Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap
Decision maker portrait.
  • News
  • 5 min read

Navigating privacy in a data-driven world with Microsoft Priva

By , Director, Compliance and Privacy Marketing, Microsoft

Content types

Products and services

Topics

Data protection and privacy have become business imperatives. In a global survey conducted by Microsoft and leaders in the academic privacy space, 90 percent of respondents said they would not buy from an organization that does not properly protect its data.1 More than ever, people have a high awareness of their privacy, their digital footprint, and, most importantly, how the organizations they work with treat both. According to Gartner®, by the end of 2024, three-quarters of the world’s population will have personal data covered by modern privacy regulation.2 People exercise their privacy rights either explicitly, through actions like subject rights requests, or implicitly, through declining to do business with organizations that they do not trust. For organizations committed to respecting the privacy rights of individuals, it can be challenging to implement requirements and controls needed to meet data privacy needs.

Microsoft respects the vital role that privacy plays with customers. We provide solutions that help organizations meet their privacy obligations, and today we are excited to announce enhancements to Microsoft Priva.

Microsoft Priva

Protect personal data, automate risk mitigation, and manage subject rights requests at scale.

Learn more
Enterprise office worker in focused work with a neutral facial expression.

How can Microsoft Priva help?

Microsoft Priva brings automated functionality to help organizations meet adapting privacy requirements related to personal data. Today, Microsoft Priva offers two solutions:

Microsoft Priva Privacy Risk Management

Microsoft Priva Privacy Risk Management helps organizations manage privacy risks related to data hoarding, data overexposure, and data transfers, and empowers employees to make better data-handling decisions. Priva Privacy Risk Management supports organizations by:

  • Identifying personal data and privacy risks: It allows organizations to leverage auto-classification technology to identify more than 308 personal data types in the Microsoft 365 environment, with no configuration needed. Admins can see personal data by location, geography, and types. In addition to helping organizations know their personal data landscape, Microsoft Priva also detects the associated risks around personal data and gives admins actionable insights.
  • Automating mitigation and preventing privacy incidents: Organizations can create policies from pre-configured templates to automate privacy risk mitigation:
    • Data minimization: Helps detect unused personal data, send users email digests to review and delete obsolete items, and provides privacy training to reduce data hoarding.
    • Data transfer: Helps detect personal data movements between customizable boundaries, such as geography or departments, and blocks risky transfers in near real time.
    • Data overexposure: Helps detect personal data overshare, informs file owners to review and adjust access, and provides privacy training to reduce overexposure incidents.
  • Empowering employees to make smart data-handling decisions: Admins can configure Priva to help employees make better data-handling decisions, as no one knows the value of their files more than the data owner. Microsoft Priva can trigger a system-generated email or Microsoft Teams message to a data owner with recommended actions and privacy best practices—right in their flow of work.  

Microsoft Priva Subject Rights Requests

Depending on where you are in the world today, there will be varying privacy regulations that impact your business, and even if you’re not impacted much today, chances are that it’s a matter of time before they are enabled. Many of these privacy regulations empower people to exercise their rights over their data, requesting that the organizations they do business with or work for provide a log of all personal data collected. For organizations, the process of completing subject rights requests can be a manual, complex, time-consuming, and expensive process, that is also time bound. Microsoft Priva Subject Rights Requests help organizations manage requests at scale and with confidence by:

  • Automating discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
  • In-place review and secure collaboration: Review and redact files located in the live system in their native views without creating duplicate copies and bring collaboration to a protected platform.
  • Ecosystem integration: Plugs into organizations existing processes to manage requests in a unified way across digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

Enhancements to Microsoft Priva

Updates to Microsoft Priva include added customization, better insights, easier collaboration, powerful review options, and so much more.

What’s new with Microsoft Priva Privacy Risk Management?

Deeper data viewpoints

The data minimization policy in Privacy Risk Management has been a highly resonating privacy scenario. With this update of day zero insights, admins will be able to view data minimization policy insights 72 hours after starting Priva, with a view of data up to the past 90 days. Previously, customers would have waited at least 30 days to catch policy matches. With a better history of data, privacy admins can understand privacy trends better, and use these data points to strategize the best approach for their organizations.

Better together integration

Microsoft Purview Compliance Manager offers data protection and privacy assessment templates that correspond to compliance regulations and industry standards around the world. Now available is Microsoft Priva working hand-in-hand with Compliance Manager. With this update, admins can take specific actions within Microsoft Priva that achieve points that count toward assessment completion and increase the overall compliance score. Examples of actions that can detect and provide credit include admins setting up a Privacy Risk Management policy, or enabling data retention limits for a subject rights request—prompting collaboration that yields better together productivity. 

Microsoft Compliance Manager dashboard displaying privacy score including an outline of the actions taken in Microsoft Priva.

Figure 1. Visual of Compliance Manager recognizing actions taken within the Priva solution in the “improvement actions” section of Compliance Manager. 

Additionally, insights from Compliance Manager will now populate within Priva itself. This update brings recommendations on actions that will help admins align to regulations and improve their score in Compliance Manager. 

What’s new with Microsoft Priva Subject Rights Requests?

Fulfill more request types

Many regulations, including General Data Protection Regulation and California Consumer Privacy Act include the right to be forgotten, giving people the ability to request the deletion of all the information an organization has collected about them, with a few outlined exceptions that allow data retention. Today, we are excited to share that Priva Subject Rights Requests delete is now generally available—admins can now select delete as a request type, or get started with the delete template and get purpose-built flows that help surface conflicts and streamline deletion (leveraging the Microsoft retention and deletion platform and working better together with teams already using data lifecycle management and records management). This feature will also enable admins to have the flexibility to select different approvers for any given request and, once the workflow is complete, access the reports tab where they can view their summary report and review results.

Delete request in progress withing Microsoft Priva Subject Rights Requests.

Figure 2. Stage three of five of a delete subject rights requests in progress within the Priva Subject Rights Request solution.

Watch this short video to see Priva Subject Rights Requests delete in action.

Learn more

As the data protection landscape continues to shift, many organizations are working to prioritize the privacy needs of a data-driven world. We welcome you to learn more about how Microsoft Priva can help and invite you to try Microsoft Priva free today. 

Visit our latest Tech Community Priva blog for additional Microsoft Priva updates and details.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

1From Privacy Vulnerability to Privacy Resilience, Microsoft. August 2022.

2Gartner®State of Privacy: The Privacy Tech Driving a New Age of Data Wealth. August 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Kacey Lemieux

Director, Compliance and Privacy Marketing, Microsoft

See Kacey Lemieux posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads