Microsoft Purview

Microsoft Purview: governance, security, and compliance

Microsoft Purview is no longer just a data catalog, it is Microsoft’s unified platform for data security, governance, and compliance in the era of AI. Veratas delivers end-to-end Purview implementations: unified catalog, DSPM, DLP, Insider Risk, eDiscovery, and AI observability for Copilot and custom AI agents. Our Purview practice integrates tightly with Microsoft Fabric, giving clients governed analytics alongside governed data.

What we deliver

Microsoft Purview services

Data catalog, DSPM, DLP, Insider Risk, eDiscovery, and Fabric governance, including AI observability for organisations deploying Copilot and Azure OpenAI at enterprise scale.

01.

Unified Data Catalog & Discovery

Enterprise-wide data asset visibility and governance

  • Automated scanning and registration of data assets across Azure, Fabric, SQL, and on-premises
  • Business glossary design: term hierarchy, data stewards, and data product definitions
  • Data product access workflows replacing manual approval chains across the estate
  • Data quality rules: completeness, consistency, and accuracy monitoring at scale
  • Integration with Fabric OneLake, Databricks Unity Catalog, and Snowflake Polaris
  • Critical Data Column table: self-service reporting on glossary-to-asset associations

02.

Data Security Posture Management (DSPM)

Proactive identification of data security risks

  • Sensitivity label coverage reports across M365, Fabric, and Azure with drill-down filters
  • DLP policy activity dashboards: violation trends by user, location, and policy
  • AI agent observability: inventory Copilot agents and custom models accessing your data
  • Oversharing detection: data accessible beyond intended audiences flagged automatically
  • DSPM AI Observability: risk scoring for generative AI interactions with sensitive data
  • Automated access workflow remediation: data owner policies without infrastructure team

03.

Data Loss Prevention (DLP)

Policy-based data protection across the full Microsoft estate

  • DLP policy design for Exchange, SharePoint, Teams, OneDrive, and all endpoints
  • Sensitive information type configuration: PII, financial, health, and custom classifiers
  • Fabric Warehouse and KQL database DLP policy enforcement
  • Policy simulation and impact assessment before enforcement is activated
  • DLP alert triage workflows and incident response integration
  • Adaptive protection: DLP tightening automatically based on Insider Risk user scores

04.

Insider Risk Management & Communication Compliance

Detecting and managing internal data risk

  • Insider Risk Management policy design: data theft, leakage, and sabotage scenarios
  • Adaptive protection: automatic DLP restriction based on risk score elevation
  • Alert triage workflows, investigation playbooks, and eDiscovery case escalation
  • Communication compliance policies for regulated industries: financial services, healthcare, legal
  • Audit log retention, compliance boundary configuration, and preservation policy design

05.

eDiscovery & Legal Hold

Litigation readiness and compliance evidence collection

  • eDiscovery Premium case management: custodian identification and hold management
  • Legal Hold across Exchange, SharePoint, Teams, and OneDrive
  • Content search and targeted collection for regulatory requests and legal proceedings
  • Review sets and export for legal team processing and privilege review
  • Compliance Manager: GDPR, HIPAA, ISO 27001, and SOC 2 assessment and improvement

06.

Purview & Microsoft Fabric integration

Governance built directly into the Fabric data platform

  • Automatic Lakehouse and Warehouse registration in Purview catalog on creation
  • End-to-end data lineage from ERP source through Fabric pipelines to Power BI reports
  • Data owner access policies: business-level control without infrastructure team involvement
  • AI governance: Purview observability for Copilot agents and custom Azure OpenAI models
  • Sensitivity label inheritance from Purview into Fabric and Power BI automatically
Fixed-fee assessment

Microsoft Purview readiness, from $5,000

A fixed-scope assessment of your data estate and governance, with a prioritised plan to act on.

Fixed fee from $5,000   |   2 to 3 weeks   |   Price shown up front

What $5,000 covers

A clear data governance plan

We map your data estate and hand you a prioritised plan.

