Get started with Priva

Learn how to get set up to start using Microsoft Priva solutions. You'll notice that some instructions vary based on which portal you use and whether you're using the generally available (GA) solutions (Privacy Risk Management and Subject Rights Requests for data within Microsoft 365) or the preview solutions (Consent Management, Privacy Assessments, Subject Rights Requests for data beyond Microsoft 365, and Tracker Scanning). Get an overview of the Priva solutions.

Before you begin

Here's a checklist of items for ensuring that your organization is ready to start using Priva solutions:

Confirm subscriptions and licensing

Generally available (GA) solutions

If you're using:

  • Privacy Risk Management
  • Subject Rights Requests for data within Microsoft 365

These solutions can be purchased by organizations with the licenses outlined in the Microsoft Priva service description. When obtaining licenses for subject rights requests for data within Microsoft 365, you can choose the appropriate licensing tier for how many requests you need to handle. You can purchase more requests at any time.

Start a trial: The free Priva trial allows you to explore all the features and functionality of privacy risk management and subject rights requests for data within Microsoft 365. Learn how to sign up for the Priva trial.

Preview solutions and features

If you're using:

  • Consent Management (preview)
  • Privacy Assessments (preview)
  • Subject Rights Requests for data beyond Microsoft 365 (preview)
  • Tracker Scanning (preview)
  • Privacy Risk Management policies covering multicloud locations (preview)

Certain functionality within these solutions integrates with Microsoft Purview data governance solutions, such as the Data Map and Data Catalog. If your organization isn't already set up to use Microsoft Purview data governance solutions, you'll need to follow some initial steps in order to start using these solutions with an Enterprise-tier license.

The best place to start is by visiting Get started with data governance solutions. You'll find guidance in starting a free version of Microsoft Purview data governance solutions or upgrading to the Enterprise version.

Where to access Priva solutions

All Priva solutions can be accessed in the new Microsoft Priva portal (preview). Priva solutions are also available in one of two classic Microsoft Purview portals. The table below outlines where each solution can be accessed. Depending on which portal you're using, you'll need to follow each portal's instructions to sign in and set permissions.

Tip

We recommend accessing Priva solutions through the Priva portal (preview) for a streamlined sign-in process and optimal user experience. You'll also gain familiarity with how the Priva portal works in preparation for the forthcoming retirement of the classic Microsoft Purview compliance portal and the classic Microsoft Purview governance portal.

Which solutions are available in which portal
Solution Priva portal (preview) Classic Microsoft Purview compliance portal Classic Microsoft Purview governance portal
Consent Management (preview)
Privacy Assessments (preview)
Privacy Risk Management
Subject Rights Requests for data beyond Microsoft 365 (preview)
Subject Rights Requests for data within Microsoft 365
Tracker Scanning (preview)
Learn more about the portals

Sign in and set permissions

Priva uses a role-based access control (RBAC) permission model. Only users who are assigned a role can access Priva, and the actions allowed by each user are restricted by role type. The Global Administrator for your organization has permissions to assign roles to users.

Important

Microsoft recommends that you use roles with the fewest permissions. Minimizing the number of users with the Global Administrator role helps improve security for your organization.

Depending on which portal you're using to access Priva solutions, follow the appropriate instructions below for how to sign in.

Priva portal (preview)

To assign roles for GA solutions
  • Privacy Risk Management
  • Subject Rights Requests for data within Microsoft 365

Follow the steps below:

  1. Sign in to the Priva portal (preview) using credentials for an admin account in your Microsoft 365 organization.
  2. Select Settings in the upper right corner of the page, then select Roles and scopes.
  3. Set permissions for users by following the instructions at Permissions in the Microsoft Purview portal.
  4. Refer to descriptions of roles for GA solutions.
To assign roles for preview solutions
  • Consent Management (preview)
  • Privacy Assessments (preview)
  • Subject Rights Requests for data beyond Microsoft 365 (preview)
  • Tracker Scanning (preview)

Follow the steps below:

  1. Sign in to the Priva portal (preview) using credentials for a Purview admin account.
  2. In the Priva portal (preview), select View all solutions.
  3. Under Core, select Data Map.
  4. On the Domains page, select the Role assignments tab.
  5. Follow the instructions for adding governance role assignments.
  6. Refer to descriptions of roles for preview solutions.

