Describe the capabilities and benefits of Microsoft Priva
Microsoft Privais a new privacy solution that is part of the Microsoft Purview family of products. Priva solutions help organizations proactively identify and manage privacy risks such as problematic data transfers, data oversharing, and data hoarding across their data estate.
By applying machine learning and technologies such as sensitive information types, Priva helps both organizations and employees track privacy data throughout the organization.
Microsoft Priva contains two core solutions: Priva Privacy Risk Management and Priva Subject Rights Request. Let’s dig into each of those products.
Priva Privacy Risk Management
The risk management component is used to help identify problematic data storage and transfer scenarios. Specifically, it uses policies to identify the following behaviors:
- Overexposed data
- Personal data transferred between departments or regions
- Storage of unused personal data
The Policies dashboard, shown in Figure 10.9, provides an overview of configured policies and matches throughout your organization:
Figure 10.9 – Microsoft Priva Policies dashboard
Let’s look at some specific policy features.
Overexposed data
When identifying overexposed data, Priva policies use personal information classifiers to detect data that appears to be open to large numbers of individuals in your organization. Data overexposure can lead to data compromise, theft, or other breach scenarios. To remediate these types of issues, Privacy Risk Management allows you to notify content owners about the potential risks. As part of the policy configuration, you can select what types of data to monitor using sensitive information types, and types of risky security configurations (such as Public, including External users, or Internal, where all users in the organization have access).
Data transfer
From a data transfer perspective, Privacy Risk Management policies can detect content as it’s transferred throughout your organization—between users, departments, Microsoft 365 groups, SharePoint sites, regions, or outside of the organization. See Figure 10.10:
Figure 10.10 – Microsoft Priva data transfer rule
As part of data transfer policies’ outcomes, you can choose to display policy tips and recommendations, as well as generate email notifications for policy matches.
Data minimization
Data minimization policies are used to detect unused privacy information. Using the same sensitive information types for both overexposed data and data transfer policies, the default data minimization policy template identifies content that hasn’t been modified in the last 30 days. You can select a time period of as low as 30 days and up to 120 days.
As with the other Priva management policies, you can configure alerts to notify data owners of matches.