9.3 Microsoft Purview Portal

What the Microsoft Purview Portal Unifies

The Microsoft Purview portal (purview.microsoft.com) is the single, streamlined console where administrators discover and operate Microsoft's data security, data governance, and risk & compliance solutions across on-premises, multicloud, SaaS, and AI data estates. SC-900 tests Purview as the compliance and data-governance family — the counterpart to Microsoft Entra (identity & access), Microsoft Defender (threat protection & posture), and Microsoft Sentinel (SIEM/SOAR).

The name matters because Microsoft rebrands are heavily tested. "Microsoft Purview" is the current name that merged two older lineages:

If an exam item still says "Microsoft 365 compliance center" or "Microsoft Information Protection," recognize that the modern answer is Microsoft Purview.

The solutions surfaced in the portal

The portal is not one feature — it is the home for many. For SC-900, associate Purview with this solution set:

• Compliance Manager — assessments, improvement actions, and the compliance score.
• Data classification — trainable classifiers, sensitive information types, Content explorer, Activity explorer.
• Sensitivity labels and label policies — protect/govern documents and emails.
• Data loss prevention (DLP) — stop sensitive data from leaving inappropriately.
• Retention policies/labels and records management — keep or delete content for the right duration.
• eDiscovery and Audit — find and preserve content; search activity logs for investigations.
• Insider risk management — detect risky internal activity.
• Unified Catalog / Data Map — govern and map data assets at scale.

Many of these are taught in detail in the next chapter; here the goal is recognizing that they all live under the Purview umbrella.

Three pillars of the portal

Microsoft groups the Purview portal's solutions into three high-level pillars. Knowing the grouping helps you place any unfamiliar solution:

The portal also spans beyond Microsoft 365: it governs data across multicloud (Azure, AWS, GCP), SaaS apps, on-premises stores, and AI workloads, which is why Purview is described as a unified platform rather than a single-product compliance center. For SC-900 you don't need deep multicloud detail — just recognize that Purview is broad and data-centric, not identity- or threat-centric.

Portal Versus a Named Solution

A recurring SC-900 pattern offers both "Microsoft Purview portal" and a specific Purview solution in the same answer set. The rule: the most specific correct answer wins. The portal is the workspace; the solution does the job.

Read the noun and the verb

Many products touch "data," so the noun alone is not enough. The verb reveals the solution:

Worked selection scenarios

1. "The compliance team needs a single place to access data security, governance, and compliance solutions." → Microsoft Purview portal (the question is about the workspace family).
2. "Block credit-card numbers from being emailed externally." → DLP, not the generic portal — the verb is prevent sharing.
3. "Search who accessed a mailbox last week." → Audit, not the portal.

Common trap 1 — wrong family. Distractors pull from other families: Entra admin center (identity), a Sentinel workspace (SIEM/SOAR), or Defender for Cloud (security posture). If the scenario is about governing or complying with data and obligations, stay in Purview.

Common trap 2 — portal over-selection. When a precise solution matches the stated job, do not default to "Microsoft Purview portal" just because it sounds comprehensive. The portal is the correct answer only when the question is genuinely about the unified workspace, not a specific task.

Keeping the four families straight

The deepest source of confusion on SC-900 is mixing the four Microsoft solution families. A one-line mental map prevents most mistakes:

• Microsoft Entra → who you are and what you can access (identity, authentication, Conditional Access, roles, governance).
• Microsoft Defender → protect and detect threats (endpoints, email/Office, cloud apps, identity threats, cloud posture, vulnerability management).
• Microsoft Sentinel → collect, correlate, and respond at scale (SIEM analytics, incidents, hunting, SOAR playbooks).
• Microsoft Purview → govern, protect, and comply with your data and obligations (classification, labels, DLP, retention, eDiscovery, audit, Compliance Manager, insider risk).

When a question's answer set draws one option from each family, the family that matches the noun + verb wins. "Label and protect a contract" is Purview; "block a risky sign-in" is Entra; "quarantine a malicious attachment" is Defender; "automate an incident response across tools" is Sentinel. Purview's signature is always a data-governance or compliance verb acting on content or obligations, which is exactly why the Purview portal anchors this entire compliance domain.