Microsoft Solutions Partner — Security · 11,000+ engagements

Microsoft Purview Enterprise Data Governance Guide (2026)

The unified Microsoft data governance and compliance platform — Data Map, sensitivity labels, DLP, eDiscovery, Insider Risk, Communication Compliance, and Records Management. Label-aware Copilot grounding for regulated industries, activated end-to-end by a senior-architect-led 29-year Microsoft Solutions Partner.

Book a Purview briefing Call 888-381-9725

What is Microsoft Purview and how do enterprises deploy unified data governance + compliance? Microsoft Purview is the unified Microsoft data governance and compliance platform that spans Data Map (catalog, scan, lineage), Data Estate Insights, sensitivity labels, Data Loss Prevention, eDiscovery (Standard and Premium), Insider Risk Management, Communication Compliance, and Records Management. Enterprises deploy it through a five-phase Assess, Label + DLP, Data Map + Lineage, IRM + eDiscovery, Operate program that turns on the capabilities most Microsoft 365 E5 Compliance customers leave dormant — and stands up the label-aware architecture required for safe Microsoft 365 Copilot grounding in regulated industries.

Microsoft Purview is the unified Microsoft data governance and compliance platform — eight capability areas spanning catalog, classification, DLP, eDiscovery, insider risk, communication supervision, and records. Most enterprises license Purview through Microsoft 365 E5 + E5 Compliance but activate only 30 to 40 percent of capability. EPC Group activates the dormant capabilities and stands up the label-aware architecture for safe Copilot grounding under a fixed-fee five-phase accelerator.

Key Facts

Eight capability areas: Data Map, Data Estate Insights, Sensitivity Labels, DLP, eDiscovery, Insider Risk Management, Communication Compliance, Records Management
Sensitivity labels travel across Microsoft 365, SharePoint, OneDrive, Teams, Fabric OneLake, Power BI, and Copilot grounding
Microsoft 365 E5 + E5 Compliance covers most Purview capabilities; Data Map is the Azure-billed exception
DLP audit-to-enforce migration is the single largest activation gap in the field
Label-aware Microsoft 365 Copilot grounding is the architecture answer for safe regulated-industry Copilot rollout
EPC Group five-phase Accelerator delivers full activation in 10 to 20 weeks, fixed-fee $250K to $800K
29-year Microsoft Solutions Partner, 70+ Fortune 500 clients, 216+ M&A tenant consolidations
Purview controls map to HIPAA, FINRA, GLBA, FedRAMP, CMMC, GDPR, ITAR, and DoD 5015.2 retention

The eight Microsoft Purview capability areas — what each does and what it requires

Microsoft Purview is one product surface that spans eight underlying capability areas. Enterprises that buy Microsoft 365 E5 + E5 Compliance already own most of the stack — Data Map is the Azure-billed exception. Understanding what each capability does, what it depends on, and which license tier covers it is the first step toward full activation.

Purview Data Map — catalog, scan, lineage

What it does: Data Map is the catalog plane — automated scanning of Azure SQL, Azure Synapse, Microsoft Fabric OneLake, Snowflake, Databricks, Amazon S3, AWS RDS, Google BigQuery, on-premises SQL Server, Oracle, Teradata, SAP, Salesforce, ServiceNow, Power BI workspaces, and 60+ other sources. It produces a unified business glossary, technical metadata, and end-to-end column-level lineage.

Automated scans on schedule with classification rules across 200+ system-defined patterns and customer custom regex
Business glossary with steward assignment, approval workflow, and term-to-asset binding
Column-level lineage across ingestion (ADF, Fabric pipelines, Synapse), transformation (Databricks, dbt, Fabric notebooks), and consumption (Power BI, Tableau)
Asset insights and asset-level access requests routed to data owners
Multi-cloud connectors via the Purview gateway for Snowflake, Databricks, BigQuery, S3, and on-premises sources

Licensing: Purview Data Map is a separately metered Azure service, billed per capacity unit and per scan hour. Available standalone or bundled into the broader Microsoft Purview platform agreement. Microsoft 365 E5 Compliance does NOT include Data Map — it is the Azure-billed portion of Purview.

