# Overview

> **SCU Cost Estimate**&#x20;
>
> This agent typically consumes **1 SCUs** per gap analysis run, depending on the complexity of your Purview environment and number of policies being evaluated.

### Introduction

Policy Gap Remediator finds the holes in your data protection. If you've ever worried "are we missing policies for certain types of sensitive data?" or "where aren't we protected?", this agent is for you. It systematically analyzes your Microsoft Purview implementation, identifies missing or incomplete policies, detects classification gaps, and provides specific remediation recommendations to ensure comprehensive data protection.

<figure><img src="/files/g1AltVt3zOpXkCTa4I3q" alt=""><figcaption></figcaption></figure>

<div><figure><img src="/files/yvTTWAML1TorwYx9uCRh" alt=""><figcaption></figcaption></figure> <figure><img src="/files/DYUlvvmOiwRkN68Aebvp" alt=""><figcaption></figcaption></figure> <figure><img src="/files/NBIWAE4SwR1ImxhYZAe1" alt=""><figcaption></figcaption></figure></div>

### What It Does

* **Identifies policy gaps** across DLP, retention, sensitivity labels, and information barriers
* **Detects classification blind spots** where sensitive data isn't being protected
* **Assesses label coverage** showing which content types lack sensitivity label protection
* **Validates regulatory alignment** against compliance requirements (GDPR, HIPAA, etc.)
* **Finds policy conflicts** that create inconsistent protection
* **Analyzes insider risk gaps** where risky behavior isn't being monitored
* **Evaluates compliance boundaries** to ensure proper information barriers
* **Provides remediation priorities** based on risk and impact
* **Generates compliance coverage heatmaps** showing protected vs unprotected areas
* **Recommends policy templates** for quick gap closure

### Use Cases

#### 1. Comprehensive Protection Audit

You need to know where you're not protected. Policy Gap Remediator scans your entire Purview environment, identifies workloads, content types, or data locations without adequate policies, and shows exactly what's missing. Get a complete inventory of protection gaps with risk scoring.

#### 2. Pre-Deployment Validation

Before going live with Purview, you want to make sure nothing important is missing. The agent analyzes your current policy configuration against best practices and regulatory requirements, identifies gaps before deployment, and provides a roadmap to close them before production use.

#### 3. Post-Acquisition Integration

You've acquired a company and need to extend data protection to their environment. Policy Gap Remediator identifies what policies exist in each organization, finds gaps in coverage, detects conflicts, and recommends how to harmonize protection across both environments.

#### 4. Regulatory Compliance Validation

An audit is coming and you need to prove complete coverage for regulated data. The agent maps your policies against regulatory requirements (GDPR, HIPAA, PCI, etc.), identifies any gaps in mandated protections, and provides specific remediation steps to achieve full compliance.

#### 5. Continuous Governance Improvement

Your data landscape is always changing with new apps, services, and data types. Run Policy Gap Remediator regularly (monthly or quarterly) to identify new protection gaps as your environment evolves, ensuring continuous coverage without manual reviews.

### Why Policy Gap Remediator?

| The Problem You're Dealing With                                                                      | How This Helps                                                                                       |
| ---------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| **Unknown protection gaps**: You're not sure if all sensitive data is covered                        | **Systematic gap detection**: Complete analysis showing exactly what's protected and what isn't      |
| **Compliance blind spots**: Unclear if you meet all regulatory requirements                          | **Regulatory alignment**: Maps policies against compliance frameworks and identifies gaps            |
| **Classification coverage unclear**: Don't know which content lacks sensitivity labels               | **Coverage heatmaps**: Visual representation of protected vs unprotected content types and locations |
| **Policy conflicts create confusion**: Multiple policies with inconsistent rules                     | **Conflict detection**: Identifies overlapping or contradictory policies that need resolution        |
| **Manual gap analysis takes forever**: Checking coverage across all workloads manually is impossible | **Automated scanning**: Complete environment analysis in minutes instead of days                     |
| **Remediation priorities unclear**: Too many gaps, don't know where to start                         | **Risk-based prioritization**: Gaps ranked by severity and business impact                           |

### How It Works

**What goes in:**

* Purview policy configurations (DLP, retention, labels, barriers)
* Data classification results across all workloads
* Sensitivity label assignments and coverage data
* Compliance score assessments
* Regulatory requirements mapping
* Data loss incidents and alerts
* User activity logs
* Workload inventory (Exchange, SharePoint, OneDrive, Teams, etc.)

**What it does:**

* Scans all Purview policies and configurations
* Analyzes data classification results for gaps
* Evaluates sensitivity label coverage across content types
* Validates DLP policy effectiveness and completeness
* Checks retention policy coverage for all data types
* Assesses insider risk monitoring gaps
* Verifies information barrier implementation
* Maps current state against regulatory requirements
* Identifies policy conflicts and inconsistencies
* Calculates risk scores for each gap
* Generates prioritized remediation recommendations

**What you get:**

* Policy gap assessment report with complete findings
* Remediation priority matrix ranked by risk and impact
* Compliance coverage heatmap showing protected vs unprotected areas
* Regulatory alignment assessment mapped to specific requirements
* Policy conflict identification with resolution recommendations
* Risk score improvements (potential impact of closing each gap)
* Ready-to-deploy policy templates for quick remediation
* Workload-specific gap analysis (which apps/services need policies)
* Classification blind spot detection (unprotected sensitive data types)
* Actionable next steps with implementation guidance


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://agents.glueckkanja.com/agents/policy-gap-remediator/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.