AB-900, AI Governance, Data Governance, Data Security, Microsoft Certification

Identify sensitive information by using Microsoft Purview Data Explorer (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
   --> Identify data protection and governance risks for Microsoft 365 and Copilot
      --> Identify sensitive information by using Microsoft Purview Data Explorer

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

As organizations increasingly rely on Microsoft 365 and Microsoft 365 Copilot, understanding where sensitive information resides has become a critical governance and security requirement. Sensitive data such as credit card numbers, Social Security numbers, health records, financial information, intellectual property, and confidential business documents can create significant compliance and security risks if not properly managed.

Microsoft Purview Data Explorer helps organizations discover, analyze, and understand sensitive information stored across Microsoft 365 services. It provides visibility into the location, volume, and classification of sensitive data, enabling administrators to make informed decisions about data protection, governance, compliance, and Copilot readiness.

For the AB-900 exam, you should understand the purpose of Data Explorer, how it identifies sensitive information, the types of information it can discover, and how organizations use its insights to reduce compliance and governance risks.

What Is Microsoft Purview Data Explorer?

Microsoft Purview Data Explorer is a reporting and investigation tool within Microsoft Purview that helps administrators visualize and analyze sensitive data across Microsoft 365 environments.

Data Explorer enables organizations to:

  • Discover sensitive information
  • Understand where sensitive data is stored
  • Analyze data classification results
  • Identify compliance risks
  • Support data governance initiatives
  • Validate Microsoft Purview policy effectiveness
  • Improve Microsoft 365 Copilot readiness

Rather than protecting data directly, Data Explorer provides visibility into an organization’s data landscape so administrators can take appropriate actions.

Why Data Discovery Is Important

Organizations often accumulate large amounts of data over time. Without visibility into that data, administrators may not know:

  • What sensitive information exists
  • Where the information is stored
  • Who has access to it
  • Whether it is properly protected
  • Whether regulatory requirements are being met

For example:

  • Customer records may contain personally identifiable information (PII).
  • Financial documents may contain account numbers.
  • Healthcare records may contain protected health information (PHI).
  • Contracts may contain confidential business information.

Data Explorer helps identify these risks before they become security or compliance issues.

How Data Explorer Works

Data Explorer analyzes Microsoft 365 content using classification technologies available in Microsoft Purview.

The system scans content stored in supported locations and identifies:

  • Sensitive information types
  • Sensitivity labels
  • Trainable classifiers
  • Retention labels
  • Data classifications

The results are then presented through visual dashboards and detailed reports.

Administrators can use these reports to understand the organization’s sensitive data footprint.

Data Sources Analyzed by Data Explorer

Data Explorer can analyze content across Microsoft 365 services, including:

SharePoint Online

Examples:

  • Documents
  • Team sites
  • Department sites
  • Project repositories

OneDrive for Business

Examples:

  • Personal work files
  • Shared documents
  • Business records

Exchange Online

Examples:

  • Email messages
  • Attachments
  • Mailbox content

Microsoft Teams

Examples:

  • Shared files
  • Team documents
  • Collaboration content

These locations often contain the information that Microsoft 365 Copilot accesses when generating responses.

Sensitive Information Types (SITs)

One of the primary ways Data Explorer identifies sensitive information is through Sensitive Information Types (SITs).

Sensitive Information Types are predefined patterns that identify specific categories of sensitive data.

Examples include:

  • Social Security Numbers
  • Credit Card Numbers
  • Driver’s License Numbers
  • Passport Numbers
  • Tax Identification Numbers
  • Bank Account Numbers
  • Healthcare Information

Microsoft provides hundreds of built-in sensitive information types.

Organizations can also create custom sensitive information types.

Trainable Classifiers

Data Explorer can also identify information using trainable classifiers.

Unlike pattern matching, trainable classifiers use machine learning to recognize content based on context.

Examples include:

  • Resumes
  • Contracts
  • Invoices
  • Financial documents
  • Source code
  • Intellectual property

This helps organizations classify content that may not contain obvious patterns such as account numbers or IDs.

Sensitivity Labels and Data Explorer

Organizations often use sensitivity labels to classify and protect information.