  • Data estate discovery scan across Microsoft 365 and Azure
  • Sensitivity and data-classification review
  • Data loss prevention (DLP) gap analysis
  • Compliance and retention posture review
  • Prioritised governance roadmap
  • Findings readout with recommendations

Microsoft Purview licences are billed per user per month through Microsoft CSP. The $5,000 covers the assessment services.

No surprises

What is in the $5,000, and what we quote separately

Anything beyond the assessment is scoped from the roadmap and quoted before you commit.

In your $5,000Beyond the assessment, quoted at a fair rate
Data estate and governance assessmentFull Purview implementation and DLP rollout
Prioritised roadmapSensitivity labels deployed at scale
Findings readoutInsider risk and eDiscovery configuration
RecommendationsOngoing data governance operations

You pay $5,000 for the assessment. The implementation is scoped from the roadmap and quoted transparently, always shown before you decide.

Why Veratas for Purview

What makes our Purview delivery different

Microsoft Purview is the foundation for both compliance and AI readiness. Veratas delivers Purview as a continuous programme covering deployment, policy tuning, AI observability, and DSPM, not a one-off compliance project.

Pre-Copilot data readiness

Most failed Copilot rollouts trace to oversharing, sensitive data accessible to users who shouldn’t see it. Veratas runs Microsoft Purview-based data readiness assessment before Copilot activation, identifying overshared SharePoint sites, unprotected sensitive documents, and DLP policy gaps.

Full Purview suite deployment

Microsoft Purview is now a unified data governance and security platform, Information Protection, DLP, Insider Risk Management, Communication Compliance, eDiscovery, Data Lifecycle Management, Records Management, Data Map, Audit. We deploy the full estate, not just labels and DLP.

DSPM for Microsoft and beyond

Microsoft Purview Data Security Posture Management (DSPM) for Microsoft 365, Azure, and (via Purview Data Map) connected sources including AWS S3, Salesforce, Snowflake, Google Workspace. Unified data security visibility across the modern data estate.

Continuous policy refinement

Purview policies are not ‘set and forget’. We run quarterly Purview Compliance Manager and policy effectiveness reviews, adjusting sensitivity label taxonomy, DLP thresholds, Insider Risk policy templates, and retention policies as your business and regulatory environment evolve.

Purview suite

Microsoft Purview product overview

Microsoft Purview has consolidated under one brand, the suite spans data security, governance, compliance, and AI observability. Most enterprises start with Information Protection + DLP, then expand to Insider Risk, eDiscovery, and the Data Map.

Product
What it does
When to use it
How it's licensed
Information Protection
Sensitivity labels, encryption, content marking, label policies
Pre-Copilot data readiness, document protection across cloud and on-prem
Microsoft 365 E5 Compliance · E5 Information Protection & Governance
Data Loss Prevention (DLP)
Policy-based prevention of sensitive data leakage across M365, endpoint, browser, third-party
Stop credit card numbers, PII, PHI from leaking via email/chat/file share
Microsoft 365 E5 Compliance · standalone DLP Plan 2
Insider Risk Management
Behavioural risk signal analysis, data theft, security violations, leaks
Detect departing-employee data theft, anomalous behaviour
Microsoft 365 E5 Compliance · standalone IRM
Communication Compliance
Detect inappropriate messages, regulatory non-compliance in Teams/Outlook/Viva Engage
Financial services compliance (FINRA, FCA), HR risk detection
Microsoft 365 E5 Compliance · standalone CC
eDiscovery (Premium)
Legal hold, collection, review, export workflow for litigation/investigation
Litigation response, regulatory requests, internal investigations
Microsoft 365 E5 Compliance · standalone Premium eDiscovery
Data Lifecycle Management
Retention policies, label-driven retention, automatic deletion
Records retention compliance, automatic cleanup
Microsoft 365 E5 Compliance · Information Governance plans
Records Management
Formal records declaration, retention schedules, disposition review
Regulatory records compliance (financial, government, healthcare)
Microsoft 365 E5 Compliance · standalone RM
Data Map & Catalog
Multi-cloud data discovery, Azure, AWS, GCP, Salesforce, Snowflake, on-prem
Unified data catalogue, lineage, classification across estate
Pay-as-you-go per scan / per asset
DSPM for AI (Insider Risk + AI Hub)
Visibility into AI usage, Copilot interactions, sensitive data in AI prompts, external LLM access
Pre-Copilot readiness, ongoing AI usage governance
Microsoft 365 E5 Compliance
Purview deployment

