Microsoft published a set of reference architecture diagrams for Purview. If you work with M365 data protection, they’re worth reading.
There are 11 diagrams, from the Microsoft Purview Customer Excellence Engineering team, covering the full stack:
- Classification
- Labeling
- DLP across workloads
- Insider Risk Management
- Copilot governance
They’re reference flows, not implementation guides. They won’t tell you how to build a policy, but they help you understand why one behaves the way it does, which is often more useful.
Where to find the diagrams
All diagrams are collected in a single Microsoft article on the Microsoft Tech Community. That article is the canonical entry point and explains the intent behind the reference architectures. From there, you can download a PowerPoint containing all diagrams.
The content is maintained by the Microsoft Purview Customer Excellence Engineering team, and the PowerPoint is updated as flows evolve or new scenarios are added. If you only bookmark one thing, bookmark the article — that’s where the latest and authoritative version will always live.
What the diagrams cover
Below is a short walkthrough of what each diagram focuses on and why it matters.
Classification
Classification is where everything starts. Before a label is applied or a DLP rule fires, Purview needs to understand what the content actually is. This diagram shows how sensitive information types, built-in classifiers, and trainable classifiers work together.
A large percentage of Purview “mystery issues” can be traced back to classification not behaving the way people expect. Understanding this flow early saves a lot of time later.
Sensitivity labeling
The sensitivity labeling diagram positions the label as the control plane. The label isn’t just metadata or a visual marker — it carries the policy: encryption, access control, and downstream DLP behavior.
This diagram is particularly useful when explaining to customers why labels matter, and why applying them consistently across workloads is critical for enforcement to be portable.
Endpoint DLP
Endpoint DLP covers both Windows and macOS, and the scope is broader than many assume. It’s not limited to blocking file copies. Printing, clipboard usage, browser uploads, and remote desktop scenarios are all included.
When something is blocked — or not blocked — on an endpoint and nobody can explain why, this diagram usually holds the answer.
Exchange DLP
Exchange DLP shows how email is evaluated in transit: scanning, rule matching, and where enforcement actions are applied.
Email remains the most common route for sensitive data leaving an organization, so having a clear mental model of this flow is still essential.
SharePoint and OneDrive DLP
SharePoint and OneDrive DLP evaluate content at three distinct points: upload, sharing, and access. A file can pass cleanly at upload and later trigger a policy when someone attempts to share it externally.
That behavior often catches people off guard. This diagram makes it very clear why it happens.
Browser DLP
Browser DLP is split into two diagrams:
– unmanaged device with managed app
– managed device with unmanaged app
Where enforcement happens depends on what you manage. Together, these diagrams cover common BYOD scenarios and consumer browser usage patterns.
Insider Risk Management
Insider Risk Management is about signal correlation over time, not single events. IRM builds a risk profile based on patterns of behavior.
One file download won’t trigger anything. Repeated or escalating actions might. This distinction is important for customers who expect IRM to behave like a traditional DLP policy.
Copilot data protection
The Copilot data protection diagram shows how label-based boundaries are enforced when Copilot is involved. Encrypted content remains encrypted in Copilot contexts — but only if everything is configured correctly.
This diagram clearly shows what “correct” looks like.
Copilot oversharing controls
This is the diagram I’ve referenced the most recently. Copilot can surface content that a user technically has access to, but probably shouldn’t encounter in a conversational context.
The diagram highlights where oversharing controls sit and how permissions and sensitivity labels interact to reduce that risk.
Copilot DLP and auditing
This diagram focuses on governance of Copilot interactions: what goes into prompts, what comes out in responses, and what gets logged.
Using the diagrams in practice
All diagrams are available as a downloadable PowerPoint, making it easy to drop individual slides into customer presentations, workshops, or internal documentation. See the full Microsoft article, under the Learn More section.
If you’re looking for structured deployment guidance rather than reference flows, Microsoft also publishes Purview Deployment blueprints, which are more prescriptive and scenario-driven.
Reference: