This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
--> Understand Microsoft Purview
--> Understand data classification in Microsoft Purview
Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.
Introduction
Data is one of an organization’s most valuable assets. However, not all data carries the same level of sensitivity or business value. Some information can be shared publicly, while other information must be protected because it contains financial records, intellectual property, customer data, healthcare information, or confidential business plans.
Microsoft Purview Data Classification helps organizations identify, categorize, and protect sensitive information throughout Microsoft 365. Data classification is a foundational capability that enables organizations to understand their data landscape, apply appropriate protections, meet compliance requirements, and securely adopt AI technologies such as Microsoft 365 Copilot.
For the AB-900 exam, it is important to understand how Microsoft Purview classifies data, the tools involved, and how classification supports security, compliance, governance, and AI readiness.
What Is Data Classification?
Data classification is the process of identifying and categorizing information based on its:
- Sensitivity
- Confidentiality
- Regulatory requirements
- Business value
- Risk level
Classification allows organizations to answer questions such as:
- Which files contain sensitive information?
- Where is confidential data stored?
- Who can access regulated data?
- Which content should be protected or retained?
- What data can Copilot safely access?
Microsoft Purview automates much of this process through built-in detection technologies.
Why Data Classification Is Important
Without data classification, organizations often struggle to:
- Identify sensitive information
- Apply consistent protections
- Meet compliance requirements
- Prevent data loss
- Govern AI access to information
Benefits of data classification include:
- Improved data visibility
- Better security controls
- Regulatory compliance
- Reduced risk of data breaches
- More effective data governance
- Safer use of Microsoft 365 Copilot
Microsoft Purview Data Classification Components
Microsoft Purview uses several components to classify information.
Sensitive Information Types (SITs)
Sensitive Information Types are predefined patterns used to identify sensitive data.
Examples include:
- Credit card numbers
- Social Security numbers
- Passport numbers
- Driver’s license numbers
- Bank account numbers
- Tax identification numbers
Microsoft provides hundreds of built-in SITs covering numerous countries and regions.
Example
A document containing a U.S. Social Security Number may automatically be detected and classified as sensitive content.
Trainable Classifiers
Trainable classifiers use machine learning to identify content based on context rather than exact patterns.
Examples include:
- Resumes
- Source code
- Contracts
- Financial documents
- Healthcare records
- Intellectual property
Unlike SITs, trainable classifiers examine the meaning and context of content.
Example
A contract may be identified even if it does not contain a specific keyword or sensitive number.
Content Explorer
Content Explorer allows administrators to:
- View classified content
- See where sensitive data exists
- Investigate data locations
- Analyze classification results
This tool helps organizations understand their data environment.
Activity Explorer
Activity Explorer provides visibility into:
- Labeling activities
- Classification actions
- DLP events
- User interactions with sensitive data
Administrators can investigate how classified information is being used.
Types of Data Classification
Organizations typically classify data into categories such as:
| Classification | Description |
|---|---|
| Public | Information intended for everyone |
| General | Everyday business information |
| Internal | Information for employees only |
| Confidential | Sensitive business information |
| Highly Confidential | Critical or restricted information |
Organizations can customize classifications based on their requirements.
Classification and Sensitivity Labels
Data classification often works together with Sensitivity Labels.
Classification identifies the data.
Sensitivity labels protect the data.
Example
Microsoft Purview detects:
- Credit card information
- Customer account numbers
A sensitivity label is then automatically applied:
- Confidential
- Highly Confidential
The label can then:
- Encrypt the file
- Restrict access
- Apply watermarks
- Block unauthorized sharing
Automatic Data Classification
Microsoft Purview can automatically classify information using:
Pattern Matching
Detects predefined sensitive information.
Examples:
- Credit card numbers
- Social Security numbers
- Passport numbers
Machine Learning
Uses trainable classifiers to recognize content types.
Examples:
- Contracts
- Legal documents
- Source code
Keyword Detection
Identifies content based on specific words or phrases.
Examples:
- Confidential
- Internal Use Only
- Proprietary Information
Data Classification and Microsoft 365 Copilot
Data classification is particularly important for Copilot deployments.
Organizations often ask:
What information can Copilot access?
Copilot respects:
- User permissions
- Sensitivity labels
- Compliance controls
Proper data classification helps organizations:
- Understand their data
- Identify overshared content
- Protect confidential information
- Reduce AI-related risks
Classification improves confidence when deploying AI solutions.
Data Classification and Compliance
Many regulations require organizations to identify and protect sensitive information.
Examples include:
- GDPR
- HIPAA
- PCI DSS
- SOX
- Various privacy laws
Microsoft Purview classification helps organizations:
- Locate regulated data
- Apply protections
- Support audits
- Demonstrate compliance
Data Classification and Data Loss Prevention (DLP)
Data classification works closely with DLP policies.
