Locate, assess, and prioritize high-risk data across Microsoft and non-Microsoft services using Microsoft Purview Data Security Posture Management (DSPM).
Identify sensitive files, understand emerging data risks, and focus remediation efforts where they matter most without slowing down productivity. You can also remediate oversharing, enforce data loss prevention policies, and monitor AI agent activity with full visibility into their interactions with sensitive data.
Talhah Mir, Microsoft Purview Partner GM, shares how to take control of your data security posture, act on top priorities, and build a sustainable discipline for protecting your organization’s information at scale.
One place to manage all of your data security posture.
Target the most critical data risks instantly. Check out the new DSPM solution in Microsoft Purview.
Stop oversharing.
Safeguard sensitive data fast in Microsoft 365 Copilot with DSPM’s one-click policies. Take a look at Microsoft Purview DSPM.
Gain control over AI-driven automation.
Prevent agents from introducing hidden data risks. See how it works with DSPM.
QUICK LINKS:
00:00 — Unified solution with DSPM
01:48 — Day-to-day DSPM use
03:36 — Prevent oversharing
05:52 — AI observability
07:42 — Longer-term view of DSPM
08:25 — How to get DSPM working in your org
09:28 — Wrap up
Link References
Try it out at https://aka.ms/DSPM
Unfamiliar with Microsoft Mechanics?
As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
- Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
- Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
- Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast
Keep getting this insider knowledge, join us on social:
- Follow us on Twitter: https://twitter.com/MSFTMechanics
- Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
- Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
- Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Video Transcript:
-The more secure your data, the more confidently you can adopt and scale AI and agents across your organization. But it’s easier said than done, especially if you’re using multiple tools just to discover what data is in use, and your risk across different services today. Where AI agents just exacerbate the challenge because they can interact with your data and produce outcomes exponentially faster than everyday users, making it harder to respond at equivalent speed. And to not get in the way of productivity, both human and AI, you can’t just lock everything down. You need to be able to dynamically apply data protection based on risky activity. This is where the newly expanded Microsoft Purview Data Security Posture Management, or DSPM for short, changes everything. Deeply integrated across Microsoft ecosystem and beyond, it provides a single, unified solution for discovering sensitive data across your digital estate, including from non-Microsoft services.
-Built-in intelligence continuously evaluates your data risk, isolating the areas that pose the greatest risk and that deserve the most attention right now. Integrated and adaptive protection, based on both human and non-human risky activity, lets you remediate policy gaps directly within DSPM, in just a few clicks. Agents in Purview can then autonomously work alongside you and help you to explore how well your data is protected across specific scenarios.
-Powerful new AI observability capabilities then give you granular visibility into agent activity with a first-time view into how much risk they may be introducing into your organization. And custom reports help you to embed posture management into your daily operations by pinpointing areas to strengthen. Even if you haven’t configured a single policy in Microsoft Purview, as I’ll show you in the quick onboarding steps, you’ll be able to use DSPM out of the box.
-But first, I’ll start with a tour of how you can use DSPM as part of your day to day. By design, the experience is organized to speed up your understanding of data risks at play and what to do about them. You can start by interacting directly using suggested Copilot prompts, or work your way down the dashboard where at a glance you can see key posture metrics for data discovery based on the percentage of classified or labeled files, data protection, which is a measure of the percentage of activity covered by existing policy, and data investigation with the percentage of alerts that have been triaged. Emerging data risks are succinctly presented to you at a glance, and you can quickly see available agents to explore your data risk further. Next, top objectives guides you on what data risk scenarios need priority attention across your environment. We’ll go deeper on this one in a second.
-Then, in the data snapshot, data exposure can also be categorized by services and across different platforms in use inside your environment. Additionally, we help you to quickly understand your organization’s data exposure based on its recency. Stale data flags data which was last accessed or updated over a year ago, that needs closer attention. Fresh data, on the other hand, which is higher in volume, indicates data that has been updated or accessed in the past year. Finally, the chart at the bottom reflects the 30-day trends in your organization’s data security posture specific to overshared and exfiltrated items. So you can start your day with a custom and comprehensive assessment of trending data risk.
-Let’s go back to the priority objective highlighted to prevent oversharing of sensitive data, which has even more gravity given the rise of AI. Clicking into see all objectives brings me to the complete list of recommended objectives by risk area in order of priority. At the bottom, I have a few with a healthy green status and a few above those that clearly need attention. They each reflect an outcome-based approach that I can follow through to remediation. I’ll view the top objective on the oversharing to see why it has been prioritized. And I can see data oversharing trends at a glance over time. More than 30,000 files are currently at risk of oversharing, and there are metrics for how many sensitive files are unlabeled and externally shared. Importantly, risk patterns break down why this objective is something to focus on.