Examples of labels include:

  • Public
  • General
  • Confidential
  • Highly Confidential

Data Explorer can show:

  • Which files have sensitivity labels
  • Label distribution across the organization
  • Unlabeled sensitive content
  • Areas where additional labeling may be needed

This visibility helps improve data governance and security.

Retention Labels and Data Explorer

Retention labels determine how long content should be retained and when it should be deleted.

Data Explorer can help organizations understand:

  • Which files have retention labels
  • Which files lack retention labels
  • Data that may require retention controls
  • Potential records management gaps

Data Classification Overview

Data classification is the process of identifying and categorizing information according to its sensitivity and business value.

Data Explorer supports classification efforts by helping organizations:

  • Locate sensitive data
  • Understand risk exposure
  • Apply appropriate protections
  • Improve compliance programs

The classification process typically includes:

  1. Discover data
  2. Classify data
  3. Protect data
  4. Monitor data
  5. Govern data

Data Explorer primarily supports the discovery and analysis phases.

Visualizations and Reporting

Data Explorer provides dashboards and reports that help administrators quickly understand sensitive data trends.

Reports can show:

  • Number of sensitive items
  • Sensitive information types detected
  • Label usage
  • Data locations
  • Content trends
  • Classification coverage

These visualizations help administrators identify areas requiring additional protection.

Data Explorer and Microsoft 365 Copilot

Data Explorer plays an important role in Copilot readiness assessments.

Because Microsoft 365 Copilot uses existing permissions and accesses organizational data through Microsoft Graph, organizations should understand what data exists before deploying Copilot broadly.

Data Explorer helps identify:

  • Overexposed sensitive data
  • Unclassified content
  • Excessively shared files
  • Confidential documents lacking protection
  • Data governance gaps

Administrators can use these insights to improve security before expanding Copilot adoption.

Common Governance Risks Identified by Data Explorer

Unlabeled Sensitive Data

Sensitive documents may exist without sensitivity labels.

Risk:

  • Users may accidentally share confidential information.

Recommended Action:

  • Apply sensitivity labels.

Excessive Data Exposure

Sensitive files may be accessible to too many users.

Risk:

  • Unauthorized access.

Recommended Action:

  • Review permissions and sharing settings.

Missing Retention Controls

Important records may lack retention policies.

Risk:

  • Regulatory violations.

Recommended Action:

  • Implement retention labels and policies.

Sensitive Data in Unexpected Locations

Data may be stored outside approved repositories.

Risk:

  • Governance challenges.

Recommended Action:

  • Review storage practices and apply controls.

Relationship with Other Microsoft Purview Solutions

Data Explorer works alongside other Microsoft Purview solutions.

Information Protection

Provides:

  • Sensitivity labels
  • Encryption
  • Classification

Data Explorer shows where protected and unprotected content exists.

Data Loss Prevention (DLP)

Provides:

  • Policy enforcement
  • Data movement restrictions

Data Explorer helps identify data that may require DLP protection.

Insider Risk Management

Provides:

  • Risk detection
  • Insider threat analysis

Data Explorer helps identify sensitive data that could be targeted.

Compliance Manager

Provides:

  • Compliance assessments
  • Risk reduction recommendations

Data Explorer provides visibility into the data that compliance programs are designed to protect.

Benefits of Using Data Explorer

Organizations use Data Explorer to:

  • Discover sensitive information
  • Improve data governance
  • Support regulatory compliance
  • Prepare for Copilot deployment
  • Validate classification strategies
  • Identify protection gaps
  • Reduce organizational risk
  • Improve visibility into data assets

Key Exam Tips

For the AB-900 exam, remember the following:

  • Data Explorer helps organizations discover and analyze sensitive information.
  • It provides visibility into sensitive data locations across Microsoft 365.
  • Sensitive Information Types identify structured sensitive data such as Social Security numbers and credit card numbers.
  • Trainable classifiers identify content based on context and machine learning.
  • Data Explorer supports governance, compliance, and Copilot readiness initiatives.
  • It helps identify unlabeled, unprotected, or overexposed sensitive information.
  • Data Explorer is primarily a discovery and analysis tool, not a protection or enforcement tool.
  • Data Explorer works with sensitivity labels, retention labels, DLP, and other Microsoft Purview solutions.

