Microsoft Purview Integration

Synchronize Noxys classification data with Microsoft Purview sensitivity labels to enforce consistent data protection policies across your organization.

Overview

This integration enables:

• Classify interactions using Purview sensitivity labels
• Enforce label-based policies in Noxys
• Unified data classification across Office 365 and AI services
• Compliance reporting with label metadata

Data Flow:

AI Interaction → Noxys Classification → Purview Label → Policy Enforcement

Prerequisites

• Microsoft Purview Information Protection subscription
• Sensitivity labels configured in Purview
• Azure AD / Entra ID tenant
• Admin role in Noxys
• Information Protection admin role in Azure

Step 1: Create Sensitivity Labels in Purview

Define labels that correspond to your data classification levels.

1. Microsoft Purview Compliance Portal → Information Protection → Labels
2. Click Create a label
3. Configure label:
   • Name: Public
   • Description: Non-sensitive data, shareable
   • Color: Green
4. Save
5. Repeat for:
   • Internal (Yellow)
   • Confidential (Orange)
   • Restricted (Red)

Step 2: Register Noxys in Azure

Create an app registration for Noxys to access Purview APIs.

1. Azure Portal → App registrations → New registration
2. Configure:
   • Name: Noxys Purview Integration
   • Supported account types: Single tenant
3. Register
4. Note Client ID and Tenant ID

Step 3: Create Client Secret

Generate credentials for Noxys to authenticate.

1. Certificates & secrets → New client secret
2. Configure:
   • Description: Purview API
   • Expires: 24 months
3. Copy secret value

Step 4: Configure API Permissions

Grant Purview API permissions.

1. API permissions → Add a permission
2. Select Microsoft Graph
3. Choose Application permissions:
   • InformationProtectionPolicy.Read.All
   • SecurityEvents.Read.All
4. Grant admin consent

Step 5: Enable in Noxys

Configure Purview integration in Noxys admin panel.

1. Noxys Admin Panel → Integrations → Microsoft Purview
2. Click Enable Integration
3. Configure:

Field	Value
Tenant ID	Your Azure tenant ID
Client ID	App registration Client ID
Client Secret	Client secret from step 3

4. Click Test Connection
   • Should show: "✓ Successfully connected to Purview"
5. Click Save

Step 6: Configure Label Mapping

Map Noxys classifications to Purview labels.

1. Settings → Classification Mapping
2. Configure mappings:

Noxys Classification	Purview Label	Justification
No PII	Public	No sensitive data
Low risk	Internal	Internal use only
Medium risk (EMAIL, PHONE)	Confidential	Contains PII
High risk (CREDIT_CARD, NIR)	Restricted	Financial/Identity data

3. Save

Step 7: Create Policies Using Labels

Define Noxys policies that enforce Purview labels.

1. Admin Panel → Policies → Create Policy
2. Configure:
   • Name: "Block Restricted label data on unauthorized platforms"
   • Rules:

     Condition: Purview label = Restricted
     AND platform_id in [perplexity, deepseek, grok]
     Action: Block

3. Save and Enable

Step 8: Verification

Verify integration is working.

1. In Noxys: Create interaction with high-risk PII
2. Expected: Automatically labeled as Restricted based on mapping
3. Policy: Should trigger block or coach based on policy
4. In Purview: (Optional) View classification data in compliance reports

Supported Sensitivity Labels

Noxys supports all Purview sensitivity labels:

• Public — No protection needed
• Internal — For internal use only
• Confidential — Restricted access required
• Restricted — Maximum protection, limited access
• Custom labels — Any custom label you create

Advanced: Dynamic Label Assignment

Automatically assign labels based on interaction characteristics.

Configuration:

{
  "rules": [
    {
      "condition": {
        "classifications": "contains",
        "value": "CREDIT_CARD"
      },
      "label": "Restricted"
    },
    {
      "condition": {
        "risk_score": "gte",
        "value": 0.8
      },
      "label": "Confidential"
    },
    {
      "condition": {
        "risk_score": "lt",
        "value": 0.5
      },
      "label": "Public"
    }
  ]
}

Compliance Reporting

Generate reports with label data for compliance audits.

1. Admin Panel → Reports → Classification Report
2. Filter by:
   • Date range
   • Sensitivity label
   • Platform
3. Export as CSV/PDF for audits

Sample report:

Label         | Count | % of Total | High Risk | Blocked
--------------|-------|-----------|-----------|--------
Public        | 45,230| 19%       | 0         | 0
Internal      | 123,400| 52%      | 234       | 12
Confidential   | 56,780| 24%      | 2,345     | 89
Restricted    | 8,900 | 3%        | 7,800     | 4,200

Troubleshooting

Labels Not Syncing

1. Verify integration is Enabled
   • Settings → Integrations → Microsoft Purview → Status
2. Check permissions in Azure
   • InformationProtectionPolicy.Read.All granted
3. Test connection again
   • Click Test Connection button

Classifications Not Labeled

1. Verify label mapping is configured
   • Settings → Classification Mapping
2. Check if interaction matches mapping criteria
3. Review Noxys logs for classification errors

Policy Not Triggering

1. Verify policy is Enabled
2. Check policy conditions match interaction data
3. Test policy with manual interaction creation
4. Review audit log for policy evaluation

Cost Considerations

• Purview subscription: Required (included with E5 or standalone)
• API calls: Included in Purview subscription
• No additional cost for Noxys Purview integration

Best Practices

1. Keep labels aligned

   • Update Purview labels when classification schemes change
   • Update Noxys label mapping to match

2. Use label hierarchy

   • Parent label: "Sensitive Data"
   • Sub-labels: "Financial", "Medical", "Personal"

3. Enable conditional access

   • In Purview, set restrictions based on labels
   • E.g., Restricted label → Block unmanaged devices

4. Audit regularly

   • Export classification reports monthly
   • Review for false positives

5. Document label meanings

   • Create organization wiki documenting each label
   • Share with security and compliance teams

Integration with Other Microsoft Services

Purview integrations extend to:

• Microsoft 365: Apply labels to files, emails
• Microsoft Defender: Use labels for threat response
• Microsoft Sentinel: Include labels in security events

Data Retention

• Noxys classification data: 90 days (default)
• Purview labels: Retained indefinitely with your sensitivity labels
• To extend Noxys retention, upgrade plan or contact support

Disabling Integration

If you need to disable Purview integration:

1. Integrations → Microsoft Purview → Disable
2. Existing classifications remain in Noxys
3. Policies still enforce using Noxys classifications
4. Label metadata is no longer synced

To re-enable:

1. Follow configuration steps again
2. Classifications will be re-labeled based on current mapping

Compliance Notes

• GDPR: Classifications contain no raw personal data
• HIPAA: Supported for HIPAA-regulated data
• SOC 2: Purview integration is SOC 2 Type II compliant

Support

• Purview Docs: https://learn.microsoft.com/en-us/purview/
• Sensitivity Labels: https://learn.microsoft.com/en-us/purview/sensitivity-labels
• Noxys Support: support@noxys.eu

Related Integrations

• Microsoft Sentinel — SIEM integration
• Microsoft Entra ID — Identity integration
• Policies API — Create enforcement policies