Forum Widgets
Latest Discussions
DSPM not just for AI
New guy diving into Purview trying to learn as much as I can about it. My organization is a GCC tenant so we have lots of caveats on what we see vs preview vs commercial, so that's fun. Long story short, I read the below article on DSPM from Nov 2025: Beyond Visibility: The new Microsoft Purview Data Security Posture Management (DSPM) experience | Microsoft Community Hub Would love the functionality of that but I cannot find DSPM proper in Purview. I see "DSPM for AI" but not seeing anything of non-AI DSPM anywhere in Purview. Even in the Tech Community site, there is no traditional DSPM listed in Purview or Security
DSPM for AI - Block sensitive info from AI apps in Edge
Hi, As anyone been able to get this rule to work DSPM for AI - Block sensitive info from AI apps in Edge? We recently deployed the Purview edge extension and also the devices are onboarded in purview, I have configured some SIT, and the action is set to block, this seems not be triggering. I have also tested the SIT'S in the classifier>SIT. For anyone that has gotten this to work, what steps did you go through and what is the end user experience like? Do they get pop up, that this is blocked by the organization or the prompts do not just return any results
Collection Policies for AI Prompts
Hello, my goal is to exclude AI prompts from being logged into Purview and Activity Explorer, or to at least not be shown in Activity Explorer. Specifically, I need Purview to only log (or show in Activity Explorer) prompts and responses involving few Sensitive Info Types (let's say Credit Card Numbers) only. I read that collection policies should achieve this: https://learn.microsoft.com/en-us/purview/collection-policies-solution-overview "Collection policies are an event collection and filtering tool in Microsoft Purview that enables monitoring and classification of events from apps and locations that lay both inside of and beyond your organizations trust boundaries. They let you filter which events from both untrusted and trusted sources are ingested into Purview. Once ingested, that data can be classified and used by various Microsoft Purview signal consuming solutions, such as Microsoft Purview Activity explorer, Microsoft Purview Insider Risk Management, Microsoft Purview eDiscovery, Microsoft Purview Data Lifecycle Management. Collection policies can help you achieve these data security outcomes: Only ingest the events that you want" This sounds great, but the problem I have is actually implementing it. I need all AI apps (starting with Copilot and 365 Copilot) to not log basic prompts without key Sensitive Info Types, but it simply does not work. For testing, my current policy is this: Scope is to 3 classifiers (All Physical Addresses, Country1 Physical Address, Country2 Physical Address) Activities to detect: Text sent to or shared with cloud or AI app; Text received from cloud or AI app Data Sources: Unmanaged cloud apps: Microsoft Copilot; Microsoft Copilot for Microsoft 365 | All unmanaged AI apps Decide whether to capture content from AI interactions: Don't capture content (Capture Content is grayed out unless I select all sensitive info types) Choose how to detect unmanaged cloud apps: Browser and Network Now I would assume with this Collection Policy it would not capture prompts with the specified sensitive info types, but they are captured (AI Interaction activity), just not detected (no SIT attached/no additional Sensitive Info Types activity). Additionally, for testing, I have a Collection Policy with scope set to all Classifiers as I assume this would only ingest prompts with Sensitive information types in them, but this was not the case. Some clarification how this works and how to achieve what I explained previously would be welcome.
DSPM Data Assessment Report
we started using the report for the organization but are having the following 2 issues Several Columns on the report as showing as not available - even after several days when the report was completely scanned. When creating a new report we are unable to assign the report to a an security or office 365 group. The users have to be added one by one which is a pain
