Governance and compliance
📘Microsoft Certified: Azure Fundamentals (AZ-900)
What is Data Governance?
Data governance is the process of:
- Managing data properly
- Protecting sensitive data
- Ensuring data quality
- Knowing where data is stored
- Controlling who can access it
- Meeting legal and regulatory requirements
In an IT environment, organizations store data in:
- Azure Storage accounts
- Azure SQL databases
- Microsoft 365
- On-premises servers
- Third-party cloud platforms
Without proper governance, organizations may:
- Lose track of sensitive information
- Fail audits
- Violate compliance regulations
- Expose confidential data
This is where Microsoft Purview helps.
2. What is Microsoft Purview?
Microsoft Purview is Microsoft’s unified data governance and compliance solution.
It helps organizations:
- Discover data across environments
- Classify and label data
- Protect sensitive data
- Monitor data usage
- Meet regulatory requirements
- Manage data lifecycle
It works across:
- Azure
- Microsoft 365
- On-premises systems
- Multi-cloud environments (like AWS or Google Cloud)
For the AZ-900 exam, you need to understand that:
Microsoft Purview helps organizations govern, protect, and manage their data wherever it exists.
3. Why Microsoft Purview is Important for Governance
In a modern IT environment:
- Data is stored in many places.
- Different teams access the same data.
- Sensitive information (financial, personal, health data) must be protected.
- Organizations must follow compliance laws.
Microsoft Purview helps organizations:
- Know what data they have
- Know where it is stored
- Understand how it is used
- Control access
- Protect sensitive information
4. Key Components of Microsoft Purview (Important for Exam)
Microsoft Purview includes several important capabilities.
For AZ-900, focus on understanding these main areas:
4.1 Data Discovery and Data Catalog
What is Data Discovery?
Data discovery means:
- Automatically scanning data sources
- Finding what data exists
- Identifying sensitive information
Purview can scan:
- Azure SQL Database
- Azure Data Lake
- Azure Storage
- On-premises databases
- Microsoft 365
- Other cloud platforms
What is a Data Catalog?
A Data Catalog is like a searchable inventory of data assets.
It allows organizations to:
- Search for datasets
- Understand what the data contains
- See data classification
- See who owns the data
- Understand data lineage (where data came from)
IT Example:
A data analyst wants customer data. Instead of asking multiple teams, they search in Purview and find:
- Dataset name
- Location (Azure SQL)
- Owner
- Sensitivity classification
- Related data sources
This improves efficiency and governance.
4.2 Data Classification and Sensitivity Labels
What is Data Classification?
Data classification means identifying and categorizing data based on its sensitivity.
Examples of classifications:
- Public
- Internal
- Confidential
- Highly Confidential
Microsoft Purview can automatically detect:
- Credit card numbers
- National ID numbers
- Email addresses
- Financial information
- Health records
Sensitivity Labels
Purview allows organizations to apply sensitivity labels such as:
- Public
- Internal
- Confidential
- Restricted
These labels can:
- Encrypt data
- Restrict access
- Prevent sharing
- Prevent downloading
- Add watermarks
IT Example:
If a document contains salary information:
- It can be automatically labeled “Confidential”
- Access can be limited to HR users only
- External sharing can be blocked
This ensures compliance and security.
4.3 Data Loss Prevention (DLP)
Data Loss Prevention helps prevent sensitive data from being:
- Shared incorrectly
- Sent outside the organization
- Uploaded to unauthorized locations
Purview DLP policies can:
- Detect sensitive data
- Block email sending if it contains sensitive data
- Prevent copying sensitive data to USB
- Stop sharing files externally
IT Example:
If an employee tries to email a file with credit card numbers:
- DLP policy detects it
- Email is blocked or flagged
- Admin is notified
This reduces data breach risks.
4.4 Data Lifecycle Management
Organizations must manage data from creation to deletion.
Microsoft Purview helps with:
- Retention policies
- Data deletion policies
- Records management
Retention Policies
Organizations can define:
- Keep emails for 7 years
- Delete logs after 1 year
- Archive old documents automatically
This helps meet legal requirements.
IT Example:
Financial records must be stored for compliance reasons. Purview ensures:
- Records are not deleted early
- Data is retained for required duration
- Data is deleted automatically after retention period
4.5 Insider Risk Management
Purview helps detect risky behavior inside the organization.
It monitors:
- Unusual data downloads
- Mass copying of sensitive files
- Unauthorized data sharing
This is important for:
- Preventing internal data leaks
- Protecting intellectual property
4.6 eDiscovery (Electronic Discovery)
eDiscovery helps organizations:
- Search for data during legal investigations
- Collect emails and documents
- Preserve evidence
If an organization faces legal investigation, Purview can:
- Search across Microsoft 365
- Identify relevant documents
- Export data for legal review
4.7 Compliance Manager
Compliance Manager helps organizations:
- Track compliance with regulations
- Assess compliance score
- Get improvement recommendations
Examples of regulations:
- GDPR
- ISO 27001
- HIPAA
- SOC
Compliance Manager provides:
- Compliance score
- Recommended actions
- Documentation guidance
For AZ-900, remember:
Compliance Manager helps organizations assess and manage regulatory compliance.
5. How Microsoft Purview Supports Governance
Microsoft Purview supports governance by:
- Providing visibility into data
- Enforcing policies automatically
- Protecting sensitive information
- Supporting audits and legal requirements
- Ensuring regulatory compliance
It integrates with:
- Microsoft Entra ID (identity management)
- Azure RBAC
- Microsoft Defender
- Microsoft 365
6. Microsoft Purview in a Real IT Environment
Here is how it works in an organization:
- IT team connects Purview to Azure Storage and SQL databases.
- Purview scans data automatically.
- Sensitive information is detected and classified.
- Policies are applied (DLP, retention, encryption).
- Users can search data in the data catalog.
- Compliance team monitors compliance score.
- Alerts are generated if sensitive data is misused.
This creates a controlled and secure data environment.
7. Key Benefits of Microsoft Purview
- Centralized data governance
- Unified compliance management
- Automatic data classification
- Reduced risk of data breaches
- Improved audit readiness
- Better visibility of data assets
- Supports hybrid and multi-cloud environments
8. What You Must Remember for AZ-900 Exam
For the exam, focus on understanding:
1. What Microsoft Purview Is
A unified data governance and compliance solution.
2. Core Capabilities
- Data discovery
- Data catalog
- Data classification
- Sensitivity labels
- Data Loss Prevention (DLP)
- Retention policies
- Compliance Manager
- eDiscovery
3. Purpose
- Protect sensitive data
- Meet regulatory requirements
- Monitor data usage
- Prevent data loss
4. Works Across
- Azure
- Microsoft 365
- On-premises
- Multi-cloud
9. Common Exam Question Concepts
You may see questions like:
- Which service helps classify and protect sensitive data? → Microsoft Purview
- Which tool helps track regulatory compliance? → Compliance Manager
- Which feature prevents sharing sensitive information outside the organization? → DLP
- Which service provides a data catalog? → Microsoft Purview
10. Summary
Microsoft Purview is Microsoft’s solution for:
- Data governance
- Data protection
- Compliance management
It helps organizations:
- Discover data
- Classify sensitive information
- Protect data
- Prevent data loss
- Meet legal requirements
- Manage data lifecycle
For AZ-900, you do not need deep technical configuration knowledge.
You only need to understand:
- What it does
- Why it is used
- Its key features
- How it supports governance and compliance
