Merge pull request #49467 from MicrosoftDocs/NEW-purview-protect-sensitive-data

New purview protect sensitive data

Author: JamesJBarnett

learn-pr/wwl-sci/purview-protect-sensitive-data/data-protection-need.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.data-protection-need
+title: The growing need for data protection
+metadata:
+  title: The growing need for data protection
+  description: "The growing need for data protection."
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 5
+content: |
+  [!include[](includes/data-protection-need.md)]

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/data-protection-need.md

@@ -0,0 +1,32 @@
+Data is one of an organization's most valuable assets, but it's constantly at risk. Organizations face a range of threats, including cyberattacks, insider risks, compliance challenges, and emerging risks from AI-driven services. Understanding these threats and their consequences is crucial for developing effective security strategies.
+
+## The consequences  of data breaches and insider threats
+
+Cyber threats targeting sensitive data are increasing in scale and sophistication. According to ENISA's 2024 _[Threat Landscape](https://www.enisa.europa.eu/sites/default/files/2024-11/ENISA%20Threat%20Landscape%202024_0.pdf?azure-portal=true)_ report, data-related threats have surged, affecting public administration (12%), digital infrastructure (10%), finance (9%), and business services (8%). The report also notes that data compromise incidents rose in 2023-2024, reinforcing the need for strong data protection measures. Organizations that fail to implement security measures risk financial losses, regulatory penalties, and reputational damage.
+
+Cybersecurity and Infrastructure Security Agency's (CISA) _[Insider Threats 101](https://www.cisa.gov/sites/default/files/2024-07/insider-threat-101-fact-sheet_07-29-2024_508.pdf?azure-portal=true)_ fact sheet states that the total average cost of an insider risk increased in 2023 to $16.2 million per organization, with an average of 86 days required to identify and contain such threats. These insider incidents can stem from accidental exposure, compromised credentials, or malicious intent, all of which underscore the need for proactive data protection.
+
+Examples of data security risks include:
+
+- **Data breaches from unauthorized access**: Weak access controls, compromised credentials, and unprotected data storage can result in data breaches. Attackers exploit vulnerabilities to steal sensitive information, leading to financial and reputational damage. Organizations must enforce strong authentication, least privilege access, and data encryption to reduce exposure.
+- **Social engineering attacks**: Cybercriminals use deceptive tactics, such as phishing and Business Email Compromise (BEC), to manipulate employees into revealing sensitive data. These attacks can result in fraud, identity theft, and corporate espionage. Organizations can reduce risk by training employees, using email security controls, and implementing verification processes for sensitive transactions.
+- **Data leaks and misconfigurations**: Unsecured cloud storage, misconfigured access settings, and accidental data sharing can expose sensitive information. Organizations that lack clear data governance, visibility, and access restrictions are at higher risk of unintentional data exposure. Regular security audits and automated access controls help mitigate these risks.
+
+## Risks organizations face
+
+- **External threats**: Cyberattacks, phishing, and data breaches expose sensitive information and can cause financial and reputational damage.
+- **Insider risks**: Employees and contractors might unintentionally or maliciously leak data, making access controls and monitoring essential.
+- **Compliance challenges**: Organizations must meet strict data security and privacy requirements set by industry standards, government policies, and regulatory frameworks, with significant consequences for noncompliance.
+- **AI security risks**: As organizations adopt AI-driven tools, they must ensure that sensitive data isn't used or exposed in ways that could violate security policies. AI-generated content can introduce security gaps if not properly managed.
+
+## The need for a proactive approach
+
+To effectively address these threats, organizations must implement a proactive data protection strategy that includes:
+
+- **Data classification and labeling** to identify and secure sensitive information, reducing the risk of exposure.
+- **Data loss prevention and retention policies** to control sharing, prevent leaks, and ensure compliance with regulatory requirements.
+- **Insider risk management tools** to detect and respond to security incidents before they escalate.
+- **Dynamic security controls** to apply protections based on risk levels, reducing exposure from compromised accounts.
+- **AI security measures** to protect sensitive data used in AI-driven environments, preventing unauthorized access or misuse.
+
+A reactive approach to security often leads to increased financial losses and operational disruptions. By taking a **comprehensive and preventive** approach to data protection, organizations can safeguard their most valuable assets, maintain regulatory compliance, and reduce the likelihood of costly security incidents.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/introduction.md