Data Estate Insights

What it does: Data Estate Insights is the executive dashboard on top of Data Map — health metrics for stewardship coverage, classification rates, glossary adoption, scan freshness, and lineage completeness. It is what a Chief Data Officer reviews in the monthly governance steering committee.

Stewardship health score across business units and source systems
Sensitive data discovery dashboards across structured and unstructured sources
Top assets by query volume, by sensitivity classification, by lineage breadth
Glossary adoption metrics — terms defined, terms bound, terms in steward backlog
Drill-through to remediation actions assigned to data owners

Licensing: Included with Purview Data Map capacity. No additional licensing required beyond the Azure-billed Data Map subscription.

Sensitivity Labels — the data classification backbone

What it does: Sensitivity labels are the single classification taxonomy that travels with data across Microsoft 365 (Word, Excel, PowerPoint, Outlook, Teams), SharePoint Online, OneDrive for Business, Microsoft Fabric (workspaces, lakehouses, warehouses, Power BI semantic models), Azure Data Lake Storage Gen2, and any third-party app that integrates with the Microsoft Information Protection (MIP) SDK. Labels carry encryption, watermarking, content marking, access restrictions, and retention behavior.

Auto-labeling at rest and in transit using trainable classifiers and 200+ sensitive information types
Container labels for SharePoint sites, Teams, and Microsoft 365 Groups controlling guest access, external sharing, and unmanaged device access
Label inheritance from parent SharePoint site → child documents, from Fabric workspace → child semantic model and report
Power BI semantic model label propagation to underlying Fabric OneLake artifacts and exported PDF/Excel files
Encryption and rights protection backed by Microsoft Purview Customer Key or Bring-Your-Own-Key (BYOK)

Licensing: Manual sensitivity labeling included in Microsoft 365 E3. Auto-labeling, trainable classifiers, and label-based DLP require Microsoft 365 E5 or Microsoft 365 E5 Compliance. Label-aware Power BI and Fabric integration is included in any Fabric capacity SKU paired with a labeled tenant.

Data Loss Prevention (DLP)

What it does: Purview DLP enforces policies across Exchange Online, SharePoint Online, OneDrive, Microsoft Teams chat and channel messages, Windows 10/11 endpoints, macOS endpoints, Microsoft Defender for Cloud Apps connected SaaS, and Power BI/Fabric. It detects, blocks, audits, and remediates the movement of sensitive content based on sensitivity label, sensitive information type, or trainable classifier.

Pre-built policy templates for HIPAA, GLBA, FINRA, GDPR, CCPA, PCI DSS, ITAR, and 60+ regional regulations
Endpoint DLP — clipboard, USB, network share, browser upload, print, and screen-capture controls on Windows and macOS
Teams DLP including chat and channel message inspection plus blocking of label-protected attachments to external guests
Adaptive Protection — risk-based policy escalation tied to Insider Risk Management user risk score
Justification capture and override workflows for business-need exceptions with audit trail

Licensing: Basic Exchange and SharePoint DLP in Microsoft 365 E3. Endpoint DLP, Teams DLP, and Power BI DLP require Microsoft 365 E5 or Microsoft 365 E5 Compliance. Adaptive Protection requires E5 Compliance plus Insider Risk Management.

eDiscovery — Standard and Premium

What it does: Purview eDiscovery preserves, collects, processes, reviews, and exports content across Exchange Online mailboxes, SharePoint Online sites, OneDrive accounts, Microsoft Teams (including private channels), Yammer/Viva Engage, Copilot interaction history, and Microsoft 365 Group conversations. It is the platform legal teams use to respond to litigation hold, regulatory request, and internal investigation.

Standard — case management, legal hold across all M365 workloads, search and export
Premium adds custodian management, communication acknowledgments, in-place processing, near-duplicate detection, email threading, themes analysis, predictive coding (machine learning relevance scoring)
Premium adds review sets with redaction, tagging, and structured analytics for first-pass review inside the portal
Copilot interaction history is preserved and discoverable in Premium with the Microsoft 365 E5 Compliance + Premium add-on
Audit, chain-of-custody reporting, and exportable load files for downstream review platforms (Relativity, Everlaw)

Licensing: Standard included in Microsoft 365 E3. Premium requires Microsoft 365 E5, E5 Compliance, or E5 eDiscovery + Audit add-on. Most enterprises pay for Premium licensing across the whole tenant but only stand up a handful of cases per year — the activation gap is in unused capacity, not missing license.

