First steps in Microsoft Purview (EN)

Information Protection (IP)
TL;DR
User experience
The long version
Where to start
Data Loss Prevention (DLP)
TL;DR
User experience
Data Lifecycle Management (DLM)
TL;DR
User experience
The long version
Where to start
Records Management (RM)
TL;DR

☝

TL;DR - Microsoft Purview is a suite of solutions designed to provide comprehensive data governance, risk management, and compliance capabilities across your Microsoft 365 tenant. It enables organizations to understand and control their data landscape, ensure compliance with regulatory standards, and mitigate risks associated with data breaches and loss.

Information Protection (IP)

TL;DR

With Information Protection you can classify files or emails in your Microsoft 365 tenant. You can think of the classification as a tag that dictates the files sensitivity. The tag can also apply content markings or encryption onto the file. Later, you will use data loss prevention policies to further protect your files.
The tags are called sensitivity labels
Sensitivity labels get published to users or groups = the same sensitivity labels for all users
As of April 2025, you can tag office documents (Word, Excel, PowerPoint, PDF) and E-Mails
You can get started with licenses as low as an Microsoft 365 F3, with the most fancy stuff being possible with an E5

User experience

Once enabled and published to users, you can classify files/emails in their respective desktop apps or via the details tab in SharePoint Online or Teams.

Built-In labeling client for Office web (same for Desktop application) to apply sensitivity label to office document.

Metadata panel in SPO (same in Teams) to configure sensitivity on a document.

‣

The long version

Where to start

Classification projects need good adoption and change management. Implementing policies with less user impact makes a good start. Classification for Microsoft 365 groups can add a simple benefit to your Teams concept. Protecting internal documents in Teams from oversharing or accidentally adding guest to internal or confidential Teams groups can make a huge difference here.

From there start implementing manual labeling for documents, then optionally E-Mail. After, you can start taking a look at automated labeling and further AI features.

Data Loss Prevention (DLP)

TL;DR

With data loss prevention (DLP) you can create rules to protect your data from being overshared, accidentally or intentionally shared with third parties
You can create policies scoped to different workloads like Teams, Exchange or devices
You can get started with licenses as low as an Microsoft 365 F3, with the most fancy stuff being possible with an E5

User experience

This sample shows a policy coming into effect that protects a selected file from being shared to an external recipient.

Screenshot of sharing dialog in SharePoint being restricted by DLP and MIP when sharing externally.

Data Lifecycle Management (DLM)

TL;DR

With data lifecycle management you essentially define the lifetime of a file or item
The lifetime can defined by deletion, retention or both.
Lifetime policies can be placed onto a containers like Teams, individual items like files or E-Mails or chat messages in Teams

The lifetime of an individual file or E-Mail is defined by a retention label
If you want to apply an general lifetime to containers or chat messages, you use retention policies

Retention labels or policies are assigned to workloads or containers = general lifetimes as well as maybe department specific lifetimes
All file types that can be stored in SharePoint are supported by retention labels
You can get started with licenses as low as an Microsoft 365 F3, with the most fancy stuff being possible with an E5

User experience

Once published to a container retention labels are always selected using the details pane in SharePoint, Teams or OneDrive. Retention policies are hidden to the users but work in the background.

Metadata panel in SPO (same in Teams) to apply retention label to document.

‣

The long version

Where to start

My recommendation is to start with Retention policies (deletion based on age) for Teams and Engage messages. This will ensure a clean Microsoft Teams environment because old chats will disappear completely if the last message is deleted. Since Microsoft Teams messages should never contain final decisions or important data, you can achieve two more important goals:

Guide people from private to channel chats. Simply make the retention of private and group chats shorter than channel messages.
Guide people to document final decisions in other file types like Word, Loop or OneNote. This will help you also with backup and restore since documents are easier to restore or move than chat messages.

Records Management (RM)

TL;DR

Records management (RM) extends the capabilities of DLM

You can use disposition reviews after a file reaches its end-of-life to review the file
Upgrade retention labels to be handled as records, which can make a file non-editable after a label was applied
Run Power Automate workflows after a file reaches its end-of-life to review or move the file

RM is only available with an E5 license