Event details
MicrosoftQuestion from the live event:
From a security operations center perspective, how can teams get visibility into the prompts users are submitting, and what does the investigation or response workflow look like today?
David_BroaddusAnswer:
We log who is prompting and who is asking the question and other key questions. We call this audit of activity telemetry that's captured end to end throughout the lifecycle AI agent. Anything that the agent interacts with or anything that interacts with the agent including tools and knowledge sources, that activity is captured and available for proof of compliance depending on what is needed and this is the bedrock for all of our investigations.
After this, the responses of the content itself which is passed to the agent or the response of the agent is based on the configurations of your tenant as an admin where you can store things by default.
All of this enriches the metadata available to data security administrators, analysts, and others who need it and can use this to say make decisions on agent risk during investigations and further analysis.- chmcconnell
Follow-up question:
If a user submits a prompt requesting access to sensitive content, such as documents from the CEO’s mailbox, where is that prompt logged, and which service allows security teams to view or investigate that activity?- David_Broaddus
Follow-up Answer:
That is captured as part of observability and is available base on the roles and permissions you set in the different portals based on what your role is.
Different roles will have different needs to manage the same prompt data so visibility will be based on their needs and roles and can be configured within these appropriate portals.