@@ -0,0 +1,17 @@
+AI, cloud services, and collaboration platforms have transformed how organizations generate, share, and analyze data. While these technologies drive efficiency and innovation, they also introduce new security challenges. Sensitive information can be exposed through unauthorized access, accidental sharing, or AI-driven tools processing data in unintended ways.
+
+As organizations increase their use of AI-driven tools and cloud-based collaboration, security teams must address new risks, such as unintentional data exposure and policy violations. Without a proactive data security strategy, organizations risk financial losses, compliance violations, and operational disruptions.
+
+Microsoft Purview provides a comprehensive approach to safeguarding data across cloud, endpoint, and AI environments. It enables organizations to classify, label, and protect sensitive information, enforce data loss prevention policies, and detect potential risks before they lead to security incidents.
+
+## Learning objectives
+
+By the end of this module, you'll be able to:
+
+- Describe the challenges of protecting sensitive data in cloud and AI environments.
+- Explain how Microsoft Purview helps classify, label, and secure data.
+- Identify the role of data loss prevention (DLP) in reducing security risks.
+- Understand how Insider Risk Management supports proactive threat detection.
+- Describe security monitoring capabilities that help organizations manage data risks.
+
+This module provides you with the knowledge and tools needed to strengthen data security while enabling safe and efficient collaboration.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/manage-respond-alerts-threats.md

@@ -0,0 +1,59 @@
+Security teams need visibility and control to respond to threats effectively. Without proper monitoring and investigative tools, organizations risk missing critical security incidents that could lead to data breaches, compliance violations, or operational disruptions. A proactive security approach ensures that risks are addressed before they become serious threats.
+
+## Security monitoring and response tools
+
+Organizations can strengthen their security posture by using **Microsoft Purview** and **Microsoft Defender** tools to detect, investigate, and respond to security risks.
+
+### Microsoft Purview Audit
+
+Organizations must be able to track and investigate user activities across their environment to identify security incidents. **Microsoft Purview Audit** provides detailed visibility into user actions, helping security teams detect unusual behavior, unauthorized access, and policy violations.
+
+With Microsoft Purview Audit, security teams can:
+
+- Review user activity logs to investigate security incidents.
+- Identify unauthorized access attempts and detect unusual behavior.
+- Use Audit (Premium) capabilities to retain logs for long-term forensic analysis.
+
+### Alerts in Microsoft Purview
+
+Microsoft Purview provides alerting capabilities across multiple security and compliance solutions, helping organizations detect and respond to data loss, insider threats, and policy violations. Alerts are managed within specific Purview solutions, such as Insider Risk Management and Data Loss Prevention (DLP), allowing security teams to address risks in their relevant contexts.
+
+With Alerts in Microsoft Purview, security teams can:
+
+- Monitor security and compliance alerts directly within Insider Risk Management, DLP, and other Microsoft Purview solutions.
+- Take immediate action on alerts within Microsoft Purview tools to prevent security incidents.
+- Prioritize alerts based on severity and risk to focus on the most critical incidents.
+
+By integrating alerting capabilities within specific security and compliance tools, Microsoft Purview ensures that security teams can effectively track and mitigate risks where they occur.
+
+### Activity and content explorer
+
+Security teams need to understand how data is accessed, shared, and classified within an organization. **activity explorer** and **content explorer** provides real-time insights into user activities and content classification, helping security teams monitor security events.
+
+With **activity explorer** and **content explorer**, organizations can gain insights into data access and classification:
+
+- **Activity explorer**: Provides insights into user activity, tracking data access, movement, and security events.
+- **Content explorer**: Helps security teams view and classify sensitive data across Microsoft 365 applications, identifying potential risks.
+- Identify anomalies in file sharing, downloads, and access attempts to detect potential security risks.
+
+### Microsoft Defender XDR
+
+**Microsoft Defender XDR (Extended Detection and Response)** provides a unified threat detection and response capability by correlating security signals from multiple sources.
+
+With Microsoft Defender XDR, security teams can:
+
+- Correlate security signals across Microsoft Purview tools, endpoints, and cloud services to provide a comprehensive view of threats.
+- Identify suspicious activity by analyzing security events across multiple sources.
+- Automate responses to detected threats and reduce investigation time.
+
+## A proactive approach to security
+
+By integrating security monitoring, alerting, and response tools, organizations can proactively detect and mitigate threats before they escalate.
+
+This approach ensures that security teams can:
+
+- Analyze data access and usage patterns to identify potential security risks.
+- Investigate security incidents before they lead to breaches.
+- Respond to alerts in real-time to mitigate threats.
+
+A well-defined security monitoring strategy ensures that organizations stay ahead of potential risks while protecting sensitive data and maintaining compliance.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/manage-sensitive-data-challenge.md

