Purview — Data Protection, Compliance & Red Team Skills
TL;DR: Purview skills audit and protect Microsoft 365 data — sensitivity labels, DLP, oversharing and AI-data risk — and package the evidence for the Essential Eight, IRAP, SOCI and the Privacy Act. Read-only by default; built for Australian compliance.
Where data protection meets evidence: each skill inspects a slice of your Microsoft 365 estate and returns a report you can paste straight into an audit, a ticket, or an IRAP evidence pack — mapped to an authoritative control. Browse the collection below, or see the full skills library.
Purview Label Coverage
Scans SharePoint libraries for the proportion of documents carrying a Purview sensitivity label and flags libraries with unlabelled sensitive content.
DSPM for AI Remediation
Turns Microsoft Purview DSPM for AI oversharing findings into an owner-assigned remediation plan mapped to sensitivity labels, DLP, and ISM evidence.
Shadow AI App Discovery
Ranks unsanctioned generative AI apps from Defender for Cloud Apps and Purview DSPM for AI signals by users, data exposure, and risk score.
Teams Meeting Label Inheritance Check
Verifies Teams recordings, transcripts, and Loop notes inherited the meeting's Purview sensitivity label, flagging unlabelled artefacts and downgrades.
Tenant DLP Coverage and Effectiveness Audit
Audit Microsoft Purview DLP coverage across Exchange, SharePoint, OneDrive, Teams and endpoints to surface gaps, overlaps and simulation results.
Copilot DLP Impact and Simulation
Simulate Microsoft Purview DLP for Microsoft 365 Copilot: preview which prompts, files and labels would be blocked and measure coverage.
Data Classification and Sensitive Info Type Coverage
Assess Microsoft Purview sensitive information type and trainable-classifier match coverage across your data estate for DLP and compliance.
Retention and Records Management Audit
Audit Microsoft Purview retention labels, policies, records management coverage, disposition reviews, and Microsoft 365 Copilot content retention.
Communication Compliance Coverage
Assess Microsoft Purview Communication Compliance policy coverage, AI-interaction monitoring, match rates and escalation health in Microsoft 365.
Insider Risk Management Coverage Review
Audit Microsoft Purview Insider Risk Management policy and indicator coverage to surface gaps and tuning opportunities, read-only.
eDiscovery and Legal Hold Readiness
Audit Microsoft Purview eDiscovery legal holds, collection integrity and search or export readiness for litigation and regulatory response.
Audit Log Retention and Coverage Validator
Verify the Microsoft Purview Unified Audit Log is enabled, retention meets Essential Eight and IRAP needs, and Copilot auditing is captured.
Copilot Interaction Compliance Audit
Analyse Microsoft 365 Copilot audit and DSPM for AI signals to surface sensitive-data exposure and compliance risk in user interactions.
Conditional Access Coverage Gap Analysis
Find users, apps, and sign-ins outside Conditional Access coverage, surfacing MFA, compliant-device, and legacy-auth gaps for Essential Eight assurance.
PIM Privileged Role and Activation Audit
Audit Entra Privileged Identity Management for standing versus eligible roles, activation anomalies and approval gaps against Essential Eight.
Access Reviews Health Audit
Audit Microsoft Entra access reviews for coverage, currency and completion, flagging stale reviews and unactioned recommendations for least-privilege governance.
Entitlement Management Access Package Audit
Audit Microsoft Entra entitlement management access packages: policies, separation of duties, approvals and expirations for identity governance.
Lifecycle Workflows Joiner Mover Leaver Coverage
Audit Microsoft Entra lifecycle workflows for joiner, mover and leaver automation coverage and manual identity gaps.
Stale and Guest Account Audit
Read-only audit that finds inactive, disabled, and orphaned Microsoft Entra guest accounts to reduce identity attack surface and support access reviews.
App Registration and Secret Hygiene
Audit Microsoft Entra app registrations for expiring secrets, certificates, missing owners and over-permissioned API access.
Enterprise App and OAuth Consent Risk Audit
Audit admin-consented enterprise apps and risky OAuth grants in Microsoft Entra to surface illicit consent and over-privileged service principals.
Workload Identity Risk Audit
Audit service principals and managed identities for risk, credentials and anomalous sign-ins using Microsoft Entra ID Protection.
Risky Users and Sign-Ins Summary
Summarise Microsoft Entra ID Protection risk detections: leaked credentials, impossible travel and password spray, with remediation paths.
MFA and Strong Authentication Coverage Audit
Audit Microsoft Entra to find users without MFA, weak SMS or voice methods, and FIDO2 or passkey adoption to lift authentication assurance.
Starter Leaver Access Review
Maps a user's SharePoint, Teams, group, mailbox, and app access and recommends an onboarding baseline or an audit-safe revocation order.
Inactive Licence Recovery
Reports Microsoft 365 users dormant past a sign-in threshold, separates disabled from dormant accounts, and quantifies recoverable AUD spend.
E8 Evidence Packager
Compiles SharePoint permission reports, access logs, and governance records into a versioned, indexed evidence folder for an Essential Eight ML2 assessment.
Zero Trust Maturity Baseline
Scores a Microsoft 365 tenant against the AT.8xxx Zero Trust control family across five pillars, with control-level evidence pointers and uplift steps.
Microsoft Secure Score Improvement Plan
Benchmark Microsoft Secure Score across identity, device, app and data and produce a prioritised improvement plan mapped to the Essential Eight.
Compliance Manager Control Mapper
Map Microsoft Purview Compliance Manager controls to ISM, Essential Eight, SOCI and the Privacy Act to produce a prioritised gap list.
Intune Device Compliance and Baseline Gap
Audit Intune devices for missing compliance policies, security baselines and encryption against Essential Eight patching and hardening.
Admin Action and Audit Trail Review
Review privileged admin actions in the Microsoft Purview audit log to detect unauthorised role changes, policy edits, and agent activity.
IRAP Evidence Trail
Reorganises governance documents into ISM-mapped evidence folders for a 2026 IRAP QA Framework assessment, indexed by control and gap-flagged.
SOCI Incident Responder
Drafts the SOCI Act incident notification brief for the 12-72 hour window: affected assets, classification, containment, impact, and recipients.
Privacy Act ADM Logger
Produces a Privacy Act-compliant automated decision-making log for an in-scope agent, capturing inputs, rationale, model version, and manual review path.