Merge pull request #49505 from MicrosoftDocs/NEW-purview-review-analyze-data-classification

New purview review analyze data classification

Author: JillGrant615

learn-pr/wwl-sci/purview-review-analyze-data-classification/analyze-classified-data.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-review-analyze-data-classification.analyze-classified-data
+title: Analyze classified data with data and content explorer
+metadata:
+  title: Analyze classified data with data and content explorer
+  description: "Analyze classified data with data and content explorer"
+  ms.date: 03/13/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 7
+content: |
+  [!include[](includes/analyze-classified-data.md)]

learn-pr/wwl-sci/purview-review-analyze-data-classification/includes/analyze-classified-data.md

@@ -0,0 +1,113 @@
+Understanding where sensitive data is stored and how it's accessed is essential for data security and compliance. **Data explorer** and **content explorer (classic)** in Microsoft Purview provide visibility into classified data across your organization.
+
+- **Data explorer** provides a consolidated view of classified data, making it easier to analyze multiple classification types at once.
+- **Content explorer** offers similar insights but requires more navigation to see classification details.
+
+These tools help security and compliance teams:
+
+- **Identify sensitive data** across Microsoft 365 and connected environments.
+- **Analyze data classification trends** based on sensitivity labels, retention labels, and sensitive information types (SITs).
+- **Review access patterns** to detect potential security risks.
+- **Validate compliance policies** by verifying encryption, classification, and retention settings.
+
+## Access data explorer and content explorer
+
+To use data explorer or content explorer, you need the correct permissions in Microsoft Purview.
+
+### Permissions
+
+Access to these tools is highly restricted because they allow visibility into sensitive data. Permissions override local file access settings.
+
+| Role | Access level |
+|-----|-----|
+| Data Explorer List Viewer | View file metadata and classification labels but not content. |
+| Data Explorer Content Viewer | View file contents in addition to metadata. |
+| Content Explorer List Viewer | View a list of items with classification details. |
+| Content Explorer Content Viewer | View file contents in addition to metadata. |
+
+> [!NOTE]
+> Users with a **List Viewer** role can see classification details but can't open or preview file contents. The **Content Viewer** role is required to access file contents.
+
+### Navigate to data explorer and content explorer
+
+You can access data explorer and content explorer from multiple Microsoft Purview solutions, based on the area you're working in:
+
+1. Navigate to the [Microsoft Purview portal](https://purview.microsoft.com/).
+
+1. Select **Solutions**.
+
+1. **Data explorer** and **Content explorer (classic)** can be found in these solutions:
+
+   - Communication compliance
+
+   - Data lifecycle management
+
+   - Data loss prevention (DLP)
+
+   - Information protection
+
+   - Records management
+
+1. Select the drop-down for **Explorers**, then select **Data explorer** or **Content explorer (classic)**.
+
+   :::image type="content" source="../media/data-explorer-content-explorer.png" alt-text="Screenshot showing the top level filter for the Reports page within Information Protection." lightbox="../media/data-explorer-content-explorer.png":::
+
+## Analyze sensitive data with data explorer
+
+### Data types displayed in data explorer
+
+Data explorer provides a snapshot of classified items based on:
+
+- **Sensitive information types (SITs)**: Identifies data like credit card numbers, Social Security numbers, and medical data.
+- **Sensitivity labels**: Shows how items are labeled based on organizational policies.
+- **Retention labels**: Displays how long labeled data is retained.
+- **Trainable classifiers**: Uses AI to identify sensitive content based on examples.
+
+### Use the data explorer
+
+1. Search or filter data by label, classifier, or SIT.
+
+1. Drill down into specific data sources like Exchange, OneDrive, or SharePoint.
+
+1. Export results to a CSV file for further analysis.
+
+   :::image type="content" source="../media/data-explorer.png" alt-text="Screenshot showing the Data explorer." lightbox="../media/data-explorer.png":::
+
+## Analyze classified data with content explorer (classic)
+
+### How content explorer differs from data explorer
+
+| Feature | Data explorer | Content explorer |
+|-----|-----|-----|
+| Data organization and visibility | Shows sensitive information types, sensitivity labels, trainable classifiers, and retention labels in a single table for quick analysis. | Requires navigating into each location to view classification details, rather than displaying them in a consolidated table. |
+| Integration with Information Protection Reports | Links directly from information protection reports, allowing users to drill into classification details. | Not linked from reports, so users must navigate to content explorer manually. |
+| Copilot data visibility | Includes Copilot as a data source when applicable. | Doesn't list Copilot as a distinct source. |
+
+### Use content explorer
+
+1. Filter data by classification labels, retention labels, or SITs.
+
+1. Browse by location to find labeled content.
+
+   :::image type="content" source="../media/content-explorer.png" alt-text="Screenshot showing the Content explorer." lightbox="../media/content-explorer.png":::
+
+## Export and refine data insights
+
+Both data explorer and content explorer allow users to:
+
+- **Export** data insights as a CSV file.
+
+- **Use filters** to refine searches by location, sensitivity label, or SIT.
+
+- **Analyze trends** to improve data classification policies.
+
+### Example search filters
+
+| Filter type | Example |
+|-----|-----|
+| Site URL | `https://contoso.onmicrosoft.com/sites/finance` |
+| File name | `HR_policy_2024.docx` |
+| File extension | `.pdf`, `.csv`, `.txt`  |
+| Sensitive data | Credit card numbers, PII  |
+
+**Data explorer** and **content explorer** provide visibility into classified and sensitive data across an organization. Security teams use these tools to track classified data, enforce compliance, and mitigate risks. Data explorer is the new experience that offers deeper insights, while content explorer remains available for organizations using the classic view.

