Announcing New Microsoft Purview Capabilities to Protect GenAI Agents

As organizations accelerate their adoption of agentic AI, a new and urgent challenge is emerging: how to protect the rapidly growing number of agents—first-party, third-party, and custom-built—created and deployed across the enterprise. At Microsoft Ignite, we’re introducing major advancements in Microsoft Purview to support our customers in securing all their agents, wherever they operate. 

The New Reality: Agents Everywhere, Data Risks Amplified 

For many organizations, the pace of agent creation is outstripping traditional oversight. Developers, business units, and other information workers can spin up agents to automate tasks, analyze data, or interact with enterprise systems. This proliferation brings tremendous opportunity, but also a new level of risk. New agents can access sensitive information, trigger cascading actions of other agents, and operate outside direct human supervision. The anxiety is real: how do you protect every agent, even those you didn’t know existed? 

Data risks are especially critical in this new landscape. Agents can process and share sensitive information at scale, interact with external systems, and invoke other agents or large language models, multiplying the complexity and potential of data exposure. Unlike traditional apps, agents are dynamic, autonomous, and currently often invisible to standard security controls. The risk surface expands with every new agent, making comprehensive data protection not just a technical requirement, but a business imperative. 

Purview for Agent 365: Protections for a more complex agent world 

Therefore, this week, we are announcing Agent 365 (A365) as the control plane for agents, enabling organizations to confidently manage, secure, and govern AI agents—first-party, third-party, and custom-built—across the enterprise. With A365, teams can extend familiar Microsoft 365 tools and policies to agents, ensuring unified inventory, robust access controls, lifecycle management, and deep integration with productivity apps. That’s why we’re extending Microsoft Purview protections to A365, bringing enterprise-grade security, compliance, and risk management to every agent. 

Here’s what we’re introducing to make this possible: 

• AI Observability in Data Security Posture Management: Organizations gain visibility, risk assessment, and guided remediation for agents across Microsoft environments. Note: While third-party agents are included in the inventory, assigned risk levels, risk patterns, and guided remediation currently apply to M365 Copilot agents, Copilot Studio, and Microsoft Foundry agents. 

Figure 1: AI Observability in Data Security Posture Management

• Agentic Risk in Insider Risk Management: New agent-specific risk indicators and behavioral analytics enable precise detection and policy enforcement. For example, organizations can now identify risky agent behaviors, such as unauthorized data access or unusual activity patterns, and take targeted action to mitigate threats. 

• Data Loss Prevention (DLP) and Information Protection controls extended to agent actions: Purview DLP and Information Protection policies now extend to agents that operate autonomously, allowing these agents to inherit the same protections and organizational policies as users. For example, these built-in controls ensure AI agents don’t access or share sensitive data when accessing M365 data within apps, whether that means blocking access for agents to labeled files or preventing agents from sending external emails and Teams messages that contain sensitive data.  

• Expanded governance via Communication Compliance, Audit, Data Lifecycle Management and eDiscovery: Organizations benefit from expanded proactive detection, secure retention, and policy-based governance for interactions between humans and agents.  

Figure 2: eDiscovery supports search, review and export of agent interactions for simplified discovery cases.

By including these protections in A365, organizations can apply Purview’s enterprise-grade security, compliance, and risk controls to every agent—making it simpler and safer for customers to deploy agents at scale. 

Learn more about the Agent 365 announcement. 

Extending Purview Controls for All Agents 

Not all agents in an organization will run under an A365 license, yet every agent still requires strong data security and compliance controls. For that reason, we are also adding the following Purview capabilities: 

• Inline data protection for prompts and responses: Expanded DLP capabilities prevent the sharing of sensitive data or files between users and third-party agents (such as ChatGPT or Google Gemini in Agent mode) through inline data protection for the browser and network. 

• Purview SDK embedded in Agent Framework SDK: Purview SDK embedded in Agent Framework SDK enables developers to seamlessly integrate enterprise-grade security, compliance, and governance into the AI agents they build. This integration enables automatic classification and protection of sensitive data, prevents data leaks and oversharing, and provides visibility and control for regulatory compliance—empowering organizations to confidently and securely adopt AI agents in complex environments. 

Embedding Security into the Foundry Development Pipeline 

We are also adding several Purview capabilities specifically available in Foundry: 

• Purview integration with Foundry: Purview is now enabled within Foundry, allowing Foundry admins to activate Microsoft Purview on their subscription. Once enabled, interaction data from all apps and agents flows into Purview for centralized compliance, governance, and posture management of AI data. 

