You can set up Data Classification Policies in Microsoft Purview by making clear rules and labels. These help you keep sensitive information safe. Data classification lets you control who can see important data. It also helps you follow compliance rules. Microsoft Purview uses AI and machine learning to find and sort your data by itself.

• It cuts down on manual work by finding and tracking data in your company.

• You can see all your data assets in one place, along with their links and history.

• Built-in security and compliance tools help you meet rules like GDPR and HIPAA.

Key Takeaways

• Data classification helps keep private information safe and makes sure your company follows rules like GDPR and HIPAA.

• Microsoft Purview uses AI and special tools to find, label, and protect important data. This saves time and helps stop mistakes.

• When you set up sensitivity labels and rules in Purview, you can choose who sees different data types.

• Automatic labeling policies put tags on data for you. This helps stop data leaks and keeps your company following the rules.

• If you check and update your data classification policies often, your data stays safe. This also helps customers and regulators trust your company.

Data Classification Overview

What Is Data Classification

Before you set up Data Classification Policies, you should know what data classification is. Data classification means putting your data into groups based on how private or important it is. This helps you keep important information safe and follow rules like GDPR or HIPAA. In Microsoft Purview, you can use special tools to add labels to your data. These labels help you find, organize, and protect your data more easily.

Data classification lets you pick the right security for each kind of data. You can use the system’s built-in categories or make your own rules. Microsoft Purview lets you use both automatic and manual ways to classify, so you can cover all your data.

Here is a table that shows some common data classification groups used by big companies:

You can sort data by what it is, where it is, or let people add labels. Many companies use more than one way to make sure their data is sorted correctly.

Why It Matters

Classifying your data keeps it safe and helps you follow the law. If you do not classify your data, you might share private info by mistake. This can cause data leaks, fines, and people may stop trusting your company. Data Classification Policies help you find and protect important data, so you can avoid these problems.

• If you do not classify data, it is easier for hackers to steal it.

• You could get big fines for breaking privacy laws.

• People may not trust your company if you lose their data.

• You could lose the right to handle some types of private data.

When you classify data, it is easier to manage and protect it. You can find and lock down important files fast. Tools like Microsoft Purview help you do this automatically and make fewer mistakes. Using Data Classification Policies shows customers and rule-makers that you care about keeping data safe.

Configuring Data Classification Policies

Setting up Data Classification Policies in Microsoft Purview helps keep important data safe. It also helps your company follow the rules. You need to do a few steps to make sure your data is sorted and labeled the right way.

Accessing Purview Portal

First, you need to get into the Microsoft Purview compliance portal. Here is how you start:

1. Go to

https://compliance.microsoft.com

1. and log in with your Microsoft account.

2. If you do not have a Purview account, you can make one in the Azure portal at

https://portal.azure.com/#browse/Microsoft.Purview%2FAccounts

1. .

2. You need an Azure subscription. If you do not have one, you can set up a free one.

3. Make sure your Microsoft Entra tenant is connected to your subscription.

4. Check your user role. You need to be a Contributor, Owner, or Administrator for the Azure subscription.

5. In the Azure portal, click your username, then the three dots, and pick "My Permissions" to see what you can do.

6. If you have more than one subscription, choose the right one.

7. Search for "Microsoft Purview" in the Azure portal and open your Purview account.

You need at least a Reader role on a collection in the Purview Data Map to see the governance portal. To set up Data Classification Policies, you need roles like Data curator, Data source administrator, or Collection administrator. These roles let you manage data, make new classifications, and give permissions.

Creating Sensitivity Labels

Sensitivity labels help you mark data by how private or important it is. You can make and organize these labels in the Purview portal:

1. Log in to the Purview portal and go to Solutions > Information Protection > Sensitivity labels.

2. Click "+ Create a label" to make a new sensitivity label.

3. Pick what your label will cover, like Files, Emails, or Meetings.

4. Set up the label’s settings, such as protection and classification details.

5. To make sublabels, pick a parent label and click "Create sublabel."

6. Put labels into groups to keep things neat. Move labels up or down to set which ones are most important.

7. To change a label, select it and click "Edit label." Changes save right away.

8. Do not delete labels unless you know what will happen.

Tip: Use easy names for your labels. Try to have only 3-5 labels for each group so people do not get confused. Put the strictest labels at the bottom and the least strict at the top. Group labels in a way that makes sense using parent labels or label groups.

