Microsoft PurView: What's new in February 2024 around governance, compliance and data protection (MIP, PurView, etc.)

 Here is a brief overview of this month's updates around governance, compliance and data protection offered through Microsoft PurView (MIP, etc.).

These include in particular:

General

• Updated reports, white papers and artifactsin the services trust portal with a new category of AI resources.

Sensitivity Labels

• General Availability (GA): Teams mobile applications now support calendar items corresponding to  protected meetings.
•   Preview: sensitivity labels for groups and sites have new options deployed to support visibility of private teams and channel sharing controls for invitations to other teams.
  
• Deployment: The Encryption page during the configuration of a sensitivity label is renamed Access Control. No changes are made to the existing settings for encryption.

Records and Retention Management

• During deployment, you can now modify the retention period of an existing retention label when the retention period is based on when items were labeled.

Internal risk management

• Insider Risk Management extends its detection to multicloud environments by offering ready-to-use risk indicators in Azure, AWS and SaaS applications, including Box, Dropbox and Google Drive. Organizations can use these new indicators in their data theft and leakage policies. Microsoft Purview Insider Risk Management correlates various signals to identify potential insider risks, whether malicious or unintentional, such as intellectual property theft, data leaks and security breaches. Insider Risk Management allows customers to create policies based on their own internal policies, governance and organizational requirements. Users are pseudonymized by default, role-based access controls and audit logs are in place to ensure privacy at the user level. The Preview is scheduled for March 2024.
• Update to clarify than internal risk management creates a single aggregated alert per user.
• Update:  Create and manage internal risk management strategies to clarify that you must have the Insider Risk Management or the Insider Risk Management Admins role to access the policy health status.

Communication Compliance

 Update: Create and manage communication compliance policies to clarify that correction of team messages is not supported if a user reports a message that was sent before they were added to a chat.

Compliance Management

Update of the  list of Compliance Manager regulations with the following recent additions:

• India Digital Personal Data Protection Act
• ISO/IEC 27001:2022
• Microsoft Cloud Security Benchmark v1
• NATO Directive AC/322-D(2021)0032
• NIS2 Directive (EU) 2022/2555 of the European Parliament and of the Council.

Data Map & Data Catalog

The labeling with Data Map supports 3 additional data sources : Dataverse, Azure Databricks and Snowflake.

(Preview) The  types of sensitive information can now be applied at the column level in structured Azure or third-party data resources.

More information on:What's new in Microsoft 365 compliance - Microsoft 365 Compliance | Microsoft Docs

Read also: