new intro module

Author: riswinto

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/data-protection-need.md

@@ -2,15 +2,15 @@ Data is one of an organization's most valuable assets, but it's constantly at ri
 
 ## The consequences  of data breaches and insider threats
 
-Cyber threats targeting sensitive data are increasing in scale and sophistication. According to ENISA's 2024 _Threat Landscape_ report, data-related threats have surged, affecting public administration (12%), digital infrastructure (10%), finance (9%), and business services (8%). The report also notes that data compromise incidents rose in 2023-2024, reinforcing the need for strong data protection measures. Organizations that fail to implement security measures risk financial losses, regulatory penalties, and reputational damage. ([ENISA](https://www.enisa.europa.eu/))
+Cyber threats targeting sensitive data are increasing in scale and sophistication. According to ENISA's 2024 _[Threat Landscape](https://www.enisa.europa.eu/sites/default/files/2024-11/ENISA%20Threat%20Landscape%202024_0.pdf?azure-portal=true)_ report, data-related threats have surged, affecting public administration (12%), digital infrastructure (10%), finance (9%), and business services (8%). The report also notes that data compromise incidents rose in 2023-2024, reinforcing the need for strong data protection measures. Organizations that fail to implement security measures risk financial losses, regulatory penalties, and reputational damage.
 
-Cybersecurity and Infrastructure Security Agency's (CISA) _Insider Threats 101_ fact sheet states that the total average cost of an insider risk increased in 2023 to $16.2 million per organization, with an average of 86 days required to identify and contain such threats. These insider incidents can stem from accidental exposure, compromised credentials, or malicious intent, all of which underscore the need for proactive data protection. ([CISA](https://www.cisa.gov/))
+Cybersecurity and Infrastructure Security Agency's (CISA) _[Insider Threats 101](https://www.cisa.gov/sites/default/files/2024-07/insider-threat-101-fact-sheet_07-29-2024_508.pdf?azure-portal=true)_ fact sheet states that the total average cost of an insider risk increased in 2023 to $16.2 million per organization, with an average of 86 days required to identify and contain such threats. These insider incidents can stem from accidental exposure, compromised credentials, or malicious intent, all of which underscore the need for proactive data protection.
 
 Examples of data security risks include:
 
-- **MOVEit Data Breach**: In June 2023, a vulnerability in the MOVEit file transfer software was exploited in a series of cyberattacks. These attacks affected thousands of organizations and nearly 100 million individuals, including major corporations and government agencies. This breach highlighted the risks of unprotected sensitive data. ([Wikipedia](https://en.wikipedia.org/wiki/2023_MOVEit_data_breach))
-- **Social Engineering Attacks**: ENISA's report highlights a sharp rise in Business Email Compromise (BEC), where attackers manipulate employees into disclosing sensitive data. Without proper security controls, unauthorized data exposure can lead to fraud, identity theft, and corporate espionage.
-- **Data Leaks and Misconfigurations**: Unintentional data exposure remains a major issue, as noted in ENISA's findings. Security misconfigurations and lack of visibility over sensitive data can lead to breaches, making it essential to implement policies that restrict unauthorized access.
+- **Data breaches from unauthorized access**: Weak access controls, compromised credentials, and unprotected data storage can result in data breaches. Attackers exploit vulnerabilities to steal sensitive information, leading to financial and reputational damage. Organizations must enforce strong authentication, least privilege access, and data encryption to reduce exposure.
+- **Social engineering attacks**: Cybercriminals use deceptive tactics, such as phishing and Business Email Compromise (BEC), to manipulate employees into revealing sensitive data. These attacks can result in fraud, identity theft, and corporate espionage. Organizations can reduce risk by training employees, using email security controls, and implementing verification processes for sensitive transactions.
+- **Data leaks and misconfigurations**: Unsecured cloud storage, misconfigured access settings, and accidental data sharing can expose sensitive information. Organizations that lack clear data governance, visibility, and access restrictions are at higher risk of unintentional data exposure. Regular security audits and automated access controls help mitigate these risks.
 
 ## Risks organizations face
 

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/introduction.md

@@ -0,0 +1,17 @@
+AI, cloud services, and collaboration platforms have transformed how organizations generate, share, and analyze data. While these technologies drive efficiency and innovation, they also introduce new security challenges. Sensitive information can be exposed through unauthorized access, accidental sharing, or AI-driven tools processing data in unintended ways.
+
+As organizations increase their use of AI-driven tools and cloud-based collaboration, security teams must address new risks, such as unintentional data exposure and policy violations. Without a proactive data security strategy, organizations risk financial losses, compliance violations, and operational disruptions.
+
+Microsoft Purview provides a comprehensive approach to safeguarding data across cloud, endpoint, and AI environments. It enables organizations to classify, label, and protect sensitive information, enforce data loss prevention policies, and detect potential risks before they lead to security incidents.
+
+## Learning objectives
+
+By the end of this module, you'll be able to:
+
+- Describe the challenges of protecting sensitive data in cloud and AI environments.
+- Explain how Microsoft Purview helps classify, label, and secure data.
+- Identify the role of data loss prevention (DLP) in reducing security risks.
+- Understand how Insider Risk Management supports proactive threat detection.
+- Describe security monitoring capabilities that help organizations manage data risks.
+
+This module provides you with the knowledge and tools needed to strengthen data security while enabling safe and efficient collaboration.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/summary.md

@@ -0,0 +1,20 @@
+Protecting sensitive data in modern organizations is more complex than ever. With the rise of cloud services, AI-driven tools, and remote collaboration, security teams must safeguard data against unauthorized access, accidental exposure, and emerging risks. Without a structured approach to data protection, organizations face compliance violations, financial losses, and reputational damage.
+
+This module explored how Microsoft Purview provides a comprehensive approach to data security. It enables organizations to classify, label, and protect data, enforce data loss prevention policies, and detect potential risks before they lead to security incidents.
+
+In this module, you learned to:
+
+- Describe the challenges of protecting sensitive data in cloud and AI environments.
+- Explain how Microsoft Purview helps classify, label, and secure data.
+- Identify the role of data loss prevention (DLP) in reducing security risks.
+- Understand how Insider Risk Management supports proactive threat detection.
+- Describe security monitoring capabilities that help organizations manage data risks.
+
+Without a proactive data security strategy, organizations might struggle to keep pace with evolving threats. Microsoft Purview enables security teams to apply dynamic protections, enforce compliance policies, and detect risks early, ensuring data remains secure while supporting seamless collaboration.
+
+## References
+
+- [Learn about Microsoft Purview](/purview/purview)
+- [Implementing Zero Trust with Microsoft Purview](/zero-trust-microsoft-purview)
+- [Microsoft Purview data security solutions](/purview/purview-security)
+- 

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/understand-classification-protection.md

@@ -17,29 +17,38 @@ These capabilities help organizations secure sensitive data while ensuring users
 
 ### Data classification
 
-Data classification helps organizations identify and categorize sensitive information. By labeling data based on content, context, and usage, organizations can apply security controls more effectively.
+Data classification helps organizations identify and categorize sensitive information, making it easier to apply appropriate security controls. By classifying data based on content, context, and usage, organizations can improve compliance, reduce exposure risks, and enforce protection policies effectively.
 
-Microsoft Purview provides built-in classification capabilities, including sensitive information types and trainable classifiers, to help automate classification across cloud, endpoint, and collaboration environments.
+Microsoft Purview provides built-in classification capabilities that automate the identification of sensitive data across cloud, endpoint, and collaboration environments. These include:
+
+- **Sensitive information types**: Predefined and customizable patterns that detect data such as financial records, personal identifiers, and healthcare information.
+- **Trainable classifiers**: AI-powered classifiers that recognize sensitive content based on real-world examples, improving detection accuracy for unstructured data.
+
+By using these classification tools, organizations can identify and label sensitive data at scale, ensuring that security policies apply consistently across their digital environment.
 
