Compare
Microsoft Purview vs Guard
Purview governs data inside Microsoft. Guard covers every AI provider your business uses. CPS 234 doesn’t stop at the Microsoft boundary.
Why this comes up
Microsoft Purview is capable data-governance tooling — classification, DLP, and compliance — and if your world is entirely Microsoft 365 and Copilot, it covers a lot. Many Australian businesses already pay for it through their E5 licensing.
The limitation is the boundary. Purview sees Microsoft data: M365, Copilot, Azure. It has zero visibility into a call your team makes to OpenAI directly, to Anthropic’s API, to a Bedrock model, or to any AI tool outside the Microsoft estate. The moment a developer uses a non-Microsoft model, Purview’s coverage ends.
APRA CPS 234 requires you to classify and protect information assets wherever they are, not just the ones inside Microsoft. Guard is provider-agnostic by design: it sits in the request path for every AI call regardless of model or vendor, applies Australian PII detection, and signs evidence the same way every time.
Side by side
| Capability | Microsoft Purview | 40° South Guard |
|---|---|---|
| Governance inside Microsoft 365 / Copilot | ✓ | ~ |
| DLP and classification for M365 data | ✓ | ✗ |
| Visibility into non-Microsoft AI providers | ✗ | ✓ |
| Australian PII detection (TFN, Medicare, ABN) | ~ | ✓ |
| Per-call signed attestation across providers | ✗ | ✓ |
| CPS 234 coverage of all AI assets | ~ | ✓ |
| Provider-agnostic by design | ✗ | ✓ |
✓ = supported · ~ = partial · ✗ = not supported
Download the full comparison (PDF)Could you run them together?
Yes. Keep Purview doing what it does well — governing data inside the Microsoft estate and Copilot. Use Guard for everything outside it: direct API calls to OpenAI, Anthropic, Bedrock, Gemini, or self-hosted models.
Together they close the gap CPS 234 cares about, which is all of your AI assets, not just the Microsoft ones.
See Guard on your own AI calls
Book a demo and we’ll show you a signed attestation for a real call — mapped to your obligations under CPS 234, the Privacy Act, and ADM transparency.