You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: concepts/security-datasecurityandgovernance-overview.md
+8-6Lines changed: 8 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -15,11 +15,13 @@ Data security and compliance administrators use Microsoft Purview to manage, pro
15
15
16
16
## Key policies in Microsoft Purview
17
17
18
-
### Data discovery policy
18
+
### Collection policy
19
19
20
-
The data discovery policy in Microsoft Purview plays a critical role in defining and managing the types of sensitive data that require protection within an organization. This policy determines whether user data should be collected and made visible within Microsoft Purview, and it establishes the types of data activities that are permissible at both the user and tenant levels.
20
+
Collection policies are an event collection and filtering tool in Microsoft Purview that enables monitoring and classifying events from apps and locations that lie inside and beyond your organization's trust boundaries. They let you filter which events from both untrusted and trusted sources are ingested into Purview. Once ingested, that data can be classified and used by various Microsoft Purview signal-consuming solutions, such as Microsoft Purview activity explorer, Microsoft Purview Insider Risk Management, Microsoft Purview eDiscovery, and Microsoft Purview Data Lifecycle Management.
21
21
22
-
The **Data Discovery** policy is crucial for organizations, particularly those using custom-built **line-of-business (LOB)** applications or third-party vendor applications. These environments can introduce risks where data may not align with organizational standards or could unintentionally breach data boundaries. The **Data Discovery** policy helps mitigate these risks by ensuring sensitive data is properly identified, protected, and governed, making it a key component in maintaining compliance with data security and governance requirements.
22
+
The **Collection** policy is crucial for organizations, particularly those using custom-built **line-of-business (LOB)** applications or third-party vendor applications. These environments can introduce risks where data may not align with organizational standards or could unintentionally breach data boundaries. A Collection policy helps mitigate these risks by ensuring sensitive activities are properly detected and governed, making it a key component in maintaining compliance with data security and governance requirements.
23
+
24
+
[Learn more about collection policies](https://learn.microsoft.com/en-us/purview/collection-policies-solution-overview)
23
25
24
26
### Data Loss Prevention (DLP) Policy
25
27
@@ -41,7 +43,7 @@ The Microsoft Purview APIs help applications manage data protection and complian
41
43
42
44
Microsoft Purview provides policy enforcement capabilities that enable administrators to control data protection across their organization. The following are the key policy requirements that must be configured:
43
45
44
-
**Data Discovery Policies** – Administrators can configure discovery policies that apply to all or selected users within the tenant. If a data collection policy is not set for a user or tenant, the [Compute protection scopes](/graph/api/userprotectionscopecontainer-compute) API returns an empty scope response.
46
+
**Collection Policies** – Administrators can configure collection policies that apply to all or selected users within the tenant. If a collection policy is not set for a user or tenant, the [Compute protection scopes](/graph/api/userprotectionscopecontainer-compute) API can return an empty scope response.
45
47
46
48
**Data Loss Prevention (DLP) Policies** – Administrators can configure DLP policies that apply to all or selected users within the tenant. If a Data Loss Prevention policy is not set up for a user or tenant, the [Compute protection scopes](/graph/api/userprotectionscopecontainer-compute) API allows the application to process content offline, with no DLP actions returned through the process content API.
47
49
@@ -62,7 +64,7 @@ Applications must adhere to the data protection and governance policies establis
62
64
63
65
Key aspects of protection scopes include:
64
66
65
-
-**Discovery policies** – Administrators configure discovery policies that apply to all tenants or specific users. These policies determine the classification of data and monitor user activities, such as file uploads or downloads. Administrators must define and manage data governance policies to ensure sensitive data is classified and protected appropriately within the organization.
67
+
-**Collection policies** – Administrators configure collection policies that apply to all tenants or specific users. These policies determine the classification of data and monitor user activities, such as text/file uploads or downloads. Administrators must define and manage these policies to ensure sensitive data is classified and protected appropriately within the organization.
66
68
67
69
-**Data Loss Prevention (DLP) Policies** – Administrators configure DLP policies to govern how sensitive data is handled within the organization. These policies ensure that sensitive data is protected during various activities and interactions.
68
70
@@ -72,7 +74,7 @@ Key aspects of protection scopes include:
72
74
73
75
### Identifying protection scopes for a user
74
76
75
-
The [Compute protection scopes](/graph/api/userprotectionscopecontainer-compute) API allows applications to determine the protection scopes for users, ensuring that appropriate data governance and security policies are applied. Specifying activity types and location types in the request allows applications to limit the response to only include relevant protection scopes.
77
+
The [Compute protection scopes](/graph/api/userprotectionscopecontainer-compute) API allows applications to determine the protection scopes for users, ensuring that appropriate Microsoft Purview policies are applied. Specifying activity types and location types in the request allows applications to limit the response to only include relevant protection scopes.
76
78
77
79
When users log into an application, the API retrieves the protection scopes specific to each user. To accurately determine these scopes, applications must provide device and application metadata. This information plays a crucial role in making the correct policy decisions based on the application's context, ensuring compliance with organizational security and governance requirements.
0 commit comments