Insider Risk Management (IRM)

What it does: IRM uses signals from Microsoft 365, Defender for Endpoint, Defender for Cloud Apps, HR systems (Workday, SAP SuccessFactors), and physical badge systems to score user risk across data theft, security policy violation, and inadvertent leakage scenarios. Policies are built from templates and tuned with anonymization, scope filtering, and machine-learning sequence detection.

Pre-built policy templates — departing employee data theft, general data leak, risky browser usage, healthcare data exfil, financial data exfil
Sequence detection — chains of events (download → rename → upload to personal cloud) scored as high-risk patterns
Anonymization by default — analysts see pseudonymized usernames until elevated reveal is approved
Adaptive Protection integration — automatic DLP policy escalation for elevated-risk users
Case management with timeline, evidence preservation, and HR/Legal handoff workflows

Licensing: Microsoft 365 E5 Insider Risk Management standalone SKU or Microsoft 365 E5 Compliance bundle. Most E5 customers own the license but have never run an alert tuning cycle, leaving false-positive rates above the threshold the SOC will tolerate.

Communication Compliance

What it does: Communication Compliance reviews Exchange email, Teams chat, Yammer/Viva Engage posts, Skype-for-Business archives, third-party connectors (Bloomberg, Refinitiv, WeChat, Zoom), and Copilot interactions for policy violations — harassment, discrimination, MNPI leakage, conflict of interest, and regulatory disclosure. It is the FINRA Rule 3110 and Rule 4530 supervision platform for financial services, and the ethical wall enforcer for legal and healthcare.

Pre-built policy templates — corporate sanction, regulatory compliance, conflict of interest, sensitive information
Built-in classifiers — harassment, threat, profanity, MNPI, money laundering, gift and entertainment
Ethical wall enforcement (information barriers) between conflicted business units or attorney/client matter teams
Reviewer workflows with case escalation, regulator-ready evidence export, and supervisor sign-off
Third-party connector framework for Bloomberg chat, Refinitiv Eikon Messenger, WeChat, WhatsApp Business, SMS archives

Licensing: Microsoft 365 E5 Compliance or the standalone Communication Compliance add-on. Information barriers are licensed separately under the E5 Compliance bundle.

Records Management — retention, lifecycle, disposition

What it does: Records Management applies file plan retention labels with full lifecycle (active → inactive → disposition review → permanent delete or transfer) across Exchange, SharePoint, OneDrive, Teams, and Microsoft 365 Groups. It is the platform records officers use to defend an audit by the SEC, FINRA, DoD 5015.2, FOIA, or state-equivalent records authority.

File plan manager — bulk import of structured retention schedules with citation, regulation, and steward attribution
Event-based retention — retention starts when an event fires (employee separation, contract closeout, case closure), not at document creation
Disposition review with multi-stage reviewer chain, justification capture, and audit-grade evidence preservation
Records versioning preserving prior versions during the retention window even when users edit live documents
Adaptive scopes — dynamic retention policy targeting based on department, location, or sensitivity label rather than static groups

Licensing: Records Management requires Microsoft 365 E5 or E5 Compliance. Basic retention policies are available in E3 but lack file plan manager, event-based retention, disposition review, and adaptive scopes.

The backbone control

Sensitivity labels are the backbone — and the prerequisite for safe Copilot grounding

Every other Purview capability depends on the sensitivity label. DLP enforces against labels. Insider Risk escalates on label-classified content. Records Management retains on labeled artifacts. eDiscovery scopes by label. And Microsoft 365 Copilot honors sensitivity labels on every piece of grounding content it retrieves — which is why a tenant without label coverage is a tenant where Copilot can surface unredacted PHI, MNPI, CUI, or attorney-client privileged material to anyone who asks.

Labels travel with the data

A label applied to an Excel file in OneDrive travels with the file when it is shared to Teams, exported to PDF, uploaded to a Fabric lakehouse, or surfaced in a Power BI semantic model. Encryption and rights protection travel with it.

