect, and understand data coming from an ever-widening array of endpoints. Similarly, the number of tools we use for work will also grow. And with it, the challenge of having to protect data and manage risk across a multicloud and multiplatform environment.
The unification of Microsoft’s data governance and compliance capabilities to Microsoft Purview reflects our belief that the world needs a simpler and more unified approach to data. We want to help you get the most out of your data while simultaneously managing risk and compliance. If you’re already a Microsoft 365 E5 or Microsoft 365 E5 Compliance customer, head over to the revamped Microsoft Purview compliance portal to check out some of these changes. If you’re an existing Azure Purview customer, visit the new Microsoft Purview governance portal. To learn more and get started, visit the Microsoft Purview website or start a free trial today.
Join other cybersecurity professionals at the Microsoft Security Summit digital event on May 12, 2022. Hear exciting product announcements and discover solutions you can use to lay the foundation for a safer and more innovative future. Register now.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1How Microsoft can help reduce insider risk during the Great Reshuffle, Alym Rayani, Microsoft Security. February 28, 2022.
2Shed light on your dark data before GDPR comes into force, CIO, April 2018.
3September 2021 survey of 512 US compliance decision-makers commissioned by Microsoft from Vital Findings.
4February 2022 survey of 200 US compliance decision-makers (n=100 599-999 employees, n=100 1000+ employees) commissioned by Microsoft with MDC Research.