learn-pr/wwl-sci/purview-review-analyze-data-classification/includes/information-protection-reports.md

@@ -0,0 +1,60 @@
+The **Information Protection Reports** in Microsoft Purview provide a centralized view of data classification, protection policies, encryption, and security activities across Microsoft 365, Azure, AWS, on-premises storage, and Microsoft Fabric.
+
+Security and compliance teams use these reports to:
+
+- **Monitor sensitivity label adoption**: Identify how labels are applied across cloud and on-premises data.
+- **Assess protection coverage**: Detect unprotected data across multicloud environments.
+- **Analyze user interactions with labeled content**: Track data access, movement, and policy violations.
+- **Review encryption trends**: Verify email and file encryption across multiple platforms.
+- **Gain insights into Microsoft Purview Data Governance sources**: Track sensitive data within governed data estates.
+- **Monitor findings from the Microsoft Purview Information Protection (MIP) scanner**: Identify sensitive data in on-premises file shares and SharePoint.
+
+## Access the Reports page
+
+To access Information Protection Reports in Microsoft Purview:
+
+1. Navigate to the [Microsoft Purview portal](https://purview.microsoft.com/).
+
+1. Select **Solutions** > **Information Protection** from the left navigation pane.
+
+1. On the **Information Protection** page, select **Reports**.
+
+On the **Reports** page, use the filter at the top to view classification and protection insights by data source:
+
+:::image type="content" source="../media/information-protection-reports-top-filter.png" alt-text="Screenshot showing the top level filter for the Reports page within Information Protection." lightbox="../media/information-protection-reports-top-filter.png":::
+
+This allows you to view specific classification and protection insights based on where data is stored.
+
+## Explore deeper insights
+
+Reports provide an overview of classification, labeling, and protection. Many reports include links to explore specific data in depth. The reports also allow you to hover over data points to reveal additional details, such as exact label counts, encryption metrics, or detected sensitive information types. This provides quick insights without needing to open a separate report.
+
+For deeper analysis, these reports link to:
+
+- **Data explorer**: Provides detailed visibility into labeled and sensitive content.
+- **Activity explorer**: Shows how users interact with labeled data.
+- **Protection policies (preview)**: Helps assess and adjust protection settings.
+- **Scan reports**: Displays details of scanned content across cloud and on-premises storage.
+- **Encryption reports**: Tracks email encryption and protection trends.
+
+:::image type="content" source="../media/report-link-to-data-explorer.png" alt-text="Screenshot showing the Explore applied labels button linking to Data explorer in Information Protection reports." lightbox="../media/report-link-to-data-explorer.png":::
+
+These linked insights allow administrators to investigate specific areas of risk, ensuring data security policies are properly implemented.
+
+### Information Protection Reports
+
+Each report provides insights into classification, protection, and security activities. Administrators can drill into specific data sources to investigate trends and risks more effectively.
+
+| Report | Details | Purpose | Links to |
+|-----|-----|-----|-----|
+| **Protection coverage** | Percentage of encrypted and access-controlled data across cloud and on-premises sources. | Identifies gaps in encryption and access control policies. | Protection policies (preview) |
+| **Sensitivity label coverage** | Percentage of labeled vs. unlabeled items across Microsoft 365, Azure, AWS, and on-premises. | Ensures sensitive data is labeled for proper protection and governance. | Data Explorer |
