Forum Discussion

Linas1's avatar
Linas1
Copper Contributor
Aug 04, 2025

Collection Policies for AI Prompts

Hello,

my goal is to exclude AI prompts from being logged into Purview and Activity Explorer, or to at least not be shown in Activity Explorer. Specifically, I need Purview to only log (or show in Activity Explorer) prompts and responses involving few Sensitive Info Types (let's say Credit Card Numbers) only. 

I read that collection policies should achieve this: https://learn.microsoft.com/en-us/purview/collection-policies-solution-overview

"Collection policies are an event collection and filtering tool in Microsoft Purview that enables monitoring and classification of events from apps and locations that lay both inside of and beyond your organizations trust boundaries. They let you filter which events from both untrusted and trusted sources are ingested into Purview. Once ingested, that data can be classified and used by various Microsoft Purview signal consuming solutions, such as Microsoft Purview Activity explorer, Microsoft Purview Insider Risk Management, Microsoft Purview eDiscovery, Microsoft Purview Data Lifecycle Management.

Collection policies can help you achieve these data security outcomes:

Only ingest the events that you want"

 

This sounds great, but the problem I have is actually implementing it. I need all AI apps (starting with Copilot and 365 Copilot) to not log basic prompts without key Sensitive Info Types, but it simply does not work. For testing, my current policy is this:

Scope is to 3 classifiers (All Physical Addresses, Country1 Physical Address, Country2 Physical Address)

Activities to detect: Text sent to or shared with cloud or AI app; Text received from cloud or AI app

Data Sources: Unmanaged cloud apps: Microsoft Copilot; Microsoft Copilot for Microsoft 365 | All unmanaged AI apps

Decide whether to capture content from AI interactions: Don't capture content (Capture Content is grayed out unless I select all sensitive info types)

Choose how to detect unmanaged cloud apps: Browser and Network

 

Now I would assume with this Collection Policy it would not capture prompts with the specified sensitive info types, but they are captured (AI Interaction activity), just not detected (no SIT attached/no additional Sensitive Info Types activity). Additionally, for testing, I have a Collection Policy with scope set to all Classifiers as I assume this would only ingest prompts with Sensitive information types in them, but this was not the case.

 

Some clarification how this works and how to achieve what I explained previously would be welcome.

2 Replies

Sort By
  • jovanimp's avatar
    jovanimp
    Copper Contributor
    Aug 19, 2025

    Hi Linas1, 

    Maybe you can try this.

    Here’s a practical way to get closer to the outcome you’re aiming for — where only AI interactions containing the Sensitive Info Types (SITs) you care about are actually ingested and surfaced in Purview:

    Core Principles

    The key is understanding that Collection Policy scope defines what classifiers get evaluated, but not whether activity without a match gets dropped. AI interactions in scope are still logged as activities unless explicitly excluded at a detection or data source level. That’s why you’re seeing “AI Interaction activity” records even when no SIT is detected.

    Recommended Configuration Approach

    1. Define a Narrow Classifier Scope

    • Only include the exact SITs you need (e.g., All Physical Addresses, Country1 Physical Address, Country2 Physical Address).
    • Avoid “All Classifiers” unless your goal is simply to evaluate against every available SIT — because this will still ingest all scoped events.

    2. Enable 'Capture Content' With SIT Triggers

    • To truly limit content capture, you need this on — which is why Microsoft grays it out unless all SITs are selected.
    • Once enabled, you can filter to capture content only when the target SITs are matched, reducing noise in Activity Explorer.
    • If you truly don’t want any content without SITs stored, this is the cleanest route.

    3. Separate “AI Interaction” Metadata Policies

    • Use one policy for content capture with SIT filtering.
    • Use a separate monitoring approach for activity-only logging if you still need basic AI usage visibility without content.

    4. Fine-Tune Detection Sources

    • If detection via “Browser and Network” is producing false positives, test with managed app connectors or Defender for Cloud Apps policies, which may give cleaner detection.

    5. Test With Known SIT Samples

    • Use a dummy SIT sample like Microsoft’s test credit card number 4111 1111 1111 1111 to confirm match behavior before going live.
    • Track whether the policy is triggering ingestion only when expected.

     Pro Tip

    If your sole goal is to hide non-sensitive AI prompts from Activity Explorer entirely, you’ll need to combine narrow-scoped classifiers with content capture on SIT match only. Without content capture, the interaction activity still logs — but with no SIT attached.

     

    • Linas1's avatar
      Linas1
      Copper Contributor
      Aug 25, 2025

      Hello,

      thanks for the reply.

      1. Yup, only SIT's which I need are included.
      2. I need clarification on this - I can't enable Capture Content for the collection policy if All Classifiers is not selected. How do I filter, using what? Do I create a Collection policy with all classifiers and then a separate one? Anyways, even if a policy with all classifiers is created, content that does not match any SIT still appears in the activity explorer.
      3. How can this be done? Any specific solutions or steps that can be provided?
      4. I will check out Defender for cloud apps for this.
      5. Tested, content still appears regardless of SIT.

       

Resources