Showing posts with label Purview. Show all posts
Showing posts with label Purview. Show all posts

29 April 2025

🏭🗒️Microsoft Fabric: Purview [Notes]

Disclaimer: This is work in progress intended to consolidate information from various sources for learning purposes. For the latest information please consult the documentation (see the links below)! 

Last updated: 29-Apr-2025

[Microsoft Purview] Purview
  • {def} comprehensive data governance and security platform designed to help organizations manage, protect, and govern their data across various environments [1]
    • incl. on-premises, cloud & SaaS applications [1]
    • provides the highest and most flexible level of functionality for data governance in MF [1]
      • offers comprehensive tools for 
        • data discovery
        • data classification
        • data cataloging
  • {capability} managing the data estate
    • {tool} dedicated portal
      • aka Fabric Admin portal
      • used to control tenant settings, capacities, domains, and other objects, typically reserved for administrators
    • {type} logical containers
      • used to control access to data and capabilities [1]
      • {level} tenants
        • settings for Fabric administrators [1]
      • {level} domains
        • group data that is relevant to a single business area or subject field [1]
      • {level} workspaces 
        • group Fabric items used by a single team or department [1]
    • {type} capacities
      • objects that limit compute resource usage for all Fabric workloads [1]
  • {capability} metadata scanning
    • extracts values from data lakes
      • e.g. names, identities, sensitivities, endorsements, etc. 
      • can be used to analyze and set governance policies [1]
  • {capability} secure and protect data
    • assure that data is protected against unauthorized access and destructive attacks [1]
    • compliant with data storage regulations applicable in your region [1]
    • {tool} data tags
      • allows to identity the sensitivity of data and apply data retentions and protection policies [1]
    • {tool} workspace roles
      • define the users who are authorized to access the data in a workspace [1]
    • {tool} data-level controls
      • used at the level of Fabric items
        • e.g. tables, rows, and columns to impose granular restrictions.
    • {tool} certifications
      • Fabric is compliant with many data management certifications
        • incl. HIPAA BAA, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27001, ISO/IEC 27701 [1]
  • {feature} OneLake data hub
    • allows users to find and explore the data in their estate.
  • {feature} endorsement
    • allows users to endorse a Fabric item to identity it as of high quality [1]
      • help other users to trust the data that the item contains [1]
  • {feature} data lineage
    • allows users to understand the flow of data between items in a workspace and the impact that a change would have [1]
  • {feature} monitoring hub
    • allows to monitor activities for the Fabric items for which the user has the permission to view [1]
  • {feature} capacity metrics
    • app used to monitor usage and consumption
  • {feature} allows to automate the identification of sensitive information and provides a centralized repository for metadata [1]
  • feature} allows to find, manage, and govern data across various environments
    • incl. both on-premises and cloud-based systems [1]
    • supports compliance and risk management with features that monitor regulatory adherence and assess data vulnerabilities [1]
  • {feature} integrated with other Microsoft services and third-party tools 
    • {benefit} enhances its utility
    • {benefit} streamlines data access controls
      • enforcing policies, and delivering insights into data lineage [1]
  • {benefit} helps organizations maintain data integrity, comply with regulations, and use their data effectively for strategic decision-making [1]
  • {feature} Data Catalog
    • {benefit} allows users to discover, understand, and manage their organization's data assets
      • search for and browse datasets
      • view metadata
      • gain insights into the data’s lineage, classification, and sensitivity labels [1]
    • {benefit} promotes collaboration
      • users can annotate datasets with tags to improve discoverability and data governance [1]
    • targets users and administrator
    • {benefit} allows to discover where patient records are held by searching for keywords [1]
    • {benefit} allows to label documents and items based on their sensitiveness [1]
    • {benefit} allows to use access policies to manage self-service access requests [1]
  • {feature} Information Protection
    • used to classify, label, and protect sensitive data throughout the organization [1]
      • by applying customizable sensitivity labels, users classify records. [1]
      • {concept} policies
        • define access controls and enforce encryption
        • labels follow the data wherever it goes
        • helps organizations meet compliance requirements while safeguarding data against accidental exposure or malicious threats [1]
    • allows to protect records with policies to encrypt data and impose IRM
  • {feature} Data Loss Prevention (DLP)
    • the practice of protecting sensitive data to reduce the risk from oversharing [2]
      • implemented by defining and applying DLP policies [2]
  • {feature} Audit
    • user activities are automatically logged and appear in the Purview audit log
      • e.g. creating files or accessing Fabric items
  • {feature} connect Purview to Fabric in a different tenant
    • all functionality is supported, except that 
      • {limitation} Purview's live view isn't available for Fabric items [1]
      • {limitation} the system can't identify user registration automatically [1]
      • {limitation} managed identity can’t be used for authentication in cross-tenant connections [1]
        • {workaround} use a service principal or delegated authentication [1]
  • {feature} Purview hub
    • displays reports and insights about Fabric items [1]
      • acts as a centralized location to begin data governance and access more advanced features [1]
      • via Settings >> Microsoft Purview hub
      • administrators see information about their entire organization's Fabric data estate
      • provides information about
        • Data Catalog
        • Information Protection
        • Audit
    • the data section displays tables and graphs that analyze the entire organization's items in MF
      • users only see information about their own Fabric items and data

References:
[1] Microsoft Learn (2024) Purview: Govern data in Microsoft Fabric with Purview[link]
[2] Microsoft Learn (2024) Purview: Learn about data loss prevention [link]
[3] Microsoft Learn (2024) [link]

Resources:

Acronyms:
DLP - Data Loss Prevention
M365 - Microsoft 365
MF - Microsoft Fabric
SaaS - Software-as-a-Service
Posted by at No comments:
Labels: , ,

🏭🗒️Microsoft Fabric: Data Loss Prevention (DLP) in Purview [Notes]

Disclaimer: This is work in progress intended to consolidate information from various sources for learning purposes. For the latest information please consult the documentation (see the links below)! 

Last updated: 10-Jun-2025

[Microsoft Purview] Data Loss Prevention (DLP)
  • {def} the practice of protecting sensitive data to reduce the risk from oversharing [2]
    • implemented by defining and applying DLP policies [2]
  • {benefit} helps to protect sensitive information with policies that automatically detect, monitor, and control the sharing or movement of sensitive data [1]
    • administrators can customize rules to block, restrict, or alert when sensitive data is transferred to prevent accidental or malicious data leaks [1]
  • {concept} DLP policies
    • allow to monitor the activities users take on sensitive items and then take protective actions [2]
      • applies to sensitive items 
        • at rest
        • in transit [2]
        • in use [2]
      • created and maintained in the Microsoft Purview portal [2]
    • {scope} only supported for Power BI semantic models [1]
    • {action} show a pop-up policy tip to the user that warns that they might be trying to share a sensitive item inappropriately [2]
    • {action} block the sharing and, via a policy tip, allow the user to override the block and capture the users' justification [2]
    • {action} block the sharing without the override option [2]
    • {action} [data at rest] sensitive items can be locked and moved to a secure quarantine location [2]
    • {action} sensitive information won't be displayed 
      • e.g. Teams chat
  • DLP reports
    • provides data from monitoring policy matches and actions, to user activities [2]
      • used as basis for tuning policies and triage actions taken on sensitive items [2]
    • telemetry uses M365 audit Logs and processed the data for the different reporting tools [2]
      • M365 provides with visibility into risky user activities [2]
      • scans the audit logs for risky activities and runs them through a correlation engine to find activities that are occurring at a high volume [1]
        • no DLP policies are required [2]
  • {feature} detects sensitive items by using deep content analysis [2]
    • ⇐ not by just a simple text scan [2]
    • based on
      • keywords matching [2]
      • evaluation of regular expressions [2] 
      • internal function validation [2]
      • secondary data matches that are in proximity to the primary data match [2]
      • ML algorithms and other methods to detect content that matches DLP policies
    • all DLP monitored activities are recorded to the Microsoft 365 Audit log [2]
  • DLP lifecycle
    • {phase} plan for DLP
      • train and acclimate users to DLP practices on well-planned and tuned policies [2]
      • {recommendation} use policy tips to raise awareness with users before changing the policy status from simulation mode to more restrictive modes [2]
    • {phase} prepare for DLP
    • {phase} deploy policies in production
      • {action} define control objectives, and how they apply across workloads [2]
      • {action} draft a policy that embodies the objectives
      • {action} start with one workload at a time, or across all workloads - there's no impact yet
      • {feature} implement policies in simulation mode
        • {benefit} allows to evaluate the impact of controls
          • the actions defined in a policy aren't applied yet
        • {benefit} allows to monitor the outcomes of the policy and fine-tune it so that it meets the control objectives while ensuring it doesn't adversely or inadvertently impacting valid user workflows and productivity [2]
          • e.g. adjusting the locations and people/places that are in or out of scope
          • e.g. tune the conditions that are used to determine if an item and what is being done with it matches the policy
          • e.g. the sensitive information definition/s
          • e.g. add new controls
          • e.g. add new people
          • e.g. add new restricted apps
          • e.g. add new restricted sites
        • {step} enable the control and tune policies [2]
          • policies take effect about an hour after being turned on [2]
      • {action} create DLP policy 
      • {action} deploy DLP policy 
  • DLP alerts 
    • alerts generated when a user performs an action that meets the criteria of a DLP policy [2]
      • there are incident reports configured to generate alerts [2]
      • {limitation} available in the alerts dashboard for 30 days [2]
    • DLP posts the alert for investigation in the DLP Alerts dashboard
    • {tool} DLP Alerts dashboard 
      • allows to view alerts, triage them, set investigation status, and track resolution
        • routed to Microsoft Defender portal 
        • {limitation} available for six months [2]
      • {constraint} administrative unit restricted admins see the DLP alerts for their administrative unit only [2]
  • {concept} egress activities (aka exfiltration)
    • {def} actions related to exiting or leaving a space, system or network [2]
  • {concept}[Microsoft Fabric] policy
    • when a DLP policy detects a supported item type containing sensitive information, the actions configured in the policy are triggered [3]
    • {feature} Activity explorer
      • allows to view Data from DLP for Fabric and Power BI
      • for accessing the data, user's account must be a member of any of the following roles or higher [3]
        • Compliance administrator
        • Security administrator
        • Compliance data administrator
        • Global Administrator 
          • {warning} a highly privileged role that should only be used in scenarios where a lesser privileged role can't be used [3]
        • {recommendation} use a role with the fewest permissions [3]
    • {warning} DLP evaluation workloads impact capacity consumption [3]
    • {action} define policy
      • in the data loss prevention section of the Microsoft Purview portal [3]
      • allows to specify 
        •  conditions 
          • e.g. sensitivity labels
        •  sensitive info types that should be detected [3]
      • [semantic model] evaluated against DLP policies 
        • whenever one of the following events occurs:
          • publish
          • republish
          • on-demand refresh
          • scheduled refresh
        •  the evaluation  doesn't occur if either of the following is true
          • the initiator of the event is an account using service principal authentication [3]
          • the semantic model owner is a service principal [3]
      • [lakehouse] evaluated against DLP policies when the data within a lakehouse undergoes a change
        • e.g. getting new data, connecting a new source, adding or updating existing tables, etc. [3]

References:
[1] Microsoft Learn (2025) Learn about data loss prevention [link]
[2] Microsoft Learn (2024) Purview: Learn about data loss prevention [link]
[3] Microsoft Learn (2025) Get started with Data loss prevention policies for Fabric and Power BI [link]

Resources:
[R1] Microsoft Fabric Updates Blog (2024) Secure Your Data from Day One: Best Practices for Success with Purview Data Loss Prevention (DLP) Policies in Microsoft Fabric [link]
[R2] 

Acronyms:
DLP - Data Loss Prevention
M365 - Microsoft 365
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)
Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 25 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.