Forum Discussion
I just want to secure AI. DLP vs Info Protection vs DSPM vs Governance vs...
"helps you discover and classify sensitive data, apply consistent protections, and reduce the risk of data loss across Microsoft 365"
^^^ description for a solution that is NOT Data Loss Protection.
Microsoft Purview can feel complex.
If you are looking at controls to minimise oversharing with Microsoft 365 Copilot and Copilot Chat then it depends on what licensing you have. Note that this applies to the enterprise versions, not the consumer Copilot.
The options are:
Available for all licences:
- Block content with sensitive data being shared with Copilot. Sensitive data is either the
out-of-the-box Sensitive Information Types Microsoft has defined, such as IT credentials, credit card data, etc., or your own custom SIT.
If you have E5 compliance or the Purview add-on for Business Premium, then you get additional functionality
- Block content labels with Purview sensitivity labels being uploaded or referenced by Copilot
- Block sensitive content based on SITs or labelled content being shared with third-party or consumer Gen AI apps in the browser
I have just written a blog on How to Deploy Microsoft Purview DLP for Copilot and Generative AI Deploy Microsoft Purview DLP for Copilot Security
Microsoft references
Learn about the default DLP policy for Microsoft 365 Copilot location | Microsoft Learn (available with all licences
https://learn.microsoft.com/en-us/purview/dlp-microsoft365-copilot-location-learn-about
Reach out if you need more information
- Block content with sensitive data being shared with Copilot. Sensitive data is either the