Labels propagate down

Container labels on SharePoint sites and Microsoft 365 Groups propagate to child documents. Labels on Fabric workspaces propagate to lakehouses, warehouses, semantic models, and reports. Labels on Power BI semantic models propagate to exports.

Copilot honors labels

Microsoft 365 Copilot and Copilot Studio agents honor sensitivity labels on grounding content. A clinician asking Copilot about a patient chart only retrieves content the clinician is authorized to read. Label coverage is the prerequisite for safe regulated-industry Copilot rollout.

Six Purview deployment patterns

Every Purview engagement composes from six deployment patterns. Most enterprises run the M365 baseline plus one or two regulatory patterns in parallel; multi-cloud lineage and supervised-workforce patterns are typically Year-2 phases sequenced after the baseline is operational.

Pattern 1 — Microsoft 365 governance baseline

The M365 baseline is the universal starting point. EPC Group ships a four-tier sensitivity label scheme (Public, Internal, Confidential, Highly Confidential) with encryption and rights protection at Confidential and above, container labels on SharePoint and Teams controlling guest sharing and unmanaged-device access, auto-labeling policies covering the top fifteen sensitive information types relevant to the customer, and DLP policies in audit mode for thirty days before enforcement. Audit logs are routed to Microsoft Sentinel for retention beyond the default ninety-day window. The output is a labeled, classified, and DLP-enforced tenant with auditor-ready evidence inside the Microsoft Purview compliance portal and a documented exception-handling workflow.

Pattern 2 — Healthcare HIPAA + 42 CFR Part 2

Healthcare deployments anchor on a five-tier label scheme that distinguishes PHI from non-PHI and Part 2 substance-use-disorder records from general PHI. EPC Group ships HIPAA DLP policy templates tuned to the customer’s EHR (Epic, Cerner, Meditech, Allscripts) data egress patterns, Insider Risk policy templates for clinical data theft scenarios, BAA-aligned audit log retention, and Communication Compliance policies for HIPAA-restricted disclosures. The deployment ties to the Microsoft 365 BAA and the Azure HIPAA-eligible service list. Cross-link to our healthcare consulting hub at /healthcare-it-consulting-hipaa-microsoft-2026 for the broader HIPAA Microsoft architecture.

Pattern 3 — Financial services FINRA + SR 11-7 + GLBA

Financial services deployments combine sensitivity labels for MNPI (material non-public information) and customer NPI (non-public personal information), DLP policies enforcing GLBA and PCI DSS controls, Communication Compliance for FINRA Rule 3110 supervision and Rule 4530 disclosure, Records Management against SEC 17a-4 WORM-equivalent retention with Purview Preservation Lock, and ethical wall information barriers between research and banking divisions. EPC Group integrates Bloomberg chat and Refinitiv Eikon Messenger via the third-party connector framework so the supervision program covers the full advisor-to-client communication surface. Cross-link to /enterprise-regulated-analytics-microsoft for the Power BI + Fabric analytics governance story under the same controls.

Pattern 4 — Federal FedRAMP-aligned + ITAR + GCC High

Federal deployments operate in Microsoft 365 GCC High and Azure Government, with sensitivity labels mapped to CUI categories (CUI//SP-PRVCY, CUI//SP-PROPIN, CUI//ITAR), label-aware Defender for Cloud Apps controls preventing CUI egress to non-GCC tenants, Insider Risk Management policies tuned to ITAR data theft scenarios, and Records Management aligned to DoD 5015.2 retention schedules. eDiscovery Premium runs against FOIA and litigation hold workflows. Audit logs satisfy NIST 800-53 Rev. 5 AU control family and FedRAMP High audit requirements. Cross-link to /government-federal-microsoft-consulting-fedramp-cmmc-2026 for the broader GCC High and CMMC architecture.

