Microsoft Purview data compliance solutions

Microsoft Purview data compliance solutions help you manage and monitor your data, protect information, minimize compliance risks, and meet regulatory requirements. This article helps you learn about Microsoft Purview data compliance solutions and quickly get started with deploying these solutions to meet specific compliance needs for your organization.

If you're new to Microsoft Purview, consider starting with the Microsoft Purview Suite trial to explore compliance capabilities at the E5 level for free.

Data compliance solutions

Microsoft Purview offers the following data compliance solutions to help your organization manage data risk, meet regulatory requirements, and respond to legal obligations:

• Monitor organizational activity with Microsoft Purview Audit
• Detect inappropriate messages with Microsoft Purview Communication Compliance
• Manage regulatory requirements with Microsoft Purview Compliance Manager
• Retain and delete content with Microsoft Purview Data Lifecycle Management
• Identify and collect data for legal cases with Microsoft Purview eDiscovery
• Meet record-keeping requirements with Microsoft Purview Records Management

Monitor organizational activity with Audit

Microsoft Purview auditing solutions provide an integrated solution to help organizations effectively respond to security events, forensic investigations, internal investigations, and compliance obligations. Your organization's unified audit log captures, records, and retains thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions.

Use Audit when your organization needs to:

• Investigate possible security breaches and determine the scope of compromise.
• Support internal investigations by tracking user and admin activities across Microsoft 365 services.
• Meet compliance obligations through long-term audit record retention.
• Conduct forensic investigations by reviewing when mail items were accessed, forwarded, or replied to.

To get started with Audit or learn more, see the following articles:

• Get started with auditing solutions
• Search the audit log
• Audit logs for Copilot and AI applications
• Manage audit log retention policies

Detect inappropriate messages with Communication Compliance

Microsoft Purview Communication Compliance helps minimize risks by helping you quickly detect, capture, and take remediation actions for email and Microsoft Teams communications. These actions include inappropriate communications containing profanity, threats, and harassment and communications that share sensitive information inside and outside of your organization.

Use Communication Compliance when your organization needs to:

• Detect and act on workplace harassment, threats, or profanity in employee communications.
• Monitor for inappropriate sharing of sensitive information inside and outside your organization.
• Meet regulatory requirements for messaging oversight in financial services, such as FINRA Rule 3110.
• Identify potential insider trading, collusion, or unauthorized communications about confidential projects.

To get started with Communication Compliance or learn more, see the following articles:

• Learn about communication compliance
• Plan for communication compliance
• Create and manage policies
• Investigate and remediate alerts

Manage regulatory requirements with Compliance Manager

Microsoft Purview Compliance Manager helps you manage your organization's compliance requirements with greater ease and convenience. Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors. Microsoft also offers a comprehensive set of compliance offerings to help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data.

Use Compliance Manager when your organization needs to:

• Assess and manage compliance posture across multicloud environments.
• Prepare for audits by tracking improvement actions and compliance scores.
• Stay current with evolving regulations by using prebuilt assessments for more than 360 industry and regional standards.
• Prioritize which actions to take first based on risk-based compliance scoring.

To get started with Compliance Manager or learn more, see the following articles:

• Get started with Compliance Manager
• Build and manage assessments
• Learn about regulations
• Working with improvement actions

Retain and delete content with Data Lifecycle Management

Microsoft Purview Data Lifecycle Management provides tools and capabilities to retain and delete content across Exchange, SharePoint, OneDrive, Microsoft 365 Groups, Teams, and Viva Engage. Retaining and deleting emails, documents, and messages often meets compliance and regulatory requirements. However, deleting content that no longer has business value also reduces your exposure to cyberattacks.

Use Data Lifecycle Management when your organization needs to:

• Retain content for a specified period to meet compliance and regulatory requirements.
• Delete content that no longer has business value to reduce your exposure to cyberattacks.
• Archive mailbox data for users who need more than 100 GB of storage.
• Retain mailbox content after employees leave your organization through inactive mailboxes.

To get started with Data Lifecycle Management or learn more, see the following articles:

• Get started with data lifecycle management
• Learn about retention policies and retention labels
• Create retention policies
• Learn about archive mailboxes

Identify and collect data for legal cases with eDiscovery

Microsoft Purview eDiscovery is the process of identifying, collecting, and auditing electronic information for legal, regulatory, or business reasons. Use eDiscovery to search for data and content in Exchange Online, OneDrive, SharePoint, Microsoft Teams, Microsoft 365 Groups, and Viva Engage teams. You can search mailboxes and sites in the same eDiscovery search, and then export the search results for analysis and review.

Use eDiscovery when your organization needs to:

• Identify and collect electronically stored information as evidence for legal cases.
• Respond to regulatory investigation and litigation requests.
• Preserve content in place to prevent deletion during an investigation.
• Reduce review costs by using analytics like near-duplicate detection and email threading.

To get started with eDiscovery or learn more, see the following articles:

• Learn about the eDiscovery workflow
• Get started with eDiscovery
• Create and manage cases
• Search for content
• Manage review sets

Meet record-keeping requirements with Records Management

Microsoft Purview Records Management helps your organization manage its legal obligations, provides the ability to demonstrate compliance with regulations, and increases efficiency by regularly disposing of items that are no longer required to be retained, no longer of value, or no longer required for business purposes.

Use Records Management when your organization needs to:

• Declare items as records or regulatory records to ensure content remains immutable.
• Start retention periods based on specific events, such as contract expiration or employee termination.
• Conduct disposition reviews with proof of deletion for compliance auditing.
• Manage the lifecycle of business-critical content with strict control and audit trails.

To get started with Records Management or learn more, see the following articles:

• Get started with records management
• Declare records by using retention labels
• Create and manage retention labels with file plan
• Manage disposition of data

Related Microsoft Purview solutions

Microsoft Purview data compliance solutions work alongside other Microsoft Purview solution areas:

• Microsoft Purview data security solutions
• Microsoft Purview data governance solutions

To deploy integrated compliance solutions, see Deploy a data governance solution.