Standard Microsoft Purview deployment phases

A standard Purview deployment runs 12-24 weeks depending on scope. We typically deploy in five phases starting with Information Protection foundation, then DLP, then Insider Risk and Communication Compliance, then DSPM and AI Hub.

01

Discovery

Existing data classification audit. Microsoft 365 oversharing baseline. Current compliance manager score. Regulatory requirements review. Existing third-party DLP/CASB inventory. Output: Purview readiness report with gap analysis.

02

Information Protection foundation

Sensitivity label taxonomy design (typically 4-5 labels: Public, General, Internal, Confidential, Highly Confidential). Label policies. Auto-labelling rules. Mandatory labelling. Content marking and protection. Outlook/SharePoint/OneDrive deployment.

03

DLP rollout

DLP policy library deployment, credit cards, PII, PHI, source code, etc. Policy tuning over 4-6 weeks (block vs warn vs audit). Endpoint DLP (Windows/Mac) deployment via Intune. Browser DLP via Microsoft Edge for Business. Third-party app DLP where licensed.

04

Insider Risk & Communication Compliance

Insider Risk policy templates configuration. Departing-employee policy. Data theft policy. HR Connector deployment. Communication Compliance policy templates (regulatory, HR). Automatic case routing to HR/legal/compliance teams.

05

DSPM & AI Hub

Microsoft Purview Data Map deployed for multi-source visibility. AI Hub configuration for Copilot interaction monitoring. DSPM for AI policy tuning. Audit retention policy for AI/Copilot audit records. Output: AI usage observability dashboard.

Industries

Microsoft Purview industry deployments

Each regulated industry has unique Purview deployment patterns. We bring industry-tested taxonomies, DLP policy templates, and retention schedules.

Financial services

Communication Compliance for FINRA/FCA/MAS regulatory monitoring. Records Management for 7-year financial records retention. Microsoft Purview Audit (Premium) for extended audit log retention.

Healthcare

Information Protection labels for PHI. DLP policies for PHI / HIPAA. Records Management for clinical records retention. Insider Risk for departing-employee patient-data risk. BAA-covered engagement.

Legal & professional services

eDiscovery Premium for litigation response. Information Protection for matter-specific confidentiality. Records Management for matter retention schedules. Communication Compliance for ethical-walls enforcement.

Manufacturing

Information Protection labels for IP-sensitive design documents. DLP for trade secrets and CAD files. Insider Risk for departing-employee IP-theft monitoring. Microsoft Purview Data Map for OT/IT data catalogue.

Public sector

Records Management aligned to regulatory retention schedules. eDiscovery for FOIA / regulatory disclosure. Microsoft Purview Audit (Premium) for compliance audit retention. GCC tenant support.

Technology / SaaS

Information Protection for source code and customer data. DLP for code repositories and customer PII. Insider Risk for engineering departure monitoring. DSPM for AI / Copilot governance.

FAQ

Microsoft Purview questions answered

DSPM, Insider Risk, DLP, eDiscovery, and AI observability, the topics enterprises ask about most as they expand from Information Protection.