Pattern 5 — Data Map lineage across Fabric, Synapse, and Snowflake

The lineage pattern stands up Purview Data Map across the data estate — Microsoft Fabric OneLake workspaces, Azure Synapse Analytics dedicated and serverless pools, Azure Data Lake Storage Gen2, on-premises SQL Server and Oracle, Snowflake (via the Snowflake-Purview connector or the OpenLineage-Snowflake mirror), and Databricks Unity Catalog. EPC Group configures scan schedules, classification rules, the business glossary with steward assignments, and column-level lineage that resolves end-to-end from ingestion through transformation to Power BI semantic model consumption. The deliverable is a single pane of glass auditors will accept showing what regulated columns exist, where they live, who owns them, and which Power BI reports surface them.

Pattern 6 — Insider Risk + Communication Compliance for regulated workforces

The supervised-workforce pattern combines Insider Risk Management and Communication Compliance for industries with regulator-mandated supervision — financial services (FINRA), healthcare (HIPAA/HITECH), legal (ethical walls), government contractors (ITAR/CUI). EPC Group ships tuned policy templates, anonymized reviewer workflows, HR-system integration (Workday, SAP SuccessFactors) for departing-employee triggers, and reviewer dashboards that satisfy the regulator without overwhelming the compliance team. Adaptive Protection ties the two together — a user whose Insider Risk score escalates automatically receives stricter DLP and Conditional Access policies until the score normalizes.

The Activation Gap

Most enterprises license Purview but activate only 30 to 40 percent of it

The single most consistent finding across 70+ Fortune 500 Purview assessments EPC Group has run is that customers buy Microsoft 365 E5 + E5 Compliance — paying for the full Purview Information Protection, eDiscovery Premium, IRM, Communication Compliance, and Records Management stack on every user — and then leave the highest-leverage capabilities dormant. The activation gap is not a license problem. It is a deployment services problem.

Sensitivity labels not deployed

No label scheme, no container labels, no auto-labeling. Without labels every other Purview capability is operating against unclassified content — DLP fires on raw pattern matches, IRM cannot scope, Records Management cannot retain by class, and Copilot grounding has no guardrails.

DLP stuck in audit mode

Policies deployed in audit-only mode at go-live, intended for thirty-day false- positive review, never promoted to enforce. Audit-only DLP produces evidence after the loss event — it blocks nothing in real time.

eDiscovery Premium never used

Premium licensing paid for across the tenant. Legal teams still export to PST and review in Relativity because no one stood up custodian workflows, review sets, or predictive coding inside Purview.

IRM templates absent

Insider Risk Management licensed and enabled but no policy templates configured, no HR-system integration for departing-employee triggers, no Adaptive Protection tie- in, and no reviewer dashboards in production use.

Purview + Copilot integration

Purview is how regulated industries say yes to Copilot

Microsoft 365 Copilot respects sensitivity labels on every piece of grounding content it retrieves from Microsoft Graph. A Copilot Studio agent grounded on a SharePoint library, Fabric lakehouse, or Dataverse table inherits the same label-aware retrieval semantics. For a healthcare provider, this means a clinician asking Copilot to summarize today’s patient schedule only retrieves PHI the clinician is authorized to read. For a financial services firm, this means a research analyst querying Copilot cannot accidentally surface MNPI from the banking division. For a defense contractor, this means a CUI-labeled document in GCC High cannot be summarized into a non-CUI response.

The architecture answer is the same in every case — Purview sensitivity labels applied comprehensively to the grounding corpus before Copilot is licensed broadly. Without label coverage, Copilot is an unredacted data exfiltration risk. With label coverage, Copilot is a compliant productivity multiplier. This is why every EPC Group Copilot readiness engagement starts with a Purview label-scheme audit, and why customers who try to deploy Copilot before Purview consistently end up rolling back. Cross-link to our Microsoft Cloud Orchestrator hub for the broader orchestration story under which Purview is the data and AI governance plane.

Governance and compliance — Purview controls mapped to your regulatory reality

Purview controls map directly to HIPAA, FINRA, GLBA, FedRAMP, CMMC, GDPR, CCPA, ITAR, and DoD 5015.2 records authority. The Purview Compliance Manager exposes the mapping inside the portal with prebuilt assessment templates for 350+ regulations. EPC Group extends Compliance Manager output into a documented control matrix auditors will accept — assessment evidence, policy references, control owners, and exception management workflows linked to every control claim. See our standards alignment library for the full mapping and our data governance services for the broader engagement model.