@@ -0,0 +1,41 @@
+Modern organizations operate in complex digital environments where sensitive data is generated, stored, and shared across multiple platforms. Managing this data effectively requires overcoming several security and compliance challenges.
+
+## The expanding data landscape
+
+Sensitive data is no longer confined to on-premises servers. It exists across cloud platforms, endpoints, AI-driven tools, and collaboration applications. While these technologies improve efficiency, they also introduce security risks.
+
+- **Data is everywhere**: Emails, cloud storage, AI tools, and remote work solutions create a distributed data environment, making it harder to control access and prevent leaks.
+- **Users collaborate across multiple platforms**: Files are shared both inside and outside the organization, increasing the risk of accidental or unauthorized exposure.
+
+By 2025, global data volumes are expected to reach 175 zettabytes, a tenfold increase from 2016. As structured and unstructured data continues to grow, organizations must implement robust data discovery and classification strategies to maintain security and compliance.
+
+:::image type="content" source="../media/data-is-exploding.png" alt-text="Diagram that shows the concept that data is exploding." lightbox="../media/data-is-exploding.png":::
+
+## Balancing security with usability
+
+Security policies should protect sensitive data without disrupting business operations. Overly restrictive controls can lead to shadow IT, where employees bypass security measures to complete their work, creating security gaps.
+
+- **Security vs. usability**: Strong security controls must align with business workflows to be effective. Employees need secure collaboration tools that don't disrupt productivity while still enforcing data protection measures.
+
+## The challenge of data visibility
+
+Many organizations struggle to track where sensitive data resides, how it's accessed, and who has permissions. This lack of visibility increases security and compliance risks.
+
+- **Lack of visibility**: Research shows that organizations face significant challenges in tracking and securing their data:
+
+  - 88% of organizations lack confidence in their ability to detect or prevent sensitive data loss.
+  - More than 80% of corporate data remains "dark", meaning unclassified and unprotected.
+
+:::image type="content" source="../media/discovery-managing-data-is-challenging.png" alt-text="Diagram that shows challenges in data management." lightbox="../media/discovery-managing-data-is-challenging.png":::
+
+Without visibility, organizations struggle to enforce security policies, leaving them vulnerable to breaches and compliance failures.
+
+## Why organizations must address these challenges
+
+Failing to manage sensitive data effectively can lead to:
+
+- Financial and reputational damage from data breaches.
+- Regulatory penalties for failing to meet compliance standards.
+- Operational disruptions due to security incidents and data loss.
+
+To mitigate these risks, organizations need a structured approach to identifying, securing, and governing sensitive data.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/prevent-data-leaks-insider-threats.md