 ### Sensitivity labels
 
-Sensitivity labels define how data should be handled, enforcing policies for encryption, access control, and visual markings. These labels ensure that data remains protected across emails, files, and cloud services, regardless of where it's shared.
+Sensitivity labels classify and protect data by enforcing encryption, access control, and visual markings. Unlike data classification, which identifies sensitive data, sensitivity labels define how data should be handled and secured throughout its lifecycle.
 
 Microsoft Purview Sensitivity Labels allow organizations to:
 
-- Apply **automatic** or **manual** labels based on content and policies.
-- Restrict file sharing and enforce **access controls**.
-- Add **visual markings** such as headers, footers, and watermarks.
+- **Classify and protect data** with persistent labels that travel with content across emails, files, and cloud services.
+- **Apply automatic or manual labels** based on content inspection and policy rules.
+- **Restrict file sharing and enforce access controls** to ensure only authorized users can access or modify data.
+- **Apply encryption** to protect information at rest and in transit.
+- **Add visual markings** such as headers, footers, and watermarks to indicate data sensitivity.
+
+By integrating sensitivity labels with Microsoft Purview’s classification capabilities, organizations can automate data protection, ensuring sensitive content is properly secured, even when shared outside the organization.
 
 ### Encryption
 
 Encryption secures data by converting it into an unreadable format, ensuring that only authorized users can access it. It protects information at rest, in transit, and in use to prevent unauthorized exposure.
 
-Microsoft Purview encryption policies support:
+Microsoft Purview provides encryption capabilities for securing data across applications, files, emails, and on-premises storage:
 
-- **Microsoft 365 apps**, enabling encryption for emails and files..
-- **Automatic encryption** for highly sensitive content.
-- **Microsoft Purview Information Protection scanner** for discovering and classifying sensitive data across on-premises locations.
+- **Sensitivity labels in Microsoft 365 apps**: Encrypt emails and files in Outlook, Word, Excel, and PowerPoint with automatic encryption based on classification and security policies.
+- **Microsoft Purview Information Protection scanner**: Discover, classify, and encrypt sensitive data across on-premises locations.
+- **Microsoft Purview Message Encryption**: Encrypt email communication for secure messaging inside and outside the organization.
 
