Back to Capabilities of Microsoft Compliance Solutions

Microsoft Purview Portal

5 minutes 5 Questions

Microsoft Purview Portal is a unified, web-based management console designed to help organizations manage their data governance, compliance, and risk management needs from a single location. It serves as the central hub for Microsoft's compliance and data governance solutions, replacing and consoli…

Microsoft Purview Portal: A Comprehensive Guide for SC-900

Why is the Microsoft Purview Portal Important?

The Microsoft Purview Portal is the centralized hub for managing compliance, data governance, and risk management across an organization's digital estate. In today's regulatory landscape, organizations must comply with an ever-growing number of regulations such as GDPR, HIPAA, and SOX. The Microsoft Purview Portal provides a unified experience that allows compliance administrators, data officers, and security teams to assess, manage, and monitor their compliance posture from a single location. For the SC-900 exam, understanding the Purview Portal is critical because it represents Microsoft's primary compliance management interface and ties together many of the compliance solutions you will be tested on.

What is the Microsoft Purview Portal?

The Microsoft Purview Portal (accessible at purview.microsoft.com) is the modern, unified portal that replaced the older Microsoft 365 Compliance Center. It serves as a single pane of glass for managing compliance-related tasks across Microsoft 365 services and beyond. The portal brings together capabilities for:

• Data Classification – Identifying and labeling sensitive information across your environment.
• Data Loss Prevention (DLP) – Creating and managing policies that prevent the accidental sharing of sensitive information.
• Information Protection – Applying sensitivity labels and encryption to protect data at rest and in transit.
• Records Management – Managing the lifecycle of content for regulatory, legal, and business-critical records.
• Compliance Manager – Assessing your organization's compliance posture and providing actionable improvement recommendations with a compliance score.
• Insider Risk Management – Detecting and acting on risky activities within the organization.
• eDiscovery – Identifying, collecting, and producing electronically stored information for legal cases.
• Audit – Logging and searching user and admin activities across Microsoft 365 services.
• Communication Compliance – Monitoring communications for policy violations.
• Data Lifecycle Management – Applying retention and deletion policies to manage how long content is kept.
• Data Map and Data Catalog – Providing visibility into your organization's data landscape, including on-premises, multi-cloud, and SaaS data sources.

How Does the Microsoft Purview Portal Work?

The Microsoft Purview Portal operates as a web-based management console that connects to the backend services of Microsoft 365 and Azure. Here is how it functions:

1. Role-Based Access Control (RBAC):
Access to the Purview Portal is governed by role-based access. Only users assigned specific compliance roles (such as Compliance Administrator, Compliance Data Administrator, or Security Reader) can access and manage features. This ensures that the principle of least privilege is maintained.

2. Compliance Manager and Compliance Score:
One of the most prominent features is Compliance Manager. It provides a dashboard with a compliance score that reflects the organization's current compliance posture. The score is calculated based on the completion of improvement actions, which are recommended steps to meet regulatory requirements. Actions can be categorized as:
• Microsoft-managed actions – Actions that Microsoft handles as the cloud provider.
• Customer-managed actions – Actions that the organization must implement.

3. Assessments and Regulatory Templates:
Within Compliance Manager, organizations can create assessments based on pre-built regulatory templates (e.g., GDPR, ISO 27001, NIST 800-53). These assessments map specific controls to improvement actions, making it easier to track compliance against particular regulations.

4. Solutions Catalog:
The portal includes a solutions catalog where administrators can discover and enable various compliance solutions. Each solution has its own configuration area, but they all feed into the unified compliance experience.

5. Data Classification Dashboard:
The data classification section provides an overview of sensitive information types, trainable classifiers, and content that has been labeled across the organization. This helps administrators understand where sensitive data resides.

6. Policies and Alerts:
Administrators can create and manage policies for DLP, retention, sensitivity labeling, and insider risk. When policy violations occur, alerts are generated and can be investigated directly within the portal.

7. Content and Activity Explorer:
These tools allow administrators to drill into specific content items that have been classified or labeled and to review user activities related to labeled or sensitive content. Content Explorer shows the actual items, while Activity Explorer shows activities such as labels being applied or changed.

8. Integration with Microsoft Purview Data Governance:
The portal also integrates with the data governance capabilities of Microsoft Purview (formerly Azure Purview), including the Data Map, Data Catalog, and Data Estate Insights. This extends governance capabilities beyond Microsoft 365 to include Azure data services, on-premises SQL servers, and multi-cloud environments.

