ASD - Australian Signals Directorate

ASD's Blueprint for Secure Cloud

Microsoft Purview

The set of solutions to assist organisations with governing, protecting, and managing data for system(s) built using ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Microsoft Purview encompasses a number of solutions which can be used to protect organisational data. The following solutions are used to assist in meeting the requirements outlined in the Protective Security Policy Framework (PSPF), ASD’s Information Security Manual (ISM), and other related standards and regulations:

  • Information Protection assists the discovery, classification and protection of information
  • Data Loss Prevention prevents the unauthorised use and sharing of information
  • Compliance Manager automatically assess and manage information compliance against known standards
  • Data Lifecycle Management retains and deletes information
  • Auditing captures, records and retains user and administrative operations

While the Purview solutions outlined above integrate with several end-user applications and services, the design guidance is largely focussed on email communications. This approach has been taken due to the detailed email marking requirements outlined in the PSPF and the complexity associated with using Purview to detect implicit sensitive and security classified information.

Purview has many specific requirements depending on which applications, services and document types are used across an organisation. Organisations must assess Microsoft’s minimum versions for sensitivity labels in Office apps documentation and the Purview deployment guides in conjunction with this design and configuration guidance to ensure suitable implementation. Known issues with sensitivity labels in Office apps are also tracked and should be checked prior to implementation.

Security & Governance

Design

  • None identified

Configuration

References

Information labelling and classification

This section describes the design decisions associated with the labelling and classification of information with Microsoft Purview for system(s) built using ASD's Blueprint for Secure Cloud.

Azure Rights Management

This section describes the design decisions associated with Azure Rights Management with Microsoft Purview for system(s) built using ASD's Blueprint for Secure Cloud.

Data Loss Prevention

This section describes the design decisions associated with Data Loss Prevention with Microsoft Purview for system(s) built using ASD's Blueprint for Secure Cloud.

Email handling

This section describes how email is handled within Microsoft Purview for system(s) built using ASD's Blueprint for Secure Cloud.

Compliance Manager

This section describes the design decisions associated with Compliance Manager with Microsoft Purview for system(s) built using ASD's Blueprint for Secure Cloud.

Data Lifecycle Management

This section describes the design decisions associated with Data Lifecycle Management with Microsoft Purview for system(s) built using ASD's Blueprint for Secure Cloud.

Audit

This section describes the design decisions associated with Audit with Microsoft Purview for system(s) built using ASD's Blueprint for Secure Cloud.

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra