Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
The Microsoft Purview Posture Reports are in preview.
Posture Reports
Microsoft Purview collects, analyzes and presents a huge amount of data about how the information in your organization is being used and protected. This data is surfaced through the Audit logs, Activity explorer, Content explorer, solution level dashboards, and reports to name a few. Processing this data into meaningful insights is a complex task that falls to SOC admins and solution level admins. To help with this task, Purview Posture Reports provide pre-built reports that surface key insights about your organizations performance and approach to information protection and data loss prevention.
Posture Reports can be used to help you answer questions for executive and operations like:
- Is Purview doing what we intend it to do?
- Are our policies effective?
- Where are the gaps in our protection strategy?
poicies in simulation mode don't show up in Posture Reports
You find Posture Reports in the Microsoft Purview portal:
- Information Protection > Reports
- Data Loss Prevention > Reports
Information Protection posture reports
These reports are in preview.
The data shown in these reports gathered on a 30 day rolling window basis. Make sure you save any reports (as .PDF) that you want to keep for future reference. You can also configure and save your preferred filter settings for future use.
- Label distribution and adoption
- Auto-labeling policy coverage
- Sensitivity label activity
Data Loss Prevention posture reports
These reports are in preview.
The data shown in these reports gathered on a 30 day rolling window basis. Make sure you save any reports (as .PDF) that you want to keep for future reference. You can also configure and save your preferred filter settings for future use.
- Most triggered DLP rules and activities
- DLP policies with highest trigger volume
- Top DLP policy violators
Note
DLP policies in simulation mode don't show up in Posture Reports
Reports
As a Microsoft 365 administrator or compliance administrator, you can evaluate and then tag content in your organization to control where it goes, protect it no matter where it is, and ensure that it's preserved and deleted according to your organization's needs. You do this through the application of sensitivity labels, retention labels, sensitive information types (SIT) classification, and classification by trainable classifiers. There are various ways to do the discovery, evaluation, and tagging, but the end result is that you might have large numbers of documents and emails that are tagged and classified with one or more of these labels. You need to see:
- how the labels are being used across your tenant and what is being done with those items
- the protections being placed on items
- most commonly occurring activities
The Reports tool, in the Information protection solution, and in the Data Loss Prevention (DLP) solution. provides visibility into that information and more. The reports include information from both Microsoft 365 source services (Exchange, SharePoint, OneDrive) and non-Microsoft 365 sources.
For example, the Reports show you:
- information on protection policies (preview)
- the trainable classifiers that are detected most in items across your cloud platforms
- the number items that are classified as a sensitive information type and what those classifications are
- the SITs that are detected most in items across your cloud platforms
- the top applied sensitivity labels and activities
- a summary of activities that users take on your sensitive content
- the locations of your sensitive and retained data
- summary information on email encryption
The sections in the Reports page are interactive so you can drill down into the details to get more information and provide links to:
Prerequisites
Permissions
To access Reports, an account must be a member of any one of these roles or role groups.
Microsoft 365 role groups
- Compliance administrator
- Security administrator
- Compliance data administrator
- Global administrator
Note
As a best practice, always use the role with least privilege to grant access to Microsoft 365 data classification.
Roles and role groups
You can use roles and role groups to fine tune your access controls.
Here's a list of applicable roles. To learn more about them, see Permissions in the Microsoft Purview portal.
- Information Protection Admin
- Information Protection Analyst
- Information Protection Investigator
- Information Protection Reader
Here's a list of applicable role groups. To learn more about them, see Permissions in the Microsoft Purview portal.
- Information Protection
- Information Protection Admins
- Information Protection Analysts
- Information Protection Investigators
- Information Protection Readers
See also
- View label activity
- View labeled content
- Learn about sensitivity labels
- Learn about retention policies and retention labels
- Learn about sensitive information types
- Sensitive information type entity definitions
- Learn about trainable classifiers (preview)
To learn how to use data classification to comply with data privacy regulations, see Deploy information protection for data privacy regulations with Microsoft 365 (aka.ms/m365dataprivacy).