10.2 Content Explorer and Activity Explorer
Key Takeaways
- Content explorer and Activity explorer are Microsoft Purview visibility topics in the SC-900 outline.
- Content explorer aligns to questions about viewing classified or sensitive content.
- Activity explorer aligns to questions about viewing activities related to data and labels.
- Explorer tools provide visibility; they are not the same as DLP enforcement, retention, or eDiscovery.
Visibility Before Enforcement
The SC-900 skills boundary lists Content explorer and Activity explorer under Microsoft compliance solutions. Both names are useful because they tell you what the tool is meant to show. Content explorer points to visibility into content. Activity explorer points to visibility into activity. In exam scenarios, explorer wording usually means the organization wants to inspect or understand what is happening, not directly enforce a blocking policy.
Think of these explorer tools as part of the visibility layer in Microsoft Purview. Visibility helps teams decide whether the right labels, DLP policies, retention controls, or investigation workflows are in place. It does not automatically mean the organization is applying a label or preventing a transfer. The exam often rewards this distinction.
| Tool name | What the name suggests | Not the same as |
|---|---|---|
| Content explorer | View or inspect classified content | Blocking data movement |
| Activity explorer | View or inspect data-related activity | Creating identity roles |
| Data loss prevention | Help prevent sensitive data exposure | Merely viewing content |
| Audit | Search activity records for investigation | Applying labels to content |
A scenario might say a compliance analyst wants to understand where certain classified content appears. That points toward Content explorer or data classification visibility. Another scenario might ask about activities involving sensitive data or labels. That points toward Activity explorer. If the scenario says the organization must prevent the data from leaving approved locations, the answer should shift to data loss prevention.
Do not confuse Activity explorer with Microsoft Sentinel. Sentinel is the SIEM and SOAR service in the security operations chapter. Activity explorer is part of the Purview compliance and data governance set. The wording matters: if the prompt talks about data governance activity, labels, or sensitive information handling, stay with Purview. If it talks about incidents, analytics rules, hunting, workbooks, or playbooks, move to Sentinel.
Use this quick decision guide:
- Need to inspect content: Content explorer.
- Need to inspect activity related to data governance: Activity explorer.
- Need to block risky sharing: data loss prevention.
- Need to keep or manage information over time: retention or records management.
- Need to search evidence for a legal or investigation workflow: eDiscovery or audit.
Explorer questions are usually about awareness. A team cannot govern what it cannot see, but seeing something is not the same as controlling it. That is why Purview has multiple related capabilities. Classification and explorer views can reveal what exists and what is happening. Labels, DLP, retention, eDiscovery, and audit each address a different next step.
For exam review, explorer names are intentionally descriptive. Content explorer is the content view clue, and Activity explorer is the activity view clue. When the prompt moves from viewing to enforcing, choose a different Purview control.
A compliance analyst wants to view classified content. Which Microsoft Purview capability name is the best clue?
A question asks about viewing activities related to sensitive data handling. Which answer best fits?
Which statement correctly separates explorer tools from DLP?