Microsoft Purview is the consolidated brand for Microsoft's data governance and compliance products, previously sold under Microsoft 365 Compliance, Microsoft Information Protection, and the original Azure Purview (data catalogue). The 'old' Azure Purview (data catalogue) is now Microsoft Purview Data Map / Catalog. All capabilities now live under the unified Purview brand in compliance.microsoft.com and purview.microsoft.com.
Microsoft 365 E5 includes most Purview capabilities (E5 Compliance bundle), but you still need to deploy and configure them. E5 gives the licence; deployment, policy design, taxonomy work, user training, and ongoing tuning are separate. Most enterprises with E5 are using only 10-20% of Purview's licensed capability.
Microsoft Purview DSPM provides visibility into where sensitive data lives, who can access it, and where it flows. For Microsoft sources (M365, Azure), DSPM is mostly automatic. For other sources (Salesforce, Snowflake, AWS, GCP), DSPM extends via Purview Data Map scans. DSPM for AI specifically monitors AI interactions, Copilot prompts, external LLM use, sensitive data in AI flows.
Purview's data discovery scans SharePoint, OneDrive, Teams, and Exchange for content that is broadly shared (e.g. 'Everyone' or 'External') versus content classified as Confidential/Highly Confidential. Combined with Microsoft Copilot Dashboard data, we get a pre-rollout oversharing exposure report, typically the source of Copilot rollout failures.
Microsoft Purview Insider Risk Management uses M365 telemetry (Microsoft Graph signals) to detect risk patterns: departing-employee data exfiltration, anomalous SharePoint/OneDrive access, sensitivity-label violations, unauthorised app installs. Policies are anonymised by default; legal/HR/compliance review flagged cases via the Insider Risk dashboard. Requires E5 Compliance or standalone Insider Risk Management licences.
Microsoft Purview Subject Rights Requests (SRR) provides workflow for handling GDPR Article 15 (access), 16 (rectification), 17 (erasure), 18 (restriction), 20 (portability) requests. Searches all M365 content for the data subject's content, allows review/redaction, produces export packages. Reduces a 30-day DSR fulfilment from manual weeks of work to days.
There is no separate 'Defender DLP'. Microsoft Defender for Cloud Apps does discovery and policy enforcement for SaaS apps (e.g. block sensitive content posted to non-sanctioned SaaS). Purview DLP enforces policies inside Microsoft 365 (email, files, Teams, endpoints, browsers). They complement each other and share policy authoring patterns.
Information Protection + DLP foundation: 8-12 weeks. Add Insider Risk + Communication Compliance: another 4-8 weeks. Add full Records Management + retention compliance: another 4-8 weeks. Add Data Map for multi-source / multi-cloud: another 6-12 weeks. Full deployment typically 24-40 weeks; phased rollout is the norm.
Yes via Microsoft Purview Data Map. Connectors exist for: Azure Storage, Azure SQL, Azure Data Lake, Azure Synapse, AWS S3, Snowflake, Salesforce, Google Workspace, SAP S/4HANA, Hive, Teradata, and on-premises SQL Server, Oracle, Cassandra, MySQL. Pay-per-scan + per-asset pricing for Data Map (separate from M365 Purview which is per-user licensed).
Microsoft Purview eDiscovery supports legal hold, content search, review, redaction, and export for litigation, regulatory inquiry, internal investigation, and FOIA / records requests. eDiscovery (Standard) for basic search and export; eDiscovery (Premium) adds workflow, review sets, predictive coding, and integration with legal review tools (Relativity, Reveal).
A data estate discovery scan across Microsoft 365 and Azure, a sensitivity and classification review, a DLP gap analysis, a compliance and retention review, a prioritised governance roadmap, and a findings readout. Typically 2 to 3 weeks.
The full Purview implementation, sensitivity labels deployed at scale, DLP rollout, insider risk and eDiscovery configuration, and ongoing governance operations are scoped from the roadmap and quoted transparently.
Get started

Ready to govern your Microsoft data estate?

Catalog, DSPM, DLP, Insider Risk, eDiscovery, and Fabric governance, Microsoft Purview from Veratas.