You need Microsoft 365 services like Exchange Online, SharePoint, Teams, and Microsoft 365 Apps for Enterprise. Make sure your apps work with sensitivity labels.

Setting Classification Rules

Classification rules help you find and sort data by patterns or values. Microsoft Purview has built-in and custom rules:

• Built-in rules find common sensitive data, like passport numbers or bank account details. These rules look for certain patterns but might not find everything.

• Custom rules let you make your own patterns for your company. You can use regular expressions (regex) or dictionary files to match data. Upload files to make regex patterns and set a match level, like 60%.

• Dictionary rules need a file with all possible values in one column. Change the match level to decide when the rule works.

Custom rules give you more control but need updates often. AI-powered classifiers use machine learning to look at data and understand what it means. This helps find tricky or special data types. These classifiers can find sensitive data that simple rules might miss.

Enabling Automatic Labeling

Automatic labeling saves time and helps stop mistakes. You can set up auto-labeling policies to tag data without doing it yourself:

1. Make sensitivity labels in the Microsoft 365 compliance portal.

2. Share the labels with users or groups.

3. Go to Solutions > Information Protection > Policies > Auto-labeling policies in the Purview portal.

4. Click "+ Create auto-labeling policy."

5. Pick a sensitivity label to use automatically.

6. Set rules for labeling, like content type or templates (Financial, Privacy).

7. Name the policy and write a description.

8. Add administrative units if you want to limit where the policy works.

9. Run the policy in simulation mode to test it.

10. Look at the results and change the policy if needed.

11. Turn on the policy to start automatic labeling in SharePoint, OneDrive, and Exchange Online.

Automatic labeling uses AI and natural language processing to check data in cloud apps, email, SharePoint, and Teams. The system looks at the meaning of data, not just words. This helps stop data loss and keeps you following the rules.

Publishing Policies

After you make labels and rules, you need to publish your Data Classification Policies:

1. Finish setting up your sensitivity label, including scope, protection, permissions, and auto-labeling.

2. Make a policy to share the label with users and put it on old content.

3. Check your policy settings and click "Create policy."

4. Confirm you made the policy and close the wizard.

5. Make sure your label is active in the Sensitivity labels menu.

6. Find your auto-labeling policy under Policies > Auto-labeling policies.

7. The policy looks for matching sensitive content before it starts.

8. After checking, the policy goes into simulation mode. Look at the items it finds and turn on the policy.

9. You get an email when the scan is done.

You can check if your policies are working by using T-SQL queries, PowerShell commands, or looking at dynamic management views. Refresh the policy cache to make sure the newest policies are being used.

By doing these steps, you set up Data Classification Policies that keep your company’s data safe and help you follow the rules. You use both manual and automatic tools, custom rules, and AI-powered classifiers to protect sensitive information.

Applying Policies Across Microsoft 365

Microsoft 365 Integration

You can use Data Classification Policies in Microsoft 365 to keep important information safe in Teams, SharePoint, OneDrive, and Office apps. First, make sensitivity labels. These labels have names, priorities, and show what kind of data they protect, like files, emails, or meetings. Set up each label with things like encryption, headers, footers, and watermarks. You can also make rules so labels are added automatically if the content matches.

To use these labels, publish them with label policies. Pick which users or groups can see and use the labels. You can also use PowerShell cmdlets to make and manage labels with code. Microsoft Purview lets you check how labels are used and if you are following the rules with built-in reports.

Sensitivity labels in Office apps add encryption and extra info to files and emails. These protections stay with the file, even if you move or share it. When you upload labeled files to SharePoint or OneDrive, the system sees and uses the labels. Office for the web lets you edit encrypted files. If you set up guest accounts, outside users can see protected files.

