11.5 Purview Playbook for Compliance, Data, and Risk
Key Takeaways
- Microsoft Purview is the main product family for SC-900 compliance and data governance scenarios.
- Compliance Manager and compliance score are for assessment and improvement actions, not threat hunting.
- Sensitivity labels, DLP, retention, eDiscovery, audit, insider risk, and records management are Purview-style clues.
- Microsoft Service Trust Portal and Microsoft Priva are part of the compliance solution boundary in the SC-900 brief.
Choose Purview When the Asset Is Data or Compliance Evidence
Microsoft Purview is the SC-900 product family for compliance and data governance. If a scenario mentions data classification, sensitivity labels, data loss prevention, retention policies, retention labels, records management, eDiscovery, audit, insider risk management, content explorer, activity explorer, or Compliance Manager, start with Purview. The security word in a scenario does not always mean Defender; protecting sensitive information and proving compliance are Purview responsibilities.
The compliance domain also includes Microsoft Service Trust Portal and Microsoft Priva. Service Trust Portal is associated with Microsoft compliance resources and privacy principles. Microsoft Priva is associated with privacy capabilities. Those items are not interchangeable with Sentinel or Entra. They sit in the compliance and privacy lane.
| Requirement | Product or capability to recognize | Why it fits |
|---|---|---|
| Assess compliance posture and improvement actions | Compliance Manager and compliance score | The task is compliance assessment. |
| Identify and classify sensitive information | Data classification, content explorer, activity explorer | The task is understanding data. |
| Mark content as confidential | Sensitivity labels and label policies | The task is information protection. |
| Prevent sensitive data from leaving approved channels | Data loss prevention | The task is data protection policy. |
| Keep or delete content according to rules | Retention policies, retention labels, records management | The task is lifecycle management. |
| Find information for legal or investigation needs | eDiscovery and audit | The task is compliance investigation. |
| Identify risky insider activity | Insider risk management | The task is organizational risk review. |
Purview Elimination Rules
- If the scenario says classify, label, retain, discover, audit, or manage records, think Purview.
- If the scenario says sign in, access, role, or governance of identities, think Entra.
- If the scenario says incident, hunting, workbook, connector, or playbook, think Sentinel.
- If the scenario says endpoint, email, cloud app, cloud workload, vulnerability, or threat intelligence, think Defender.
Compliance Manager is a common distractor because the phrase compliance score can sound like a security score. For SC-900, compliance score is tied to Compliance Manager and improvement actions. Secure score and cloud posture recommendations are associated with Defender for Cloud. Do not swap them. One is about compliance assessment; the other is about cloud security posture.
Data loss prevention and sensitivity labels often appear together but are not the same concept. Labels identify or classify content and can drive protection behavior. Data loss prevention policies help prevent sensitive data from being shared or transmitted in ways that violate policy. Retention controls answer a different lifecycle question: how long content should be kept or when it can be deleted.
A strong final review habit is to translate every compliance prompt into a verb. Classify maps to data classification. Label maps to sensitivity labels. Prevent leakage maps to DLP. Keep records maps to retention or records management. Search for legal evidence maps to eDiscovery. Review activity maps to audit. Assess posture maps to Compliance Manager. Once the verb is clear, product selection is usually obvious.
A company wants to measure compliance posture and track recommended improvement actions. Which capability should you choose?
A policy must help prevent sensitive information from being shared outside approved channels. Which Microsoft Purview capability is the best match?
A legal team needs to find and review information for an investigation. Which answer best fits the SC-900 compliance domain?