Every organisation will at some point face a moment of crisis – a regulatory audit, a departing employee suspected of taking sensitive data, a legal dispute requiring evidence, or a governance failure that puts the business at risk. The question is not if it will happen, but whether your organisation is prepared when it does.

This full-day workshop uses a single, realistic business scenario – a departing employee leaking confidential data to both their personal accounts and a competitor prior to their resignation – to demonstrate several Microsoft Purview’s data security, risk, and compliance solutions.

We’ll begin with Data Classification and Information Protection to show why this is the important foundational layer to discern your sensitive from your mundane, trivial content. We’ll show how you can tie this in with Purview’s Data Loss Prevention to be able to prevent sensitive data from moving to places you don’t want it to.

We’ll then move on to Retention and Records Management and explore how a well-structured retention policy ensures that the right information is preserved for the right amount of time, and that records are protected from tampering or premature deletion. Participants will learn how to configure retention labels and policies, understand the difference between retention and deletion, and see how a defensible records management framework lays the foundation for everything that follows.

From there, we pivot to Insider Risk Management, examining how Microsoft Purview’s built-in signals and analytics can surface anomalous user behaviour – such as mass downloads, USB transfers, or unusual email forwarding – before or during an incident. We’ll also look at how Adaptive Protection can help automatically adjust Purview solutions based on a user’s risk level like the departing employee in our scenario. Attendees will see policy configuration, alert triage, and the escalation workflow that helps bridge the gap between an HR concern and a formal legal matter.

Our day concludes with eDiscovery, where participants step into the role of the compliance or legal team tasked with building a case. Using Microsoft Purview eDiscovery (Premium), we will place legal holds, run content searches across Exchange, SharePoint, and Teams, review and tag collected evidence, and understand the export process for handoff to legal counsel.

By the end of the day, attendees will leave with an understanding of how these capabilities are not isolated tools but interconnected layers of a mature compliance posture – and how getting them right before an incident occurs is what separates organizations that respond with confidence from those that scramble in the dark.

Assumed Knowledge:

1. Familiarity with the Microsoft 365 ecosystem (Exchange, SharePoint, OneDrive, Teams) 2. Basic awareness of Microsoft Purview as a compliance and data governance platform 3. A role that touches security, compliance, IT, legal, or risk 4. No scripting or developer skills needed

Practical Takeaways:

How to build a classification foundation, how to design DLP policies that prevent sensitive data from leaving, how to configure a defensible retention framework that protects records from tampering, how to detect and respond to insider risk using IRM signals and Adaptive Protection, and how to build a legal case in eDiscovery.

Out of Session Scope:

Microsoft Defender, XDR, Sentinel, and identity threat protection, Purview Data Governance (Data Map, data catalog, Fabric/Azure lineage), Advanced legal operations and Communication Compliance