Stay ahead of evolving risks and mitigate vulnerabilities with Microsoft Purview Data Security Posture Management (DSPM). Gain prioritized visibility into data security risks, track unprotected sensitive information, and receive actionable insights. With built-in classifiers, automated risk assessments, and AI-powered capabilities like Security Copilot, you can identify and mitigate threats, ensuring a compliant data security environment.
Talhah Mir, Microsoft Purview’s Principal Group Product Manager, shows how to transform your data security strategy with automated, intelligent risk management and maintain continuous protection across your organization.
Stay ahead of evolving risks and mitigate vulnerabilities.
See how to manage your data security posture with Microsoft Purview DSPM.
Automatically scan your organization’s data for security gaps with built-in classifiers.
Get quick, actionable insights with Microsoft Purview DSPM.
Uncover risks associated with generative AI apps.
Leverage Microsoft Purview and Security Copilot to ensure your organization’s data remains secure.
Watch our video here:
QUICK LINKS: 00:00 — Build and maintain a strong data security posture
01:25 — Start in Microsoft Purview Portal
02:14 — Microsoft Purview solutions
03:39 — Analytic reports
04:39 — Take action
05:30 — AI app-focused view
06:13 — View trends
06:59 — Add Security Copilot capabilities
09:37 — Wrap up
Link References
Get started at https://aka.ms/DSPM
Unfamiliar with Microsoft Mechanics?
As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
- Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
- Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
- Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast
Keep getting this insider knowledge, join us on social:
- Follow us on Twitter: https://twitter.com/MSFTMechanics
- Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
- Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
- Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Video Transcript:
-Do you have a good handle on the data security risks like data leaks and data theft in your organization? Building and maintaining your data security posture is hard. Every day, people are creating information, and they’re sharing it both inside and outside of the organization.
-They may not necessarily be protecting that information consistently, if at all, or there may be policy gaps in the types of information protected, and even where protections are in place, users might downgrade them to more easily share and collaborate, or they may be pasting sensitive information into non-sanctioned AI tools to speed up their productivity. The volume of data and the level of activity around it is hard to get a handle on, and this is where Microsoft Purview Data Security Posture Management, or DSPM comes in.
-It gives you prioritized visibility into the data security risks impacting your organization’s data so that you can quickly focus your efforts, and provides a centralized place to continually measure the effectiveness of your data security policies. This also includes surfacing data security risks based on the use of Gen AI apps in your organization, and with built-in Security Copilot integration, I’ll show you how you can effortlessly investigate and uncover risks that might not be immediately apparent.
-And the good news is that you can use Microsoft Purview Data Security Posture Management, even if you haven’t configured a single policy in Microsoft Purview or are starting from scratch. Getting started is easy. From the Microsoft Purview portal, you’ll navigate to Data Security Posture Management, then just turn it on, and once you confirm, it will automate the data security risk assessment of your tenant. Under the covers, it uses Microsoft Purview’s built-in classifiers to scan for sensitive information types and leverage other built-in analytics to look for unprotected data and the actions being taken on it.
-And after one to three days, depending on the size of your tenant, you’ll see a populated dashboard with a detailed report on your unprotected sensitive information along with where it resides, and top-line insights into activities happening with the data with a detailed report.
-Then to help you mitigate top data security risks in your tenant, we give you policy recommendations for implementing protective controls. And this assessment gets even richer if you’re using Microsoft Purview’s best-in-class solutions across areas like Data Loss Prevention to ensure you’re preventing data risks as sensitive information is created and moves inside and outside of your environment.
-Information Protection to make sure that content is labeled and classified as a means to discover and trigger the right protections, or Insider Risk Management to catch data risk based on the activities and intent of employees using established user risk levels. All these are solutions that you have access to if you have Microsoft 365 E5 today, and when you use them, those signals will also flow into Data Security Posture Management.
-This includes all logged activities and any configurations you may have set. DSPM takes those signals and connects the dots across where information is stored, how it’s being moved, even who is moving it, and their level of user risk, which means everyone, especially your data security analysts, can have a common and holistic perspective on your organization’s data security risks, and together, you can continually measure the effectiveness of your data security policies.
-So, it removes people and tool silos where you may have different domain experts using these different solutions, and it prevents gaps in your overall data security posture management strategy.
-And as you manage your data security risks daily, it’s the one place to start your day. Here, I’m able to see available analytic reports of where my unprotected sensitive data resides, and the top risky activity types, like exfiltration. This is a correlated view against users with elevated risk levels, because they are either departing, disgruntled, potentially high-impact users, like your executive staff or global admins, high risk based on user risk thresholds, or more.
