Microsoft Purview and Modern Work (Part 1) - Overview - Microsoft Support & Discussions

Posted December 8, 20222 yr

Before we start, please note that if you want to see a table of contents for all the sections of this blog, you can locate them at the following URL:

Microsoft Purview and Modern Work (Part 1) - Overview

Disclaimer

This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.

All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.

Thanks

Before we start, I wish to thank Tavis Hudson and Derek Peters for their recommendations, input, direction, and editing of this blog series. This blog would not be possible in this, or any form, without their assistance.

Target Audience

The Information Life Cycle Management section of this blog series is aimed at Security and Compliance and Modern Work officers who need to properly label data, encrypt it where needed.

Things to Consider (as relates to your role and/or organization)

Here are a few questions for you to consider before you read this blog series. If these questions or questions like them do not relate to your role or organization, then this blog series might not be meant for you.

What are your data security goals?
What are your Data Retention needs, either as an organization or withing your industry?
Do you have Data Leakage (accidental removal of data) concerns?
Do you have Data Theft (removal of data on purpose) concerns?
What are your organization’s data security policies?
What are your industry’s data security policies?

Document Scope

This blog article is meant to help an IT administrator who is looking to secure their data throughout the lifecycle of the data.

It is presumed that you already have a basic understanding of the Purview tools and the Modern Work tools (including Exchange, Teams, SharePoint and OneDrive).

Out-of-Scope

This document does not cover configuring any of the below, ie. Holding your hand through the process of configuration”, as that is covered via other blogs, official Microsoft documents, or through the aid of Microsoft implementation teams or Microsoft partners:

Audit
Communications Compliance
Compliance Manager
Data Classification (Sensitive Information Types)
Data Classification (Exact Data Matching)
Data Classification (Trainable Classifiers)
Data Lifecycle Management (retention and disposal)
Data Protection Loss (DLP) for Exchange, OneDrive, Devices, etc
Information Barriers
Information Protection (labeling, encrypting, watermarking, etc of files)
Insider Risk Management
Microsoft Defender for Cloud Apps (MDCA)
Privacy Management (Priva)
Records Management (retention and disposal)
Standard or Premium eDiscovery

Parts of this Blog series

Here are the parts of the blog series:

Part 1 – Overview of the blog series

Part 2 – Collaboration Overview

Part 2a – SharePoint Sites and Files

Part 2b – OneDrive Files

Part 2c – Teams Sites and Files

Part 3 – Communication Overview

Part 3a – Exchange Email Messaging

Part 3b – Teams Chats and Streams

Mapping Purview tools to the CIA triad

If we want to measure have a tool to help quantify the security of our data, the CIA triad (Confidentiality, Integrity, Availability) is a good place to start. Our goal as an organization should be to get our data within the center of the triad.

Let us take the CIA triad and map it to the various components of Microsoft Purview to the CIA triad. Here are two different “mappings” to try and help you visualize how the current Purview tools map to the CIA triad

Mapping Visualization #1

Mapping Visualization #2

Note – when it comes to Availability, backup tools should always be considered. However, Microsoft does protect the data inside of your tenant. Here are 2 links on this topic. There are more in the Appendix and Links section below.

Microsoft 365 data locations - Microsoft 365 Enterprise | Microsoft Learn

Data Resiliency in Microsoft 365 - Microsoft Service Assurance | Microsoft Learn

Mapping Purview tools to Information Lifecycle Management (ILM)

Information Lifecycle Management (ILM) is standard way of looking at data within an organization. The process as diagramed below, 1) starts with the creation of data, 2) use of data, 3) retention of data and 4) deletion of data. There are many government regulations (ex. HIPAA, SOX, GDPR, etc) that dictate how data is protected, retained, and disposed of. There are also internal, organizational regulations driven by HR and Legal teams that dictate how data is protected, retained, and disposed of.

Create – this is the creation of the file, site, chat, email, or folder.
Use – this is the modification or sharing of the data.
Retain – this is when the data has gone static/passive and is no longer being modified or shared by the end users.
Destroy – this is the elimination of the data from the organization to meet organization or government regulations/requirements.

Now let us map the Information Lifecycle to the components of Microsoft Purview (as noted above, this will not be an exhaustive list of components at this point in the blog).

Modern Work and Purview workloads

These are the Modern Work workloads we will cover in this blog series

Collaboration
Communications

Inside of these 2 workloads are technology-based applications.

Collaboration

–this involves data sharing (ie. Files, folders, SharePoint sites, OneDrive data, Teams sites, etc). For this blog, I will focus on the following 3 items:

a. SharePoint sites and files

b. OneDrive files

c. Teams sites and files

Communications

– This means things such as Teams chats and Exchange email messages. For this blog, I will focus on the following:

a. Exchange Email Messaging

b. Teams Chats and Streams

Mapping Modern Work workloads to ILM

When looking at the lifecycle of data (Create – Use – Retain – Destroy) we need to map it, at least at a high level, to the Microsoft Collaboration and Communication tools and the data they generate.

Here is a visual map to get you thinking about this.

Next Steps

Now that we have mapped Lifecycle Management to the Microsoft Collaboration and Communications, we can map Purview tools and workloads to specific Modern Work data flows. We cover these in more depth Parts 2 and 3 of this blog series.

Appendix and Links