Forum Discussion

Linas1's avatar
Linas1
Copper Contributor
Aug 04, 2025

Collection Policies for AI Prompts

Hello, my goal is to exclude AI prompts from being logged into Purview and Activity Explorer, or to at least not be shown in Activity Explorer. Specifically, I need Purview to only log (or show in A...
jovanimp's avatar
jovanimp
Copper Contributor
Aug 19, 2025

Hi Linas1, 

Maybe you can try this.

Here’s a practical way to get closer to the outcome you’re aiming for — where only AI interactions containing the Sensitive Info Types (SITs) you care about are actually ingested and surfaced in Purview:

Core Principles

The key is understanding that Collection Policy scope defines what classifiers get evaluated, but not whether activity without a match gets dropped. AI interactions in scope are still logged as activities unless explicitly excluded at a detection or data source level. That’s why you’re seeing “AI Interaction activity” records even when no SIT is detected.

Recommended Configuration Approach

1. Define a Narrow Classifier Scope

  • Only include the exact SITs you need (e.g., All Physical Addresses, Country1 Physical Address, Country2 Physical Address).
  • Avoid “All Classifiers” unless your goal is simply to evaluate against every available SIT — because this will still ingest all scoped events.

2. Enable 'Capture Content' With SIT Triggers

  • To truly limit content capture, you need this on — which is why Microsoft grays it out unless all SITs are selected.
  • Once enabled, you can filter to capture content only when the target SITs are matched, reducing noise in Activity Explorer.
  • If you truly don’t want any content without SITs stored, this is the cleanest route.

3. Separate “AI Interaction” Metadata Policies

  • Use one policy for content capture with SIT filtering.
  • Use a separate monitoring approach for activity-only logging if you still need basic AI usage visibility without content.

4. Fine-Tune Detection Sources

  • If detection via “Browser and Network” is producing false positives, test with managed app connectors or Defender for Cloud Apps policies, which may give cleaner detection.

5. Test With Known SIT Samples

  • Use a dummy SIT sample like Microsoft’s test credit card number 4111 1111 1111 1111 to confirm match behavior before going live.
  • Track whether the policy is triggering ingestion only when expected.

 Pro Tip

If your sole goal is to hide non-sensitive AI prompts from Activity Explorer entirely, you’ll need to combine narrow-scoped classifiers with content capture on SIT match only. Without content capture, the interaction activity still logs — but with no SIT attached.

 

Linas1's avatar
Linas1
Copper Contributor
Aug 25, 2025

Hello,

thanks for the reply.

  1. Yup, only SIT's which I need are included.
  2. I need clarification on this - I can't enable Capture Content for the collection policy if All Classifiers is not selected. How do I filter, using what? Do I create a Collection policy with all classifiers and then a separate one? Anyways, even if a policy with all classifiers is created, content that does not match any SIT still appears in the activity explorer.
  3. How can this be done? Any specific solutions or steps that can be provided?
  4. I will check out Defender for cloud apps for this.
  5. Tested, content still appears regardless of SIT.

 

Resources