 ### Data loss prevention (DLP) and retention policies
 

learn-pr/wwl-sci/purview-protect-sensitive-data/knoweldge-check.yml

@@ -0,0 +1,100 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.knowledge-check
+title: Knowledge check
+metadata:
+  title: Knowledge check
+  description: "Knowledge check"
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 5
+quiz:
+  title: "Check your knowledge"
+  questions:
+  - content: "Your organization is expanding its data protection strategy. You need a way to classify and protect sensitive files across Microsoft 365 services. Which feature should you implement?"
+    choices:
+    - content: "Microsoft Purview Sensitivity Labels"
+      isCorrect: true
+      explanation: "Correct: Sensitivity labels help classify and protect data by applying encryption, access restrictions, and content markings."
+    - content: "Microsoft Purview Data Loss Prevention (DLP)"
+      isCorrect: false
+      explanation: "Incorrect: DLP helps prevent unauthorized data sharing but does not classify and label data."
+    - content: "Microsoft Defender for Cloud"
+      isCorrect: false
+      explanation: "Incorrect: Microsoft Defender for Cloud focuses on cloud security posture management, not data classification."
+
+  - content: "Your organization is adopting AI-driven tools to improve efficiency. However, leadership is concerned about the risk of sensitive data being used in AI model training. Which Microsoft Purview feature can help prevent unauthorized data use?"
+    choices:
+    - content: "Data Loss Prevention (DLP) policies"
+      isCorrect: true
+      explanation: "Correct: DLP policies can prevent sensitive data from being shared with unauthorized AI tools."
+    - content: "Insider Risk Management"
+      isCorrect: false
+      explanation: "Incorrect: Insider Risk Management identifies risky user behavior but doesn't directly prevent AI data use."
+    - content: "Microsoft Defender XDR"
+      isCorrect: false
+      explanation: "Incorrect: Microsoft Defender XDR focuses on threat detection rather than data protection for AI models."
+
+  - content: "Your company is expanding remote work options, and employees are accessing sensitive files from unmanaged devices. Which approach aligns with Zero Trust principles to secure access?"
+    choices:
+    - content: "Require multifactor authentication (MFA) and conditional access policies."
+      isCorrect: true
+      explanation: "Correct: Zero Trust requires continuous verification through MFA and conditional access."
+    - content: "Allow access from any device but require VPN usage."
+      isCorrect: false
+      explanation: "Incorrect: VPN alone does not enforce identity verification and risk-based access."
+    - content: "Block all remote access to sensitive files."
+      isCorrect: false
+      explanation: "Incorrect: Blocking all access is not practical and hinders productivity."
+
+  - content: "Your security team wants to analyze how sensitive data is being accessed and shared within your organization. Which tool provides insights into user activity and data movement?"
+    choices:
+    - content: "Activity Explorer"
+      isCorrect: true
+      explanation: "Correct: Activity Explorer helps track user activity, data access, and movement within Microsoft 365."
+    - content: "Content Explorer"
+      isCorrect: false
+      explanation: "Incorrect: Content Explorer helps view classified data but does not track user activity."
+    - content: "Microsoft Purview Audit"
+      isCorrect: false
+      explanation: "Incorrect: Microsoft Purview Audit provides forensic activity logs but does not focus on real-time data movement."
+
+  - content: "Your organization recently experienced a data breach due to an insider threat. Leadership wants a solution to identify risky user behavior before a breach occurs. Which Microsoft Purview feature should be implemented?"
+    choices:
+    - content: "Insider Risk Management"
+      isCorrect: true
+      explanation: "Correct: Insider Risk Management detects and analyzes risky user behavior before a data breach happens."
+    - content: "Microsoft Defender XDR"
+      isCorrect: false
+      explanation: "Incorrect: Microsoft Defender XDR focuses on external threat detection rather than insider risks."
+    - content: "Sensitivity Labels"
+      isCorrect: false
+      explanation: "Incorrect: Sensitivity Labels help classify and protect data but do not identify risky user behavior."
+
+  - content: "A security analyst needs to investigate an incident where an employee accessed a large volume of sensitive files. Which Microsoft Purview tool can provide detailed activity logs for the investigation?"
+    choices:
+    - content: "Microsoft Purview Audit"
+      isCorrect: true
+      explanation: "Correct: Microsoft Purview Audit provides detailed activity logs for security investigations."
+    - content: "Content Explorer"
+      isCorrect: false
+      explanation: "Incorrect: Content Explorer shows classified data but does not provide user activity logs."
+    - content: "Insider Risk Management"
+      isCorrect: false
+      explanation: "Incorrect: Insider Risk Management helps detect risk but does not provide detailed forensic logs."
+
+
+  - content: "Your company is concerned about unauthorized sharing of classified financial documents. How can Microsoft Purview help prevent data leaks?"
+    choices:
+    - content: "Implement DLP policies to block unauthorized sharing."
+      isCorrect: true
+      explanation: "Correct: DLP policies can prevent financial documents from being shared outside the organization."
+    - content: "Use Content Explorer to track classified financial documents."
+      isCorrect: false
+      explanation: "Incorrect: Content Explorer provides insights but does not prevent data leaks."
+    - content: "Configure Microsoft Defender XDR to detect financial threats."
+      isCorrect: false
+      explanation: "Incorrect: Defender XDR detects threats but does not enforce sharing restrictions."