Process
- Purview identifies sensitive content.
- Content is classified.
- DLP policies evaluate the classification.
- Protective actions occur.
Examples:
- Block file sharing
- Restrict email transmission
- Alert administrators
- Notify users
Without classification, DLP cannot effectively identify sensitive content.
Data Classification and Insider Risk Management
Classified data helps Insider Risk Management identify risky activities involving:
- Financial records
- Intellectual property
- Customer information
- Confidential business data
This improves risk detection and investigation capabilities.
Common Data Classification Use Cases
Financial Information Protection
Detect:
- Credit card numbers
- Banking information
- Tax records
Apply protection automatically.
Human Resources Data
Identify:
- Employee records
- Salary information
- Performance reviews
Restrict access to authorized personnel.
Healthcare Information
Classify:
- Patient records
- Medical identifiers
Support HIPAA compliance.
Legal Documents
Detect:
- Contracts
- Legal agreements
Apply confidentiality protections.
Intellectual Property Protection
Identify:
- Product designs
- Research data
- Source code
Prevent unauthorized sharing.
Key Exam Concepts
For the AB-900 exam, remember:
- Data classification identifies and categorizes information.
- Sensitive Information Types detect specific data patterns.
- Trainable classifiers use machine learning and context.
- Classification supports sensitivity labels and DLP.
- Content Explorer helps locate classified content.
- Activity Explorer helps investigate classification activity.
- Classification is essential for compliance and governance.
- Microsoft 365 Copilot benefits from proper data classification.
- Classification enables automated protection policies.
- Data classification improves organizational visibility into sensitive information.
Practice Exam Questions
Question 1
What is the primary purpose of data classification in Microsoft Purview?
A. To improve internet connectivity
B. To categorize information based on sensitivity and business value
C. To manage Windows updates
D. To configure virtual machines
Answer: B
Explanation: Data classification identifies and categorizes information so organizations can apply appropriate protections and governance controls.
Question 2
Which Microsoft Purview feature identifies information such as Social Security numbers and credit card numbers?
A. Activity Explorer
B. Sensitive Information Types
C. Compliance Manager
D. Insider Risk Management
Answer: B
Explanation: Sensitive Information Types (SITs) are designed to detect structured sensitive data using predefined patterns.
Question 3
Which technology enables Microsoft Purview to recognize contracts and resumes based on context?
A. Firewall policies
B. Sensitivity labels
C. Trainable classifiers
D. Conditional Access
Answer: C
Explanation: Trainable classifiers use machine learning and contextual analysis to identify content types.
Question 4
An administrator wants to see where sensitive information exists across Microsoft 365. Which tool should they use?
A. Microsoft Defender Portal
B. Teams Admin Center
C. Content Explorer
D. Exchange Admin Center
Answer: C
Explanation: Content Explorer provides visibility into classified content and its locations.
Question 5
What is the relationship between data classification and sensitivity labels?
A. They are unrelated technologies
B. Sensitivity labels identify data while classification encrypts it
C. Classification identifies data and labels protect it
D. Classification replaces sensitivity labels
Answer: C
Explanation: Classification discovers and categorizes information, while sensitivity labels apply protection settings.
Question 6
Which statement about Microsoft 365 Copilot is correct?
A. Copilot ignores classified information
B. Copilot respects permissions and protection controls associated with classified data
C. Copilot automatically removes sensitivity labels
D. Copilot bypasses governance policies
Answer: B
Explanation: Copilot honors existing permissions, labels, and compliance controls.
Question 7
Which Microsoft Purview feature allows administrators to investigate labeling and classification events?
A. Activity Explorer
B. Endpoint Manager
C. SharePoint Admin Center
D. Azure Monitor
Answer: A
Explanation: Activity Explorer provides visibility into classification-related activities and events.
Question 8
Which compliance-related benefit does data classification provide?
A. Faster network performance
B. Reduced storage costs only
C. Automatic hardware replacement
D. Easier identification and protection of regulated data
Answer: D
Explanation: Classification helps organizations locate and protect regulated information to support compliance requirements.
Question 9
A Data Loss Prevention (DLP) policy blocks sharing of files containing credit card numbers. What enables the DLP policy to identify those files?
A. Exchange transport rules only
B. Sensitive Information Types and data classification
C. Network firewalls
D. Device encryption
Answer: B
Explanation: DLP relies on classification mechanisms such as Sensitive Information Types to identify protected content.
Question 10
Which statement best describes trainable classifiers?
A. They only detect file names
B. They require manual review of every document
C. They identify information using contextual machine learning models
D. They replace all sensitivity labels
Answer: C
Explanation: Trainable classifiers use machine learning to recognize content such as contracts, source code, and resumes based on context rather than simple pattern matching.
Go to the AB-900 Exam Prep Hub main page
