Forum Discussion

Chris_P's avatar
Chris_P
Occasional Reader
Dec 02, 2025

DSPM for AI Data Risk Assessment Question

Hello everyone, my team is creating a POC for DSPM for AI in order to be ready for actual implementations. We have encountered some unexpected issues that we have found no conclusive answers to in the official articles. Everything that follows is related to the Data Risk Assessment feature that comes with DSPM for AI and its sharepoint site scanning features.

 

First of all, does the assessment feature use both built-in and custom SITs? If this is the case, we need to take into account any custom data types in an actual implementation.

Secondly, we have noticed that no assessment type (including the default one) reads all the sites found in the sharepoint admin center. We have noticed that one of them is probably the root site as its format is https://<domain name>/ while every other site looks like https://<domain name>/sites/<site name>, another one was most likely created by an application and there are some that do not appear in the list but do appear in the assessment results. All of these sites except the "root" seem to be up and running, although some show the "request access" page when opening.

Third, we have not found a conclusive answer as to what is the difference between the site and item level scan. This is because, item level scan finds and scans even less sites. The configuration is as follows: 

  • Default Assessment: All users, All sites (default option) -> Finds 17/19 sites and items scanned do not match the number of items reported to be on the sites in the sharepoint admin center. The issue is that the number of reported unscanned items is 0.
  • Site Level Assessment: All users, All sites (default option) -> Finds 11/19 sites and items scanned do not match the number of items reported to be on the sites in the sharepoint admin center. The issue is that the number of reported unscanned items is 0.
  • Item Level Assessment: All users, No All Sites option. Finds 8/19 sites ->Scans 4/19 sites and items scanned do not match the number of items reported to be on the sites in the sharepoint admin center. The issue is that the number of reported unscanned items is 0.

  

To sum this up, my team's questions are the following: 

  1. Does this solution use custom SITs in addition to built-in ones?
  2. What extra configuration is required to scan ALL sharepoint sites for sensitive info using the Data Risk Assessments?
  3. What added value does the Item Level scan provide?
  4. Is any extra configuration besides the enterprise app creation required for Item Level scanning on all sites

Thank you all in advance!

data risk assessment
DSPM for AI
item level scan
sharepoint
SharePoint365
No RepliesBe the first to reply

Resources