-So, I can get a firm gauge on what data’s unprotected and at risk, where it resides, how the sensitive data is being moved, and the risk level of users interacting with it. In fact, let’s open the data risk report for unprotected sensitive data, and I can see the total count of files that have no protections and where they reside. This is broken down further by their classifiers, which are sensitive information types, how many items are not labeled at all, and where content may be labeled but has no corresponding protection, which is why the two counts can be different from one another.
-Now we know where the data sits, let’s go back to the dashboard to look at how people may be interacting with the data and potentially placing it at risk. And I can dig into the details for users performing risky activities on unprotected sensitive data and see a complete breakdown of the user activity types along with sensitive data types, the risk levels of users, and the totals. And again, I can use all this to review and identify opportunities to fine-tune my policies.
-In fact, back on the dashboard, there are two data-driven recommendations as actions for me to take, and to take action, I’ll view the recommendations for prevent sequential activities that might leak sensitive data, and quick policy setup helps me implement an Insider Risk Management and Data Loss Prevention policy right from here. I have the option to customize, but since I agree with the defaults, I can create this with one click. As I mentioned, DSPM also gives you an AI app-focused view of your data security posture.
-I can see top-level AI app usage insights from the dashboard view and drill into additional details in the DSPM for AI dashboard in the Activity Explorer view, which is focused on AI app activities, and I can head over to the DSPM for AI reports to see even more, including details for activities with breakdown by app type, how sensitive data is being used across different AI experiences, and user activities with AI apps pivoted on their insider risk levels. So, DSPM for AI gives you broad visibility into how people are using generative AI apps in your organization.
-That said, now that I have a bit of history with our data, we can look at the trends in our DSPM view. In the top-level report, I can see details for percentage of documents that are getting labeled either manually or using auto labeling policies. Then I have a view of sensitive assets covered by at least one DLP policy, like the one I created before with our quick policy. And finally, a view of the risk levels for users in the organization and how that’s trending over time.
-So, there’s evidence that our data security posture is increasing based on the number of labels applied and DLP policy matches. The nice thing here is that you can see org-wide trends. For example, we implemented an auto-labeling policy that impacted a lot of files, and we also see that the medium risk user count also went up. So, what’s happened? These are great aggregate views, but I want more specificity. That’s where we can add Security Copilot capabilities to drill down into the reasons for some of these trends, why they’re happening, and get more details from each.
-When you add Security Copilot to Microsoft Purview, it adds additional capabilities to DSPM, as you can see on the top. These give you starter prompts to prioritize alerts, detect sensitive data leaks, find devices at risk and risky activity. I’m going to in fact, start an investigation with Copilot to hunt for sensitive data leaks. That will open up the Copilot panel and start generating a response for what it finds. Here are three sensitive files.
-Then, under the generated response for these additional suggested prompts, it guides me through the recommended path for investigation. So, I’ll keep going and click on this one to find out the data labels for these files, and it gives me the file names and their corresponding labels. I know that Project Obsidian is a highly confidential project, and the acquisition plans and resumes also contain sensitive information. The last two were detected based on our trainable classifiers in Microsoft Purview.
-Then it also gives me more suggested prompts to continue my investigation, to find out the activities for files containing Project Obsidian, who accessed these files, and the activities involving sensitive data from the last week. I’m curious if the labels for Project Obsidian in particular were downgraded, and of course, at any time, I can also enter my own prompt here as well. So, I’ll do that and prompt it to provide a list of all label downgrade and exfiltration activities on files with Project Obsidian info.
-And using this session’s context with previous prompts and responses, it finds and presents me with insights about what’s happened. It looks like in the last 30 days with these sensitive Project Obsidian files, first labels were downgraded, which would then have enabled them to be shared externally in order to work around the DLP policies we have in place.
-On the left, it suggests that I configure an adaptive protection policy to detect these types of obfuscation techniques. And from here I can ask Copilot, How can an adaptive protection policy prevent this from happening in the future? It looks like this will help protect us against these types of risks by dynamically adjusting policies based on user risk levels. So, I’ll take the recommended action, and I can turn adaptive protection on in just two clicks right from here. And that’s just one example.
-With Copilot, we can uncover insights from many dimensions of activities, files, devices, users, departments, or regions to supercharge the information you can find quickly, so that you can manage your security posture effectively. Data Security Posture Management is currently rolling out in preview. To find out more and get started, check out aka.ms/DSPM. Subscribe to Mechanics for the latest updates, and thank you for watching.