Classic Microsoft Purview compliance portal

  1. Go to the Microsoft Purview compliance portal using credentials for an admin account in your Microsoft 365 organization.
  2. Select Roles & scopes and then Permissions in the left navigation.
  3. Under the Microsoft Purview solutions dropdown, select Roles to display the full list of role groups. See descriptions of roles for GA solutions.
  4. Find the role group to which you want to add one or more users (see role group descriptions below), and check the box to the left of the group name.
  5. On the flyout pane for that group, under the Members header, select Edit.
  6. On the flyout pane, select Choose members on the left navigation. Another flyout window appears.
  7. Select + Add to choose one or more users to add to the group.
  8. Select the checkbox next to the names you want to add, then select the Add button at the bottom.
  9. When you’re done assigning users, select Done, then Save, then Close.

Classic Microsoft Purview governance portal

  1. Go to the Microsoft Purview governance portal using credentials for a collection admin.
  2. Follow the instructions for access control inside the Microsoft Purview governance portal. See descriptions of roles for preview solutions.

Roles and role groups

Depending on the structure of your team, you have options to assign users to specific role groups to manage different sets of Priva features. Members should be assigned to role groups depending on what tasks they need to accomplish and what level of access is appropriate. Each role group includes one or more roles. These roles might pertain to specific Priva tasks or key functions that are enabled or restricted for that group’s members. Different users might therefore have different levels of visibility and access into certain Priva features.

Important

Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

Role groups can be customized if needed. To avoid accidental loss of access, we recommend creating a copy of the existing role group you wish to customize, giving the copy an identifiable name, making and verifying your changes to the new group, and assigning people to it as appropriate.

Roles and role groups for GA solutions

If you're using:

  • Privacy Risk Management
  • Subject Rights Requests for data within Microsoft 365

Most Priva roles for Privacy Risk Management and Subject Rights Requests for data within Microsoft 365 are designated as "Privacy Management" in the Microsoft Purview solutions section in Settings --> Permissions. Roles specific to Priva don't appear in Microsoft Entra ID. Learn more about Permissions settings.

Role group Description Roles Applies to
Privacy Management This role group contains all permission roles for Priva GA solutions in a single group. This group might be a good fit for organizations where the same individual performs all duties. We recommend always having at least one active member of this group. Case Management - Data Classification Content Viewer - Data Classification List Viewer - Privacy Management Admin - Privacy Management Analysis - Privacy Management Investigation - Privacy Management Permanent Contribution - Privacy Management Temporary Contribution - Privacy Management Viewer - Subject Rights Request Admin - View-Only Case Privacy Risk Management

Subject Rights Requests
Privacy Management Administrators Members have broad access to Priva functions, including permissions and settings, and creating, reading, updating, and deleting Privacy Risk Management policies. Case Management
Privacy Management Admin
View-Only Case
Privacy Risk Management

Subject Rights Requests
Privacy Management Analysts Members act as issue analysts. They can investigate policy matches, view file metadata, and take remediation actions. Members can't access content items. Case Management
Data Classification List Viewer
Privacy Management Analysis
View-Only Case
Privacy Risk Management
Privacy Management Investigators Members act as data investigators. They can investigate policy matches, view associated file content, and take remediation actions. Members can access content items. Case Management
Data Classification Content Viewer
Data Classification List Viewer
Privacy Management Investigation
View-Only Case
Privacy Risk Management
Privacy Management Viewer Members can view analytical information, such as reports, insights, and policy trends. Privacy Management Viewer Privacy Risk Management

Subject Rights Requests
Privacy Management Contributors When a user is added as a collaborator on a subject rights request, they automatically get added as a member of this role group. Learn more about adding collaborators on subject rights requests. Privacy Management Temporary Contribution
Privacy Management Permanent Contribution
Subject Rights Requests
Subject Rights Request Administrators Members have full rights to create and manage subject rights requests, and can add approvers for requests. Subject Rights Request Admin Subject Rights Requests
Subject Rights Request Approvers Members can approve subject rights requests to which they're added as an approver. Subject Rights Request Approver Subject Rights Requests

Roles for preview solutions

If you're using:

  • Consent Management (preview)
  • Privacy Assessments (preview)
  • Subject Rights Requests for data beyond Microsoft 365 (preview)
  • Tracker Scanning (preview)

A user must hold a Privacy Reader or Privacy Curator role to access the Priva preview solutions. Some solutions require extra roles for performing certain tasks. Consult the table below for an overview on required roles with links to detailed information. You can learn general information about assigning roles by visiting Governance roles and permissions.