HIPAA

SOC 2

FedRAMP

FINRA

CMMC

GxP

The EPC Group Purview Accelerator — five phases, fixed fee

The accelerator anchors on The EPC Group Lifecycle — Assess, Label + DLP, Data Map + Lineage, IRM + eDiscovery, Operate. Fixed-scope between $250,000 and $800,000 depending on tenant scale, data-estate breadth, regulatory scope, and managed-service tail. Senior-architect led, no offshore handoff.

Phase 1 — Assess

Governance maturity assessment in three weeks

Phase one inventories every Purview license the tenant owns, every capability that is enabled, every policy that is configured, and every gap against the customer regulatory profile (HIPAA, FINRA, GLBA, FedRAMP, ITAR, GxP). EPC Group ships a costed activation roadmap, a risk-weighted backlog, and a board-ready decision package anchoring on the Assess stage of the EPC Group Lifecycle.

License inventory — E3, E5, E5 Compliance, E5 Information Protection & Governance, E5 Insider Risk Management
Capability-level audit — what is enabled, what is in audit, what is enforced, what is dormant
Regulatory mapping — customer regulatory profile to Purview control coverage matrix
Activation backlog with effort, sequence, dependency annotations, and Year-1 and Year-2 phasing

Phase 2 — Label scheme + DLP

The sensitivity label backbone and DLP audit-to-enforce

Phase two designs and deploys the sensitivity label scheme, container labels for SharePoint and Teams, auto-labeling policies, and DLP policies. EPC Group runs DLP in audit-only mode for thirty days, builds the exception workflow, and only then promotes policies to enforce. This is the phase where the activation gap closes for the most users.

Four-to-six tier sensitivity label scheme with encryption at Confidential and above
Container labels controlling guest access and unmanaged-device access on SharePoint and Teams
Auto-labeling policies covering the top fifteen sensitive information types
DLP policy audit-to-enforce migration with thirty-day false-positive review window

Phase 3 — Data Map + lineage

Catalog, scan, and column-level lineage across the data estate

Phase three deploys Purview Data Map, configures source scans across the customer data estate (Fabric, Synapse, ADLS, Snowflake, Databricks, on-premises SQL, Oracle, SAP), stands up the business glossary with steward assignments, and validates column-level lineage end-to-end. This is the phase that makes the platform legible to a Chief Data Officer rather than just a security architect.

Data Map capacity provisioning sized to the source-system footprint
Scan schedules and classification rules covering structured and unstructured sources
Business glossary with steward assignments and approval workflows
Column-level lineage validated end-to-end from ingestion through Power BI consumption

Phase 4 — IRM + eDiscovery

Insider Risk policies and eDiscovery Premium operationalized

Phase four operationalizes Insider Risk Management and eDiscovery Premium. EPC Group ships tuned IRM policy templates, anonymization workflows, HR-system integration, reviewer dashboards, and the Communication Compliance program for regulated workforces. eDiscovery Premium is stood up with a starter case library, custodian management workflows, and load-file export templates for downstream review platforms.

IRM policy templates tuned to the customer threat model with HR-system trigger integration
Communication Compliance program with reviewer dashboards and information barriers if applicable
eDiscovery Premium custodian, hold, and review-set workflows operational
Adaptive Protection enabled — risk-score-driven DLP and Conditional Access escalation

Phase 5 — Operate

Managed Purview with senior-architect escalation

Phase five is steady-state operation. EPC Group provides managed Purview services — policy tuning, classifier health, scan health, label scheme evolution, regulatory change management, and quarterly governance steering committee output. Senior-architect escalation is the differentiator; tier-one analysts handle routine cases, but every customer has named senior architects on call for the cases that matter.

Monthly governance health report covering label coverage, DLP false-positive rate, IRM case throughput
Quarterly regulatory change review — new state privacy laws, SEC and FINRA rule changes, healthcare guidance
Annual file-plan refresh with records officer sign-off
Senior-architect on-call escalation tied to compliance incident severity matrix

Continue exploring the EPC Group enterprise Microsoft library

Purview sits at the data and AI governance plane inside the broader Microsoft Cloud orchestration story. These hubs and analyses cover adjacent and complementary territory.