• Azure AI Search honors Purview labels and policies: Azure AI Search now ingests Microsoft Purview sensitivity labels and enforces corresponding protection policies through built-in indexers (SharePoint, OneLake, Azure Blob, ADLS Gen2). This enables secure, policy-aligned search over enterprise data, enabling agentic RAG scenarios where only authorized documents are returned or sent to LLMs, preventing data oversharing and aligning with enterprise data protection standards. 

• Communication Compliance for Foundry: New policies extend Communication Compliance capabilities to Foundry, allowing security admins to set organization-wide Communication Compliance policies for acceptable communication for interactions with Foundry-built apps and agents, supported by Microsoft’s Responsible AI Standard. In Foundry Control Plane, Foundry admins will be able to view any deviations from this policy. In addition, Purview admins will be able to review potentially risky AI interactions in Communication Compliance, enabling them to decide on appropriate next steps. 

Figure 3:Communication Compliance provides visibility to potential unethical or harmful agent interactions

• Automated AI Compliance Assessments: The new integration between Microsoft Purview Compliance Manager and Foundry delivers automated, real-time compliance for AI solutions. Organizations can quickly assess agents against global standards like the EU AI Act, NIST AI RMF, and ISO/IEC, with one-click assessments and live monitoring of critical controls such as fairness, safety, and transparency. This streamlined approach eliminates manual mapping, surfaces actionable insights, and helps AI systems remain audit-ready as they evolve. 

Strengthening Trust in Microsoft 365 Copilot 

And we’re not stopping there. We’re continuing to expand Purview’s protections for Microsoft 365 Copilot to help organizations provide real-time protection for sensitive data in and accelerate remediation of oversharing risks. New enhancements include: 

• Item-level oversharing investigation and remediation: Data security admins can now use data risk assessments in DSPM to analyze user sharing links in SharePoint and OneDrive and take bulk actions such as applying sensitivity labels to shared files, requesting the site owner to review sharing links, or disabling the links entirely. These enhancements streamline risk management, reduce exposure, and give organizations greater control over sensitive data at scale.  

• Expanding DLP for Microsoft 365 Copilot to safeguard sensitive prompts and prevent data leakage: This new real-time control applicable to M365 Copilot, Copilot Chat and Copilot agents, helps prevent data leaks and oversharing by detecting and blocking sensitive data based on SITs in prompts. By blocking the prompt, this also prevents sensitive data from being used for grounding in Microsoft 365 or the web. This expands on the existing capability to prevent sensitive files & emails from being accessed by Copilot based on sensitivity label. 

• Data security and compliance admins need stronger controls for Copilot-related assets like Teams meeting recordings and transcripts. They want to identify recordings with sensitive data and delete them to reduce risk and free up storage. We are announcing two new capabilities to help: 

• • Priority cleanup for M365 Copilot assets: Enables admins to override existing retention policies and compliantly delete files, such as meetings recordings and transcripts created to support Copilot use. Priority cleanup is now generally available in Purview Data Lifecycle Management. 

• • On-demand classification now extends to meeting transcripts: Information Protection automatically classifies files when they’re created, accessed, or modified, identifying sensitive information in real time. On-demand classification brings the same discovery and classification to data-at-rest without requiring user interactions. We’ve now added meeting transcripts to that coverage. Once the sensitive data in meeting transcripts is discovered and classified, admins can apply DLP or Data Lifecycle Management (DLM) to protect sensitive data from being shared or exposed unintentionally. 

• Honoring Purview data security controls when using Copilot Mode in Edge for Business: Microsoft Edge for Business now features Copilot Mode to empower users to accelerate their productivity through AI-assisted browsing. Copilot Mode honors existing Purview data protections, such as preventing summarization of sensitive content open in the browser. Additionally, Agent Mode can be enabled for multi-step agent workflows in the browser. These agentic workflows will honor the user’s existing DLP protections, such as endpoint DLP policies that prevent pasting of sensitive data to sensitive service domains. 

Collectively, these capabilities reinforce Purview as the enterprise standard for securing AI-powered productivity. They give organizations the protections they need to scale Copilot usage with confidence and control. 

Empowering Secure Agentic AI Adoption 

As agents become integral to enterprise operations, Purview’s expanded protections empower organizations to safely embrace agentic AI—maintaining control, trust, and accountability at every step. With unified data security and compliance, organizations can observe and assess agent risk, prevent oversharing and leakage, detect risky agent behavior, and take decisive control to turn agentic AI into a trusted engine for growth. 

To learn more about Agent 365, visit the Agent 365 website.