In order to… Users need these roles Learn more
Access Priva preview solutions Privacy Reader - Privacy Curator Manage Microsoft Purview data governance permissions at the tenant/organization level.
View data assets in the Data Map that are related to Priva preview solutions Data Reader Get role descriptions and learn how to assign roles related to Data Map.
Manage data assets in the Data Map that are related to Priva preview solutions Data Curator - Data Source Admin Get role descriptions and learn how to assign roles related to Data Map.
Use Consent Management (preview) Privacy Curator - Privacy Reader Find role descriptions for this solution.
Use Privacy Assessments (preview) Data Curator - Privacy Curator - Privacy Reader Find role descriptions for this solution.
Use Subject Rights Requests for data beyond Microsoft 365 (preview) Data Reader - Privacy Curator - Privacy Reader Find role descriptions for this solution.
Use Tracker Scanning (preview) Data Source Admin - Privacy Curator - Privacy Reader Find role descriptions for this solution.

Priva availability

GA solutions

If you're using:

  • Privacy Risk Management
  • Subject Rights Requests for data within Microsoft 365

These solutions are available to customers worldwide.

However, if your organization provisioned its tenant in one of the local data centers listed below in order to meet data residency requirements, the Priva solutions won't be available to you:

  • Norway
  • Poland
  • Qatar
  • Singapore
  • South Africa
  • South Korea
  • Spain
  • Sweden
  • Switzerland
  • United Arab Emirates

Preview solutions

If you're using:

  • Consent Management (preview)
  • Privacy Assessments (preview)
  • Subject Rights Requests for data beyond Microsoft 365 (preview)
  • Tracker Scanning (preview)

The Priva solutions in preview are available in the regions listed below. The region names correspond to Azure regions supported by the Azure Cosmos DB service. Get definitions for Azure region names.

  • Australia East

  • Canada Central

  • Central India

  • East US

  • East US 2

  • North Europe

  • UK South

  • West Europe

  • West US 3

Learn more about choosing Azure regions.

Enable the Microsoft 365 audit log

Microsoft 365 audit logs are a summary of all activities within your organization. Privacy risk management policies may use these activities for generating policy insights.

Your organization might already have audit logs turned on. If you need to start using them for the first time, see Turn audit log search on or off for step-by-step instructions to turn on auditing. After you turn on auditing, a message is displayed that says the audit log is being prepared and that you can run a search in a couple of hours after the preparation is complete. You only have to do this action once. For more information about using the Microsoft 365 audit log, see Search the audit log.

How Priva works with Microsoft Purview risk and compliance solutions

Microsoft Purview Compliance Manager

Priva works hand in hand with Microsoft Purview Compliance Manager, which offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Based on the assessments you build with these templates, Compliance Manager can help you understand what steps to take to meet your organization's regulatory requirements. Taking steps in Priva to protect the personal data you store can contribute to your privacy assessments in Compliance Manager and can help improve your compliance score.

In preview: By taking specific actions in Priva, you can achieve points that count toward assessment completion and increase your overall compliance score. Examples of actions that Compliance Manager can monitor and give you credit for include setting up a Privacy Risk Management policy, and enabling data retention limits for subject rights requests. Compliance Manager automatically detects whether you've completed the actions and awards points that contribute to your compliance sore. Learn more about automated testing and monitoring in Compliance Manager.

To find Priva actions in Compliance Manager, follow the steps below:

  1. In the Microsoft Purview compliance portal, select Compliance Manager on the left navigation pane.
  2. In Compliance Manager, go to the Improvement actions tab.
  3. On the Solutions filter, select "Priva Privacy Risk Management" and "Priva Subject Rights Requests."

Microsoft Purview Data Loss Prevention

Microsoft Purview Data Loss Prevention (DLP) provides robust capabilities to help prevent the unintentional sharing of sensitive items outside of an organization. Priva can extend this protection by delivering insights unique to your organization and empowering your users to address risks right away. For example, when you use Privacy Risk Management to detect transfers of personal data outside of your organization or between certain departments, users can receive email notifications with remediation actions right in the email. Get more details about user email notifications in Privacy Risk Management.

Microsoft Priva legal disclaimer