Microsoft Purview
This section describes the configuration of Microsoft Purview associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.
Estimated reading time: 2 minutes
Instruction
The below pages outline the as built configuration for ASD’s Blueprint for Secure Cloud for the Microsoft Purview portal blade at the following URL:
https://compliance.microsoft.com
The settings described on these pages should be used to provide reference to a baseline implementation for a system configured using the Blueprint. Any implementation implied by these pages should not be considered as prescriptive as to how an organisation must scope, build, document, or assess a system.
Implementation of the guidance provided by the Blueprint will differ depending on an organisation’s operating context and organisational culture. Organisations should implement the Blueprint in alignment with their existing change management, business processes and frameworks.
When using automated configuration files, organisations should note they will configure the relevant settings in a Microsoft 365 tenancy exactly as outlined in the Configuration pages of the Blueprint. Organisations should ensure they customise configuration of their Microsoft 365 tenancies in accordance with their own design decisions and requirements, deviating from the Blueprint (including automated configuration files) where appropriate.
Placeholders such as <ORGANISATION.GOV.AU>, <BLUEPRINT.GOV.AU> and <TENANT-NAME> should be replaced with the relevant details as required.
Automated Configuration Deployment
Overview
Some of the Purview configuration can be automatically deployed
| Configuration | Blueprint Automation Provided |
|---|---|
| Purview Settings | No |
| Compliance Manager | No |
| Data Classification | No |
| Audit | No |
| Data Loss Prevention | Yes (DSC)1 |
| Data Lifecycle Management | Yes (DSC) |
| Information Protection | |
| - Labels | Yes (DSC)2 |
| - Label Policies | Yes (DSC)3 |
| - Auto-Labeling | No |
| - Records Management | No |
1: The Data Loss Prevention policies are created automatically, but the advanced rules must be manually configured. Refer to Data Loss Prevention Policies for configuration guidance.
2: The Protected Label encryption settings must be configured manually. Refer to Protected Label for configuration guidance.
3: The Test and Protected Label Policy must be changed to apply to test and protected user groups respectively. Refer to Test Policy and Protected Policy for configuration guidance.
Desired State Configuration
Before using the below Microsoft 365 Desired State Configuration (DSC) file, please refer to Automated Deployment for instructions.
Warning
Any existing settings in a tenancy that match the Name or UID of any settings in the DSC will be overwritten.
| Desired State Configuration File |
|---|
| Download Purview DSC (.ps1) Note: download the linked .txt file and rename to .ps1 |
| Configuration Data File: |
| The Configuration Data File can be found on the Automated Deployment page. |
Microsoft Purview Settings
This section describes the configuration of Microsoft Purview associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.
Compliance Manager
This section describes the configuration of compliance within Microsoft Purview associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.
Data classification
This section describes the configuration of data classification within Microsoft Purview associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.
Audit
This section describes the configuration of audit within Microsoft Purview associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.
Data Loss Prevention
This section describes the configuration of data loss prevention within Microsoft Purview associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.
Data lifecycle management
This section describes the configuration of data lifecycle management within Microsoft Purview associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.
Information Protection
This section describes the configuration of information protection within Microsoft Purview associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.
Records Management
This section describes the configuration of records management within Microsoft Purview associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.