-This chart shows overshared sensitive data tied to top Microsoft 365 data sources, and we can see the site name in SharePoint plus the total number of potentially overshared items categorized by how they were shared. DSPM is recommending a data loss prevention policy to protect sensitive data referenced in Microsoft 365 Copilot. This will restrict Copilot access to only labeled documents and emails. It will operate in simulation mode so that I can initially test and tune this policy and enforce it when I’m ready. I’ll hit apply to get everything going. Once that’s run, after some time, when you return to the dashboard, you’ll be able to see the outcome of the objective. Our oversharing objective is no longer a priority; we’re in a healthier green state. Files at risk of oversharing have now halved. And prevent data exposure in Microsoft 365 Copilot interactions has now shifted to be our top priority.
-This time I’ll click in to directly view the remediation plan, and I can see a timeline of when I can expect to see impact once I take action. There are a number of default policies in place along with a few recommended policies. In fact, this one is a brand new Data Loss Prevention control that works during Copilot interactions to restrict sensitive information types from being processed during AI reasoning or used as part of web search, and so we can select and apply it. Now, I’ve shown you the new outcome-focused experience for resolving top objectives.
-Next, let’s switch gears to look at AI observability. Agents can introduce unique risks that differ from human users. They could have more privilege to perform tasks and access and consume sensitive files across multiple systems at a faster rate than humanly possible. Just as we do for humans, we now can apply risk levels to your agents based on their data activity. Here you can see a full inventory of agents working across your organization, how many are high risk, and the total with sensitive interactions. Followed by a breakdown of individual agents and their risk level along with their status. These reflect the policies that you have in place to govern agents. This first agent is risky, but it’s still active, so let’s take a closer look. It’s a new Microsoft Agent 365 agent, which uniquely gives me deeper visibility into its activity.
-The good news is it’s now been quarantined, so it’s not discoverable by users. We can see the knowledge and tools it can access, policy coverage, the agent owner, and its agent identity. Below we can see the agent risk level, risky activity matches, and their categories. Finally, there are also recommended actions to take. Of course, your agents will reference data across your digital estate. Here in asset explorer, you can see a unified view of unlabeled or classified data by workload. Beyond Microsoft 365 and Azure, data is also coming in from Salesforce, Databricks, Snowflake, and others. This is made possible by direct integration with Microsoft Sentinel data lake.
-And this level of visibility will continue to expand as we grow our ecosystem of partner solutions with deep insights on specific data sources. That said, beyond in-depth and dynamic insights into your data risk, DSPM also helps you to take longer-term view of Data Security Posture Management as a sustainable discipline inside your organization. Nine new reports help you to build your organizational muscle for DSPM in key areas from data protection hygiene with data sensitivity label and activity; specific policy coverage and risky activity by both users and AI. I’ll click into this one for auto-labeling policy coverage, and I can quickly see key metrics with a detailed bird’s eye view of what sensitive information types are being discovered and automatically labeled, and where we’re missing opportunities to enforce auto-labeling.
-Now, if you’re wondering what it takes to get DSPM working in your organization, if you’re using Microsoft 365 E5 now, you have access to DSPM already. Set-up is simple. From the Microsoft Purview portal, once you’ve navigated to the DSPM Solution, you just need to click get started. There are two service prerequisites for unified auditing and insights, as well as collection policies for AI that you’ll need to have enabled for everything I’ve shown you today to work.
-Then, all you need to do is hit start setup, and that’s it, you’re ready to go. Depending on the size of your tenant, the service will take a day or so to start bringing in the data to generate insights. Integrating DSPM with partner solutions is also straightforward. From the setup tasks, you’ll select extend your insights with data discovery. Then, you’ll connect your Sentinel Workspace if that hasn’t already been done. Configure Sentinel data lake as the place to ingest logging data, and connect to available partner solutions like Snowflake and Salesforce using Sentinel connectors. In fact, soon you’ll be able to configure protections to those platforms directly from DSPM.
-Whether you’re managing data risk from employees, AI agents, or third-party platforms, the newly expanded DSPM gives you a single solution for discovery and remediation. To try it out, visit aka.ms/DSPM. And if you’re already using classic DSPM solutions, you can easily switch to the new experience and get back to the classic ones under solutions. Subscribe to Microsoft Mechanics for the latest AI and security updates, and thank you for watching!
