Which Microsoft 365 plans include Purview Compliance features?

Microsoft Purview basic features (DLP, retention, sensitivity labels, core eDiscovery, standard audit) are included in Microsoft 365 E3, Business Premium, and higher. Advanced features (Premium eDiscovery, Insider Risk Management, Communication Compliance, Audit Premium) require E5 or standalone add-on licenses. Defender for Office 365 Plan 1 is included in E3; Plan 2 requires E5 or an add-on.

How do I create a Data Loss Prevention policy in Microsoft 365?

Go to the Compliance Portal > Data loss prevention > Policies > Create policy. Choose a template (e.g., " U.S. Financial Data" or " EU GDPR"). Name the policy, choose locations (Exchange, SharePoint, OneDrive, Teams, Endpoint), define the sensitive info types to detect, set the policy tips and actions (block, warn, or audit), and turn on the policy. Start in test mode to measure impact before enforcing.

What are sensitivity labels in Microsoft 365?

Sensitivity labels classify and protect content based on its sensitivity level. Labels like " Public," " Internal," " Confidential," and " Highly Confidential" can apply encryption, watermarks, headers, and footers. Once applied, the protection travels with the file — even when shared externally or downloaded. Labels are configured in the Compliance Portal and published to users who can apply them manually or have them auto-applied based on content.

How does eDiscovery work in Microsoft 365?

eDiscovery allows you to search, hold, and export content across Exchange mailboxes, SharePoint sites, OneDrive accounts, Teams chats, and Yammer messages. Core eDiscovery (included in E3) supports up to 10 cases with basic search and export. Premium eDiscovery (E5) adds AI-powered review, near-duplicate detection, email threading, predictive coding, and custodian management. Place legal holds to prevent deletion during litigation.

What is the difference between retention policies and retention labels?

Retention policies are broad — they apply to entire locations (all Exchange mailboxes, all SharePoint sites) or specific content types. Retention labels are granular — they apply to individual items like a specific email or document. Labels support event-based retention (e.g., " retain for 7 years after contract end date") and can trigger automatic actions. Use policies for broad governance and labels for specific records management.

How do I enable audit logging in Microsoft 365?

Audit logging is enabled by default for new tenants. To verify or enable it manually, go to the Compliance Portal > Audit > Audit log search. If auditing is not enabled, click " Start recording user and admin activity." Standard audit retains logs for 90 days. Audit Premium (E5) extends retention to 1 year with custom policies up to 10 years. Search logs by user, activity type, date range, and object.

What is Insider Risk Management and do I need it?

Insider Risk Management uses signals from HR systems, security alerts, and user behavior analytics to detect risky internal activity before it becomes a breach. It correlates data like resignations, performance issues, data exfiltration patterns, and unusual access. It requires an E5 license or standalone add-on. Recommended for organizations with sensitive intellectual property, financial data, or regulated data handling requirements.

Microsoft 365 Compliance Center & Purview: Complete Setup Guide 2026

Compliance is not optional for most businesses anymore. GDPR, HIPAA, SOC 2, PCI DSS, and industry-specific regulations require organizations to protect sensitive data, retain records, and respond to legal investigations. Microsoft Purview Compliance Portal is the single interface where all of this happens in Microsoft 365.

This guide covers the four core compliance modules, an 8-phase setup workflow, and answers to the most common compliance questions. Whether you are a new admin or an experienced security professional, this is the reference you will keep open while configuring your tenant.

Expert Help Available

Have questions about this topic?

Our migration specialists can help. Chat live or request a free consultation.

Microsoft Purview Compliance Portal

The unified hub for all compliance activities in Microsoft 365.

Compliance Manager

Track compliance posture across regulations (GDPR, HIPAA, SOC 2, ISO 27001). Built-in assessment templates and improvement actions with Microsoft-managed and customer-managed controls.

Data Loss Prevention (DLP)

Create policies that prevent sensitive data (credit cards, SSNs, passport numbers, custom patterns) from being shared outside your organization. Covers Exchange, SharePoint, OneDrive, Teams, and Endpoint DLP.

Sensitivity Labels

Classify content as Public, Internal, Confidential, or Highly Confidential. Labels apply encryption, watermarks, and headers. Travel with content across M365 apps and even when files leave the tenant.

Retention Policies

Retain content for legal or regulatory requirements. Delete content after a specified period. Different policies for different locations (Exchange, SharePoint, Teams, OneDrive, Yammer).

eDiscovery

Search across all M365 content for legal investigations. Core eDiscovery for up to 10 cases. Premium eDiscovery with AI-powered predictive coding, analytics, and custodian management.

Communication Compliance

Supervise communications for policy violations (harassment, sensitive info sharing, conflicts of interest). Uses machine learning to flag risky messages in Teams, email, and Yammer.

Insider Risk Management

Detect risky user activities before they become security incidents. Correlates signals from HR systems, security alerts, and user behavior analytics. Requires E5 or add-on license.

Information Barriers

Prevent specific groups from communicating with each other. Critical for financial services (SEC 17a-4), healthcare, and government organizations with segregation requirements.

Expert Help Available

Have questions about this topic?

Our migration specialists can help. Chat live or request a free consultation.

Frequently Asked Compliance Questions

The Microsoft Purview Compliance Portal (compliance.microsoft.com) is the centralized dashboard for managing all compliance, governance, and risk activities in Microsoft 365. It replaces the older Office 365 Security & Compliance Center and combines compliance management, DLP, retention, eDiscovery, audit, insider risk, and communication compliance into a single interface.

Free Consultation

Need Help with Microsoft 365 Compliance?

Our Microsoft-certified security consultants configure DLP, sensitivity labels, retention policies, and eDiscovery for organizations of all sizes. SOC 2, HIPAA, GDPR — we handle the compliance so you handle the business.

Contact Page

24hr responseNo obligationFree quote

Get a Free Migration Quote

No spam, just expert advice.

SPF, DKIM, DMARC Setup Guide

Microsoft 365 Backup Best Practices

Google Workspace vs Microsoft 365 Security

Compliance Consulting

Need Microsoft 365 Compliance Help?

Our Microsoft-certified consultants configure DLP, sensitivity labels, retention policies, eDiscovery, and audit logging to meet your regulatory requirements. SOC 2, HIPAA, GDPR, PCI DSS — we have done them all.

Get Compliance Audit View M365 Services

DLP Policies

Retention Setup

eDiscovery

Compliance Audit

Microsoft 365Compliance Center

Have questions about this topic?

Microsoft Purview Compliance Portal

Have questions about this topic?

Frequently Asked Compliance Questions

Need Help with Microsoft 365 Compliance?

Get a Free Migration Quote

Related Guides

Need Microsoft 365 Compliance Help?

Microsoft 365
Compliance Center