Microsoft Cloud Orchestrator

The end-to-end Microsoft cloud orchestration model under which Purview is the data and AI governance plane.

Enterprise regulated analytics on Microsoft

How Power BI, Fabric, and Purview deliver analytics under the compliance frame Purview enforces.

Standards alignment library

HIPAA, FINRA, GLBA, FedRAMP, CMMC, GxP, GDPR, and ITAR control mappings for Microsoft Purview.

Healthcare Microsoft consulting (HIPAA)

HIPAA Security Rule mapping with Purview labels, DLP, IRM, and Communication Compliance for clinical workflows.

Federal Microsoft consulting — FedRAMP and CMMC

Purview in GCC High and Azure Government, CUI sensitivity labels, and FedRAMP-aligned audit retention.

Microsoft Defender XDR enterprise guide

The security plane that pairs with Purview’s governance plane — Defender XDR plus Defender for Cloud Apps integration.

Data governance services

The broader EPC Group data governance engagement model — strategy, operating model, and platform delivery.

Digital transformation — Microsoft enterprise 2026

The five-stage EPC Group Lifecycle inside which the Purview Accelerator is the governance workstream.

Why EPC Group leads enterprise Purview deployments

Years Microsoft consulting

70+

Fortune 500 clients

216+

M&A tenant consolidations

1.83 million

Users migrated

Microsoft Solutions Partner — Security & Modern Work

Microsoft Solutions Partner with the Security and Modern Work designations plus four additional designations covering Infrastructure, Data & AI, Digital & App Innovation, and Business Applications. Senior architects average two decades of Microsoft platform delivery experience.

Four-time Microsoft Press author

Founder Errin O’Connor has nearly three decades of Microsoft consulting leadership and is a four-time Microsoft Press author across Power BI, SharePoint, Azure, and large-scale migrations.

Fixed-fee accelerators

Every Purview engagement is fixed-fee with a costed roadmap and a named senior architect on-record from kickoff through go-live. No T&M overruns, no offshore handoff, no junior-analyst-led production cutover.

Compliance-native

EPC Group is compliance-native across HIPAA, SOC 2, FedRAMP, FINRA, CMMC, and GxP. Purview deployments ship with auditor-ready Compliance Manager assessments, evidence packages, and exception-management workflows — not generic screenshots.

Frequently asked questions — Microsoft Purview

What is the difference between Microsoft Purview and Azure Information Protection (AIP)?

Microsoft Purview is the unified data governance and compliance platform that consolidates and supersedes Azure Information Protection, Microsoft Information Protection, Azure Purview (the original data catalog), Office 365 Advanced Compliance, and the M365 compliance portal under a single brand and single portal at compliance.microsoft.com and purview.microsoft.com. AIP labels, the AIP unified labeling client, and the AIP scanner have all been re-platformed inside Purview as sensitivity labels, the Microsoft Purview Information Protection client, and the Purview Information Protection scanner. Customers who still reference AIP are typically running older documentation — the product, license, and portal are now Microsoft Purview.

How do Purview sensitivity labels work in Power BI and Microsoft Fabric?

Sensitivity labels apply to Power BI semantic models, reports, dashboards, dataflows, datamarts, and the underlying Microsoft Fabric OneLake artifacts (lakehouses, warehouses, KQL databases). Labels propagate down — labeling a Fabric workspace propagates to child items, labeling a semantic model propagates to reports built on it, and exports (PDF, PowerPoint, Excel) carry the label and any encryption with them. Label-based DLP policies block external sharing of labeled Power BI content. The label-aware Fabric architecture is the regulated-analytics answer: PHI labeled at ingestion in the lakehouse carries the label through transformation and into the Power BI report a clinician opens — and a downstream export to Excel retains the encryption.

What is the difference between DLP audit mode and enforce mode and why does it matter?

DLP audit mode detects and logs policy matches without blocking the user action. Enforce mode blocks the action, shows a policy tip, and optionally allows override-with-justification. The activation gap pattern EPC Group sees most often is enterprises that ran DLP in audit mode at deployment, intended to migrate to enforce after a tuning cycle, and never completed the migration. Audit-only DLP catches nothing in real time — it produces evidence after the loss event. The migration discipline is a thirty-to-sixty-day false-positive review window, an exception workflow for business-need overrides, and a documented promotion gate signed off by the compliance owner. EPC Group ships the workflow as part of the Phase 2 deliverable.

