PUR512 – Smart Compliance: Using Activity Explorer, Content Explorer, and Compliance Manager Together
Introduction
Protecting data is only half the battle.
To truly secure and govern information, organizations must also see how protection is working in real time , what data is sensitive, who’s using it, and whether policies are effective.
That’s where Microsoft Purview’s Explorer tools and Compliance Manager come in.
They transform audit data, classification results, and policy actions into visibility and accountability , helping compliance teams not just react to risks, but anticipate them.
Why Visibility Is the Foundation of Compliance
Even the most sophisticated DLP or labeling setup can fail if you can’t answer these questions:
- Which files are labeled or unlabeled?
- Who’s accessing sensitive content most frequently?
- Are our policies protecting the right data in the right places?
Purview provides a trio of intelligence tools to answer those questions:
- Content Explorer – Shows what data is sensitive and where it lives.
- Activity Explorer – Shows how users interact with that data.
- Compliance Manager – Evaluates how effective and compliant your overall setup is.
Together, they form a closed-loop feedback system for data governance.
Microsoft Purview Content Explorer: Seeing Your Data Landscape
Content Explorer gives you direct visibility into your organization’s data classification.
It lists files and emails containing:
- Sensitivity labels
- Retention labels
- Sensitive Information Types (SITs)
- Trainable Classifier results
You can filter by:
- Location (SharePoint, OneDrive, Exchange, Teams)
- Label type
- Sensitive data pattern (e.g., credit card numbers, PII)
- Last modified date or owner
Example use case:
A compliance officer reviews all content labeled “Confidential–HR” across SharePoint and identifies unlabeled folders containing payroll data , prompting a new auto-labeling policy.
🧠 Tip: Content Explorer shows metadata, not the full content (unless you have “Content Viewer” role). This ensures privacy while still providing visibility.
Microsoft Purview Activity Explorer: Tracking User Behavior
Where Content Explorer focuses on what data you have, Activity Explorer shows what users do with it.
It visualizes labeling, DLP, and data access activities such as:
- Label applied, changed, or removed
- File copied, printed, or shared
- DLP rule matched or overridden
- Data moved to endpoint, network, or unmanaged app
Filters include:
- Date range
- Activity type
- User or group
- Label name
- Device or IP address
Example use case:
Security analysts notice multiple “Confidential–Finance” files printed from the same device in a short period , Activity Explorer reveals the pattern before it becomes a breach.
🧠 Best practice: Use predefined filter sets (e.g., Labeling changes, DLP detections, Egress activities) to quickly focus on specific behavior patterns.
Compliance Manager: Measuring and Improving Your Compliance Posture
While Explorers focus on operational visibility, Compliance Manager provides strategic visibility , helping you measure, track, and improve compliance with regulations and standards.
It maps your Microsoft 365 configuration to frameworks like:
- GDPR
- ISO 27001
- NIST 800-53
- HIPAA
- SOC 2
Each control includes:
- Microsoft-managed actions (completed by default)
- Customer-managed actions (your responsibility)
- Automated testing results (for continuous compliance tracking)
Dashboard highlights:
- Overall compliance score
- Top improvement actions
- Control-by-control breakdown
Example:
Your GDPR compliance score drops because a DLP rule isn’t covering SharePoint Online. Compliance Manager highlights the gap and suggests enabling DLP for that location , fixing the issue in minutes.
How the Three Work Together
| Tool | Purpose | Primary User |
| Content Explorer | Discover sensitive data and labeling coverage | Compliance and data owners |
| Activity Explorer | Monitor how users handle sensitive data | Security and compliance analysts |
| Compliance Manager | Benchmark controls against standards | Governance, risk, and compliance (GRC) teams |
Combined, they provide:
- 360° visibility into data, users, and compliance health.
- Evidence for audits and regulatory inquiries.
- Insights to fine-tune labels, DLP policies, and user training.
Real-World Example: Continuous Compliance in a Healthcare Organization
Scenario:
A hospital system must prove compliance with HIPAA regulations and monitor the handling of patient data.
Implementation:
- Content Explorer – identifies files containing patient IDs and medical codes across SharePoint.
- Activity Explorer – tracks when these files are accessed, shared, or labeled.
- Compliance Manager – audits all policies against HIPAA controls and scores compliance readiness.
Outcome:
The compliance team achieves continuous assurance , visibility, monitoring, and policy validation all in one ecosystem.
Integration with Microsoft Security Copilot
Microsoft’s new Security Copilot enhances these tools by using AI to:
- Summarize patterns in Activity Explorer (“Show top 10 users printing sensitive files last week”).
- Recommend new DLP or retention policies.
- Predict emerging compliance risks.
This creates a more predictive and proactive compliance model, turning manual reviews into automated insights.
Key Roles and Permissions
Access to Explorer tools is tightly controlled to prevent misuse.
| Role | Access Level |
| Data Explorer List Viewer | See metadata only (no file content) |
| Data Explorer Content Viewer | See metadata + file content |
| Activity Explorer Analyst | View and filter user activities |
| Compliance Manager Admin | Manage frameworks, actions, and reports |
Always apply least privilege , only compliance officers or investigators should have content-level visibility.
Real-World Tip
Dashboards are not enough , build a workflow.
Use Explorer reports to identify trends, feed findings into Compliance Manager for remediation, and validate improvements through audit logs.
This creates a self-improving compliance lifecycle:
Discover → Monitor → Improve → Prove.
Exam Tip (SC-401)
Expect questions around:
- The difference between Content Explorer and Activity Explorer.
- What Compliance Manager measures (framework-based compliance score).
- Role-based permissions for content viewing.
- Integration of Explorer data with DLP and Audit logs.
Example:
Which tool in Microsoft Purview allows you to view labeling and DLP activities across users and devices?
Answer: Activity Explorer.
Best Practices for Smart Compliance
✅ Review Explorer dashboards weekly for labeling and DLP trends.
✅ Use Compliance Manager’s improvement actions as internal audit checkpoints.
✅ Align custom frameworks (ISO, GDPR) with business policies.
✅ Integrate with Security Copilot for predictive analytics.
✅ Document compliance progress quarterly , auditors love proof of improvement.
Conclusion
Microsoft Purview’s Explorers and Compliance Manager turn governance into a continuous feedback system.
They help you see where sensitive data lives, how it’s being used, and whether your organization meets its compliance objectives.
This combination delivers something every compliance officer wants , clarity, control, and confidence.
In the next article, PUR513 – Securing Microsoft 365 Copilot and AI Data with Microsoft Purview, we’ll explore how to extend Purview’s protections to generative AI environments , ensuring that AI tools like Microsoft 365 Copilot use and generate data securely and compliantly.
Share this content:
Post Comment