@@ -0,0 +1,51 @@
+Organizations need tools to prevent sensitive data from being exposed, whether through accidental sharing, poor security practices, or intentional misuse. Without strong protections, organizations face compliance risks, financial losses, and reputational damage.
+
+## Common risks
+
+Sensitive data can be leaked or exposed in various ways. Organizations must identify these risks to implement effective security measures.
+
+- **Unauthorized sharing**: Employees might unintentionally send sensitive documents outside the organization, leading to potential data exposure.
+- **Data stored in unprotected locations**: Files saved to personal devices, unmanaged cloud apps, or external storage increase security risks.
+- **Malicious insiders**: Employees with access to sensitive data might misuse their privileges for financial gain, competitive advantage, or other malicious purposes.
+
+## Mitigation strategies
+
+Organizations need tools to prevent data from being exposed, both accidentally and intentionally. Whether caused by human error, compromised accounts, or malicious actions, data leaks pose significant security and compliance risks. A structured approach to risk detection and policy enforcement helps reduce these risks while maintaining business productivity.
+
+### Apply Insider Risk Management tools
+
+Not all data threats come from external attackers. Insider risks, whether accidental or intentional, pose a serious security challenge. Organizations need tools to monitor activity, detect risks, and respond before data is compromised.
+
+Microsoft Purview Insider Risk Management helps organizations:
+
+- Detect unusual file access, data transfers, and security violations.
+- Identify risky behavior while maintaining user privacy.
+- Automate risk alerts and investigations to reduce response times.
+
+By detecting potentially risky behavior early, organizations can take action before it results in data exposure.
+
+### Implement DLP policies
+
+Data loss prevention (DLP) policies help prevent sensitive data from being shared inappropriately. Organizations can define policies that automatically block or restrict sharing based on data sensitivity.
+
+With Microsoft Purview DLP, organizations can:
+
+- Prevent data leaks across email, cloud services, and endpoints.
+- Enforce restrictions on copying, pasting, or transferring sensitive files.
+- Apply policies dynamically to protect regulated data and intellectual property.
+
+DLP ensures that sensitive data isn't accidentally or deliberately exposed, while still allowing secure collaboration.
+
+### Use Adaptive Protection
+
+Static security policies might not be enough to address evolving threats. Adaptive protection adjusts security controls based on real-time risk insights from insider risk management, ensuring that sensitive data is only accessible under safe conditions.
+
+Microsoft Purview uses Adaptive Protection to:
+
+- Assess user activity and apply security policies dynamically.
+- Restrict data access for users exhibiting risky behavior based on Insider Risk Management signals.
+- Reduce unnecessary security friction for trusted users.
+
+By integrating insider risk insights with DLP enforcement, adaptive protection ensures that security adapts to user behavior, strengthening protection for high-risk users while minimizing disruptions for low-risk users.
+
+By proactively identifying risks and applying the right mitigation strategies, organizations can protect sensitive data while enabling secure collaboration.

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/protect-ai-data.md

@@ -0,0 +1,41 @@
+As AI adoption grows, organizations must secure the data used in AI-driven environments. Sensitive information can be exposed through AI models, generated content, or interactions with AI tools. A strong security approach ensures that AI enhances business operations without introducing data protection risks.
+
+## Security concerns in AI environments
+
+AI technologies rely on vast amounts of data to function effectively. Without proper security measures, organizations risk exposing sensitive data, generating inappropriate content, or failing to comply with privacy regulations.
+
+### Protect sensitive data from unauthorized AI model training
+
+AI models learn from data, but not all data should be used for training. Sensitive business information, personal data, and regulated data must be protected to prevent misuse.
+
+To safeguard sensitive data, organizations can:
+
+- **Implement Data Loss Prevention (DLP) policies** to prevent unauthorized data from being used in AI tools.
+- Use **Microsoft Purview Information Protection** to classify and label sensitive data, ensuring that it isn't inadvertently shared or processed by AI models.
+- Enforce **access controls and encryption** to restrict AI systems from accessing confidential information.
+
+### Prevent AI tools from generating inappropriate or risky content
+
+AI-generated content can introduce risks, including bias, misinformation, or unintended data exposure. Organizations need safeguards to monitor and control AI outputs.
+
+Security teams can mitigate these risks by:
+
+- Implement **AI governance policies** to define acceptable AI-generated content.
+- Use **content filtering tools** to prevent AI from producing inappropriate or noncompliant outputs.
+- Audit AI-generated content to ensure that it aligns with security and compliance standards.
+
+### Ensure compliance with data privacy regulations when using AI
+
+AI services must comply with industry regulations and corporate data protection policies. Improper use of AI can lead to compliance violations and legal consequences.
+
+To maintain compliance:
+
+- Monitor AI data processing activities to ensure regulatory adherence.
+- Apply data retention and deletion policies to AI-processed content.
+- Use Data Security Posture Management (DSPM) for AI to enforce security policies and manage AI-related risks.
+
+### Implement AI data protection strategies
+
+Organizations can strengthen AI security by integrating Microsoft Purview and Data Security Posture Management (DSPM) for AI to mitigate risks.
+
+By securing AI-generated and AI-processed data, organizations can use AI's capabilities while maintaining data privacy, compliance, and security.