+| **Data scanning summary** | Percentage of scanned data sources across cloud and on-premises. | Detects unscanned areas that might pose compliance risks. | Scan reports |
+| **Sensitivity label usage** | Top sensitivity labels applied to files across all connected environments. | Helps track label adoption trends and identify policy gaps. | Data Explorer |
+| **Email encryption summary** | Number of emails encrypted manually or by policy. | Ensures confidential emails are properly protected. | Encryption reports |
+| **Top activities detected** | Logs of file access, labeling changes, DLP matches, and encryption actions. | Detects unauthorized modifications or suspicious access patterns. | Activity Explorer |
+| **Sensitive information types (SITs)** | Most commonly detected sensitive data types (for example, credit card numbers, SSNs, medical data). | Helps identify high-risk data needing protection. | Data Explorer |
+| **Data sources with sensitive info** | Top locations where labeled or sensitive data is stored (for example, SharePoint, OneDrive, Exchange, Azure). | Identifies data concentration areas to enhance security controls. | Data Explorer |
+| **Trainable classifiers** | Most-used AI classifiers for autolabeling (for example, threat intelligence, HR records). | Supports automated classification for large-scale data protection. | Data Explorer |
+
+The **Information Protection Reports** in Microsoft Purview offer a centralized way to track data classification and protection across Microsoft 365, Azure, AWS, on-premises, and Microsoft Fabric. By filtering reports and using linked insights, security and compliance teams can monitor how data is labeled, protected, and accessed to enforce security policies effectively.

learn-pr/wwl-sci/purview-review-analyze-data-classification/includes/introduction.md

@@ -0,0 +1,20 @@
+Organizations store and share sensitive data across cloud services, collaboration platforms, and on-premises environments. As data moves across multiple systems, security teams face challenges in ensuring proper classification, protection, and policy enforcement. To address these challenges, organizations need visibility into where sensitive data resides, how it's labeled, and how it's accessed. Without it, they struggle to enforce security policies, increasing the risk of data leaks, compliance violations, and unauthorized access.
+
+Microsoft Purview provides tools that help security and compliance teams track classified data, enforce protection policies, and detect potential risks. Information Protection Reports, Data explorer, Content explorer, and Activity explorer provide real-time insights into data security, enabling organizations to monitor labeling adoption, investigate policy effectiveness, and analyze user activity trends.
+
+By using these tools, organizations can:
+
+- Track data classification and protection across Microsoft 365, Azure, Amazon Web Services (AWS), and on-premises storage.
+- Analyze label usage and policy compliance to ensure sensitive information is properly secured.
+- Investigate user interactions with classified content to detect unauthorized access or policy violations.
+- Apply AI-driven insights through Microsoft Security Copilot to identify risks and refine security strategies.
+
+## Learning objectives
+
+By the end of this module, you'll be able to:
+
+- Interpret Information Protection Reports to assess classification and protection trends.
+- Investigate labeled content using Data explorer and Content explorer to identify classification patterns.
+- Analyze user activity in Activity explorer to detect policy violations and potential security risks.
+
+Use this knowledge to improve data security, maintain compliance, and respond to risks with confidence.