Forum Discussion
I just want to secure AI. DLP vs Info Protection vs DSPM vs Governance vs...
nikkichapple looking thru a slideshow you made available on this subject. In one of the early slides, you recommend DSPM as a 'one-click' setup for default AI data protection. Do you still recommend this? Does this implement DLP / sensitivity policies?
Microsoft Purview is a comprehensive set of solutions that helps organizations govern, protect, and manage data wherever it lives. It includes more than a dozen capabilities organized around data security, data governance, and data compliance.
It can definitely be frustrating when getting started, especially if you try to follow the documentation directly from the portal. A good approach is to clearly identify the risks you want to mitigate, then map those risks to the appropriate Purview solutions.
Since your goal is to secure Copilot, I would suggest starting with DSPM as an entry point, then following the recommendations listed in the objectives page. This should also help guide your roadmap.
In addition to what nikkichapple already shared, I would recommend reviewing:
- The Oversharing Blueprint, which outlines the essential steps for establishing a secure and governed foundation for Copilot by remediating oversharing, implementing reliable guardrails, and supporting AI-related regulatory obligations. https://learn.microsoft.com/en-us/microsoft-365/copilot/secure-govern-copilot-foundational-deployment-guidance
- This Microsoft Purview blog on addressing oversharing risk:
https://techcommunity.microsoft.com/blog/microsoft-purview-blog/from-oversharing-to-enforcement-a-practical-guide-to-ai-data-security-with-micro/4513727 - The official Microsoft Purview documentation:
https://learn.microsoft.com/en-us/purview/purview