Key Concepts to Remember for the SC-900 Exam:

• The Microsoft Purview Portal is the unified compliance portal for managing compliance, data governance, and risk across Microsoft 365 and beyond.
• Compliance Manager provides a compliance score and improvement actions to help organizations meet regulatory requirements.
• Assessments use regulatory templates to map controls to specific frameworks and regulations.
• The compliance score includes points for both Microsoft-managed and customer-managed actions, but only customer-managed actions can be directly improved by the organization.
• Sensitivity labels and retention labels are configured and managed through the Purview Portal.
• Data Loss Prevention (DLP) policies are created and monitored here.
• eDiscovery (both Standard and Premium) cases are managed through the portal.
• Insider Risk Management and Communication Compliance are integrated solutions within the portal.
• Content Explorer requires specific permissions and lets you view actual sensitive content items.
• Activity Explorer provides visibility into activities performed on labeled content.
• The portal uses Role-Based Access Control (RBAC) to manage who can access and configure compliance features.

Exam Tips: Answering Questions on Microsoft Purview Portal

Tip 1: Know the Portal's Purpose
If a question asks where an administrator would go to manage compliance solutions, assess compliance posture, or configure data protection policies, the answer is the Microsoft Purview Portal (purview.microsoft.com). Do not confuse it with the Microsoft Defender portal (security.microsoft.com), which focuses on security, or the Entra admin center, which focuses on identity.

Tip 2: Understand Compliance Manager vs. Compliance Score
Compliance Manager is the tool or feature. The compliance score is the metric it produces. Questions may try to confuse the two. Remember: Compliance Manager contains assessments, improvement actions, and produces the compliance score.

Tip 3: Distinguish Between Microsoft-Managed and Customer-Managed Actions
Exam questions may test whether you understand that organizations cannot directly influence Microsoft-managed actions. These are actions Microsoft takes as part of its responsibility as a cloud provider. Only customer-managed actions contribute to actions you can improve.

Tip 4: Know What Each Sub-Feature Does
Be clear on the distinctions between DLP, Information Protection, Records Management, eDiscovery, Insider Risk Management, Communication Compliance, Audit, and Data Lifecycle Management. Questions often describe a scenario and ask which feature solves the problem.

Tip 5: Remember Content Explorer vs. Activity Explorer
Content Explorer = viewing what content is classified and where it lives.
Activity Explorer = viewing what actions have been taken on content (e.g., labeling, sharing, deleting).

Tip 6: Regulatory Templates are Pre-Built
Microsoft provides over 300 pre-built regulatory templates. Organizations can also create custom assessments. Questions may ask how an organization starts tracking compliance for a specific regulation—the answer involves creating an assessment from a template.

Tip 7: RBAC and Permissions
Not every user has access to the Purview Portal. Access is controlled via specific compliance-related roles. If a question asks about who can access or manage compliance features, think about role assignments like Compliance Administrator or Compliance Manager Reader.

Tip 8: The Purview Portal is Cloud-Based
The Purview Portal is a cloud-based, web-accessible portal. It does not require any on-premises infrastructure to use. However, Microsoft Purview's data governance features can scan and catalog on-premises data sources.

Tip 9: Look for Keywords in Questions
When you see keywords like compliance posture, compliance score, data classification, sensitivity labels, retention policies, DLP, eDiscovery, insider risk, or communication compliance, these all point to the Microsoft Purview Portal as the management interface.

Tip 10: Don't Overthink the Name Change
Microsoft has rebranded this portal multiple times (from Office 365 Security & Compliance Center to Microsoft 365 Compliance Center to Microsoft Purview Portal). For the SC-900 exam, focus on the current name: Microsoft Purview Portal. However, if older terminology appears in a question, recognize it refers to the same underlying compliance management experience.

Summary

The Microsoft Purview Portal is the cornerstone of Microsoft's compliance solutions. It provides organizations with the tools to classify data, protect sensitive information, manage records, assess regulatory compliance, detect insider risks, and conduct eDiscovery—all from a single, unified interface. For the SC-900 exam, focus on understanding what the portal does, which features it contains, how Compliance Manager and the compliance score work, and how to differentiate between the various compliance solutions it houses. Mastering these concepts will prepare you to confidently answer any question about the Microsoft Purview Portal on exam day.

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Unlock Premium Access

Microsoft Security, Compliance, and Identity Fundamentals + ALL Certifications

Access to ALL Certifications: Study for any certification on our platform with one subscription
3043 Superior-grade Microsoft Security, Compliance, and Identity Fundamentals practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
SC-900: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!