Annotation Management

Annotation management helps you keep track of classified data. In Microsoft Purview, you use annotation tools in the Data Map. You can look at system classifications and make your own if you need to. Custom classifications need you to make rules and add them to scan rule sets so they work automatically.

• Use the Annotation management pane to connect classifications and glossary words to data.

• Give roles like Data Curator to people who manage annotations.

• Add annotations by hand or let scans do it for you.

• When you add a classification, it stays with the data, even if rules change later.

eDiscovery tools in Purview help you mark and hide parts of documents during case reviews. You can tag documents, make PDFs of marked files, and stop unmarked versions from being sent out.

On-Premises Data Protection

You can use Data Classification Policies for on-premises data with the Information Protection scanner. Put the scanner on a Windows server in your local area. Sign in with Microsoft Entra ID to connect safely to Azure. Set up scan jobs for file shares or SharePoint on-premises places.

• Start scans by hand with PowerShell or set them up in the Purview Compliance portal.

• The scanner puts sensitivity labels on local files and uses DLP policies.

• Check scan results in local logs or the Purview Activity Explorer.

• Actions include blocking access, setting permissions, or moving files to quarantine.

The scanner makes sure your on-premises data has the same protection as your cloud data, so your data governance is always the same.

Managing and Reviewing Policies

License and Role Requirements

You must have the right licenses and roles to manage Data Classification Policies in Microsoft Purview. If you do not have the right access, you cannot make or change sensitivity labels or classification rules. The table below shows what you need:

Tip: Check user roles and licenses often. This helps you stop access problems and keeps your data governance strong.

User Training

Training helps your team learn how to use Data Classification Policies the right way. Microsoft has a training module called "Review and analyze data classification and protection" on Microsoft Learn. You can use this module to learn how to read reports, check labeled content, and watch user activity. The module teaches you how to spot trends, find patterns, and see if someone breaks the rules.

You also get many training resources:

• Email templates to help people learn

• Posters and quizzes for visual learning

• Downloadable guides with easy steps

• Webinars and demos to show real examples

• Playbooks and jump starts for hands-on practice

These resources help everyone in your company learn how to use sensitivity labels and follow policy rules. Good training means better compliance and fewer mistakes.

Policy Maintenance

You should check and update your Data Classification Policies often. Microsoft Purview says to review them from time to time to keep up with new rules and risks. You do not need a strict schedule, but regular checks help you stay compliant.

When you keep your policies up to date, you get real benefits:

• A bank made audits 40% faster after using automatic classification and retention.

• A healthcare group had 50% fewer data leaks with Purview’s data loss prevention.

• Big companies saw better data visibility and easier compliance reporting.

Regular checks and updates help you handle new threats and rules. Automated tools and real-time alerts keep your data safe and your work running smoothly.

You now know how to set up Data Classification Policies in Microsoft Purview. To keep your data safe and follow the rules, remember these important steps:

• Check your policies often to make sure they still work.

• Change labels and rules when your needs are different.

• Teach your team about new tools and good ways to use them.

If you keep learning and updating, you can protect important data and follow the rules. What you do helps keep your company’s data safe and trusted.

FAQ

How do you know which sensitivity label to use?

You should pick a label that matches how private your data is. Check your company’s rules or ask your IT team. Use the strictest label for very sensitive files.

Tip: Start with built-in labels if you feel unsure.

Can you change a sensitivity label after you apply it?

Yes, you can change a label at any time. Open the file or email, select the new label, and save your changes. Make sure you have permission to update labels.

What happens if you delete a sensitivity label?

If you delete a label, files with that label lose their protection. You should replace deleted labels with new ones. Always check with your compliance team before removing labels.

Do automatic labeling policies work on old files?

Automatic labeling can scan and label old files if you set the policy to include existing content. You must run a scan or enable retroactive labeling in the policy settings.

How do you check if your data is classified correctly?

Go to the Purview portal and use the Data Map or Activity Explorer. Review reports to see which files have labels. You can also run a scan to find missing labels.

Note: Regular checks help you keep your data safe.