← daniellepel.com
Capability Profile
Capability Profile
Microsoft Purview Data Governance
Classification, compliance, and data protection at scale
Microsoft Purview is Microsoft's unified data governance and compliance platform, covering data classification, sensitivity labeling, retention policies, eDiscovery, audit logging, insider risk management, and communication compliance across M365 and Azure.
Overview
My Experience
Key Work
Related
What It Is
Microsoft Purview consolidates the former Microsoft 365 Compliance Center capabilities into a unified platform. It covers the full data governance lifecycle: knowing where sensitive data lives, classifying and labeling it, applying retention and protection policies, monitoring for policy violations, and producing the audit record that demonstrates compliance. For organizations subject to regulatory requirements such as HIPAA, FINRA, CMMC, and state privacy laws, Purview is how those requirements are implemented technically on the Microsoft platform.
Why It Matters
Data classification and compliance is an area where the gap between what organizations have and what they are using is consistently large. E5 licensing includes the full Purview suite: trainable classifiers, eDiscovery Premium, Insider Risk Management, and Communication Compliance. Most organizations have activated almost none of it. The result is that compliance work is done manually, legal holds are managed through email threads, and sensitive data travels without labels through systems that could enforce protection policies if the data were classified. Purview is not a new capability that needs to be licensed; it is a capability that needs to be turned on and configured.
Core Capabilities
  • Data classification - Sensitive information types, trainable classifiers, exact data match for structured data
  • Sensitivity labels - Classification and protection policies that travel with the content
  • Retention policies - Automated retention and deletion across M365 workloads
  • eDiscovery Premium - Legal hold management, content search, review set creation, export workflows
  • Insider Risk Management - Behavioral signal detection for data exfiltration and policy violations
  • Audit - Unified audit log covering user and admin activity across M365 and Azure
In Practice

The most concrete work is the eDiscovery and legal hold implementation at Latham Pool Products, done directly with their Legal Department. Active legal requirements, not a test environment. We built custodian management workflows, hold policies, content search scoping, and export procedures that produced a defensible, auditable result the Legal team could operate themselves.

The most concrete Purview experience I have is the eDiscovery and legal hold work at Latham Pool Products, which I did working directly with their Legal Department. That engagement was not theoretical. The Legal team had active requirements for legal hold procedures and needed a technical implementation that they could operate themselves and that would produce a defensible, auditable result. We built custodian management workflows, hold policies, content search scoping, and export procedures through Purview eDiscovery Premium. The outcome was a process the Legal team owned rather than one that required an IT ticket every time a matter needed attention.
Sensitivity labeling and information protection were part of the E5 capability activation work at Latham Pool Products and across the NBT client portfolio. The Mimecast replacement in particular required configuring Purview information protection capabilities to replace third-party email security functions, ensuring that the protection labels and policies provided equivalent or better coverage for sensitive data in email than what the third-party tool had been doing.
Retention policy design is a standard component of the M365 architecture work I do. Getting retention right, making sure records are kept for the required period, that transitory content is not retained indefinitely, and that legal holds override retention deletion correctly. That is the kind of foundational governance work that prevents expensive problems later when an organization receives a litigation hold notice or faces a regulatory audit.
  • eDiscovery and legal hold workflows with Legal Department - Designed and implemented Purview eDiscovery Premium workflows at Latham Pool Products working directly with the Legal team. Built custodian management, hold policies, content search scoping, and export procedures that the Legal team could operate independently. Produced a defensible, auditable process without reliance on third-party eDiscovery tools.
  • Sensitivity labeling and information protection - Designed sensitivity label taxonomies and information protection policies across M365 environments, including label inheritance, encryption policies, and cross-service label consistency between Exchange, SharePoint, Teams, and OneDrive.
  • Retention policy architecture - Built retention policy frameworks covering M365 workloads - Exchange, SharePoint, OneDrive, Teams - with appropriate retention periods, deletion behaviors, and legal hold override configurations aligned to organizational record-keeping requirements.
  • Purview deployment as part of E5 activation - Included Purview capability activation as a component of E5 enablement work across NBT client engagements, identifying the specific Purview capabilities each organization had available in their licensing and prioritizing activation by compliance risk and operational value.
  • Audit log configuration and review - Configured Purview unified audit log retention, search procedures, and alert policies across client environments - establishing the operational baseline for compliance monitoring and incident investigation.
← Migration Strategy E5 Capability Enablement →