What is the difference between eDiscovery Standard and eDiscovery Premium?

Standard provides legal hold across Microsoft 365 workloads, case management, search across mailboxes and sites, and export to PST or load files. Premium adds custodian management with communication acknowledgments, in-place processing (no PST round-trip), near-duplicate detection, email threading, themes analysis, predictive coding (machine-learning relevance scoring), review sets with redaction and tagging, and structured analytics inside the portal. Premium is required if Copilot interaction history must be preserved and discoverable, and Premium is what legal departments need to run a first-pass review inside Microsoft rather than exporting to Relativity or Everlaw for the full case. Most M365 E5 customers own Premium and have never run a Premium case.

What is the ROI of Insider Risk Management for a regulated enterprise?

IRM ROI is measured against three loss categories — data theft by departing employees (highest dollar impact), inadvertent data leakage by tenured employees (highest volume), and policy violations triggering regulatory penalty (highest variance). A tuned IRM program with HR-system trigger integration and Adaptive Protection typically catches three to seven departing-employee theft scenarios per year per ten-thousand-user tenant, with average prevented loss per scenario in the high six figures for financial services and healthcare. The investment is the EPC Group Phase 4 deliverable plus quarterly tuning — payback inside year one for any enterprise with regulated data and an active workforce of over two-thousand users.

How does Communication Compliance enforce an ethical wall in legal or financial services?

Communication Compliance enforces ethical walls through information barriers — bidirectional block rules between defined segments of the directory. In financial services, research analysts cannot Teams chat or email a banker covering the same issuer. In legal, attorneys staffed on adverse matters cannot communicate about those matters. In healthcare, providers in conflicted treatment teams cannot share PHI. The information barrier engine sits in Exchange, Teams, SharePoint, and OneDrive, blocks the message before it sends, and produces audit evidence. EPC Group ships the segment design, policy authoring, and reviewer workflows as part of the Phase 4 deliverable for regulated-workforce customers.

How does Records Management handle retention, disposition, and audit defense?

Records Management applies file plan retention labels with full lifecycle — active retention, inactive retention, disposition review (multi-stage reviewer chain), and permanent delete or transfer. Event-based retention triggers the retention clock when a real-world event fires (employee separation, contract closeout, case closure) rather than at document creation. Adaptive scopes target retention dynamically based on department, location, or sensitivity label. The audit-defense story is the disposition review evidence package — every retained-then-disposed record has a reviewer sign-off chain, justification capture, and immutable audit log entry. This is what defends an SEC 17a-4 audit, a FINRA Rule 4511 review, or a FOIA challenge.

How does Purview support HIPAA, FedRAMP, and label-aware Copilot grounding?

Purview supports HIPAA through the Microsoft 365 BAA, HIPAA-aligned DLP policy templates, PHI sensitivity label schemes, BAA-aligned audit log retention, and Communication Compliance for HIPAA-restricted disclosures. FedRAMP coverage runs in Microsoft 365 GCC High and Azure Government with FedRAMP High audit log requirements, NIST 800-53 Rev. 5 AU control family alignment, and CUI sensitivity label schemes. Label-aware Copilot grounding is the regulated-industry architecture — Microsoft 365 Copilot honors sensitivity labels on retrieved content, so a clinician asking Copilot to summarize a patient chart only retrieves content the clinician is authorized to read, and a Copilot Studio agent grounded on a labeled SharePoint library will not surface labeled content to an unauthorized requester. This is why label coverage is the prerequisite for safe Copilot rollout in regulated environments.

Activate the Purview you already own — and make Copilot safe

Book a Purview briefing with an EPC Group senior architect. Two-hour working session — license inventory, label-scheme review, DLP audit-vs-enforce posture, IRM and eDiscovery activation gap analysis, accelerator scoping. Zero obligation, board-ready output.

Book the briefing 888-381-9725

‌
‌
‌

‌
‌