Azure Purview (now Microsoft Purview) is the unified data governance service that performs automated data discovery, sensitive data classification, and end-to-end data lineage across the Azure data estate. It integrates directly with Microsoft Information Protection, allowing you to automatically apply sensitivity labels to discovered PII data in Azure SQL, Azure Blob Storage, and other sources. This is how the connection is made between the data sources and the protection framework.

Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWPP) tool. Its primary function is to provide threat protection and security alerts for Azure resources, including data services like Azure SQL and Storage Accounts. After Purview has identified resources containing PII, Defender for Cloud provides the necessary security alerts (e.g., potential SQL injection, anomalous access) that need to be triaged to protect that sensitive data.

Microsoft Documentation, Apply sensitivity labels to your data in Microsoft Purview. States: "The integration between Microsoft Purview and Microsoft Purview Information Protection enables customers to stretch their sensitive data security and compliance...After you've created sensitivity labels in the Microsoft Purview compliance portal, you can apply them to assets in the Microsoft Purview Data Map." This confirms Purview's role in connecting data sources to the Information Protection framework for labeling.

Microsoft Documentation, What is Microsoft Defender for Cloud?. Explains that "Microsoft Defender for Cloud is a cloud security posture management (CSPM) and cloud workload protection (CWP) solution that finds weak spots across your cloud configuration" and provides "threat protection for your workloads." Its scope covers the Azure resources where PII would be stored, making it the correct tool for triaging security alerts related to them.

Microsoft Documentation, Security alerts in Microsoft Defender for Cloud. Section: "How does Microsoft Defender for Cloud detect threats?". Describes how Defender for Cloud "collects, analyzes, and integrates log data from your Azure, hybrid, and multicloud resources...When Defender for Cloud detects a threat, it triggers a security alert." This directly addresses the requirement to triage security alerts.