Practice Exam Questions

Question 1

What is the primary purpose of Microsoft Purview Data Explorer?

A. Generate AI responses for users

B. Discover and analyze sensitive information across Microsoft 365

C. Encrypt all organizational files

D. Replace Microsoft Defender

Answer: B

Explanation: Data Explorer is designed to help organizations discover, analyze, and understand sensitive information stored across Microsoft 365 services.

Question 2

Which Microsoft 365 service can be analyzed by Data Explorer?

A. SharePoint Online

B. Windows Server

C. Hyper-V

D. Microsoft Intune only

Answer: A

Explanation: Data Explorer can analyze content stored in SharePoint Online, OneDrive, Exchange Online, Teams, and other supported Microsoft 365 locations.

Question 3

What is a Sensitive Information Type (SIT)?

A. A method for creating Teams meetings

B. A licensing model for Microsoft Purview

C. A predefined pattern used to identify sensitive information

D. A backup technology

Answer: C

Explanation: Sensitive Information Types are predefined detectors that identify sensitive data such as Social Security numbers and credit card numbers.

Question 4

Which technology helps identify content such as contracts and resumes using context rather than pattern matching?

A. DLP policies

B. Retention labels

C. Sensitivity labels

D. Trainable classifiers

Answer: D

Explanation: Trainable classifiers use machine learning and contextual analysis to identify document types such as contracts, resumes, and invoices.

Question 5

An administrator wants to determine whether confidential files lack sensitivity labels. Which tool should they use?

A. Microsoft Planner

B. Microsoft Lists

C. Microsoft Purview Data Explorer

D. Microsoft Whiteboard

Answer: C

Explanation: Data Explorer can identify sensitive content and show whether appropriate sensitivity labels have been applied.

Question 6

Which statement best describes Data Explorer?

A. It automatically blocks all file sharing.

B. It discovers and reports on sensitive information.

C. It replaces retention policies.

D. It automatically deletes noncompliant content.

Answer: B

Explanation: Data Explorer focuses on visibility and analysis rather than directly enforcing protection actions.

Question 7

Why is Data Explorer valuable before deploying Microsoft 365 Copilot broadly?

A. It upgrades Copilot licenses.

B. It improves Teams meeting quality.

C. It increases mailbox storage.

D. It helps identify sensitive or overexposed data that Copilot could potentially access.

Answer: D

Explanation: Understanding data exposure and classification gaps helps organizations prepare for secure Copilot adoption.

Question 8

Which item would most likely be identified through a built-in Sensitive Information Type?

A. A company strategy presentation

B. A software design diagram

C. A credit card number

D. A project timeline

Answer: C

Explanation: Sensitive Information Types are designed to detect structured data such as credit card numbers, passport numbers, and Social Security numbers.

Question 9

What governance risk might Data Explorer help identify?

A. Unlabeled sensitive documents

B. Printer driver issues

C. Network latency

D. Browser compatibility problems

Answer: A

Explanation: Data Explorer helps identify sensitive content that lacks classification or protection controls.

Question 10

How does Data Explorer support data governance?

A. By replacing all security controls

B. By automatically enforcing compliance regulations

C. By eliminating the need for sensitivity labels

D. By providing visibility into sensitive data and classification coverage

Answer: D

Explanation: Data Explorer supports governance efforts by helping organizations understand where sensitive information exists and whether appropriate classifications and protections are in place.

Exam Summary

Microsoft Purview Data Explorer is a discovery and analysis tool that helps organizations identify sensitive information across Microsoft 365. It uses Sensitive Information Types, trainable classifiers, sensitivity labels, and retention labels to provide visibility into data risks and governance gaps. Data Explorer is particularly important for compliance initiatives and Microsoft 365 Copilot readiness because it helps organizations understand what sensitive information exists, where it is stored, and whether it is properly protected. Understanding how Data Explorer identifies and reports sensitive information is an important objective for the AB-900 certification exam.

Go to the AB-900 Exam Prep Hub main page

Leave a comment