Microsoft Security Community Blog

4 MIN READ

Using Copilot in Fabric with Confidence: Data Security, Compliance & Governance with DSPM for AI

ajaykallur

Microsoft

Jul 17, 2025

Introduction

As organizations embrace AI to drive innovation and productivity, ensuring data security, compliance, and governance becomes paramount. Copilot in Microsoft Fabric offers powerful AI-driven insights. But without proper oversight, users can misuse copilot to expose sensitive data or violate regulatory requirements.

Enter Microsoft Purview’s Data Security Posture Management (DSPM) for AI—a unified solution that empowers enterprises to monitor, protect, and govern AI interactions across Microsoft and third-party platforms.

We are excited to announce the general availability of Microsoft Purview capabilities for Copilot in Fabric, starting with Copilot in Power BI. This blog explores how Purview DSPM for AI integrates with Copilot in Fabric to deliver robust data protection and governance and provides a step-by-step guide to enable this integration.

Capabilities of Purview DSPM for AI

As organizations adopt AI, implementing data controls and Zero Trust approach is crucial to mitigate risks like data oversharing and leakage, and potential non-compliant usage in AI. We are excited to announce Microsoft Purview capabilities for Copilot in Fabric, starting with Copilot for Power BI, By combining Microsoft Purview and Copilot for Power BI, users can:

Discover data risks such as sensitive data in user prompts and responses in Activity Explorer and receive recommended actions in their Microsoft Purview DSPM for AI Reports to reduce these risks.

DSPM for AI Activity Explorer

DSPM for AI Reports

If you find Copilot in Fabric actions in DSPM for AI Activity Explorer or reports to be potentially inappropriate or malicious, you can look for further information in Insider Risk Management (IRM), through an eDiscovery case, Communication Compliance (CC), or Data Lifecycle Management (DLM).

Identify risky AI usage with Microsoft Purview Insider Risk Management to investigate risky AI usage, such as an inadvertent user who has neglected security best practices and shared sensitive data in AI.

Govern AI usage with Microsoft Purview Audit, Microsoft Purview eDiscovery, retention policies, and non-compliant or unethical AI usage detection with Purview Communication Compliance.

Purview Audit provides a detailed log of user and admin activity within Copilot in Fabric, enabling organizations to track access, monitor usage patterns, and support forensic investigations.

Purview eDiscovery enables legal and investigative teams to identify, collect, and review Copilot in Fabric interactions as part of case workflows, supporting defensible investigations

Communication Compliance helps detect potential policy violations or risky behavior in administrator interactions, enabling proactive monitoring and remediation for Copilot in Fabric

Data Lifecycle Management allows teams to automate the retention, deletion, and classification of Copilot in Fabric data—reducing storage costs and minimizing risk from outdated or unnecessary information

Steps to Enable the Integration

To use DSPM for AI from the Microsoft Purview portal, you must have the following prerequisites,

Activate Purview Audit which requires user to have the role of Entra Compliance Admin or Entra Global admin to enable Purview Audit. More details on DSPM pre-requisites can be found here, Considerations for deploying Microsoft Purview Data Security Posture Management (DSPM) for AI | Microsoft Learn

To enable Purview DSPM for AI for Copilot for Power BI,

Step 1: Enable DSPM for AI Policies

Navigate to Microsoft Purview DSPM for AI.
Enable the one-click policy: “DSPM for AI – Capture interactions for Copilot experiences”.
Optionally enable additional policies:

- - Detect risky AI usage

- - Detect unethical behavior in AI apps

These policies can be configured in the Microsoft Purview DSPM for AI portal and tailored to your organization’s risk profile.

Step 2: Monitor and Act

- - Use DSPM for AI Reports and Activity Explorer to monitor AI interactions.

- - Apply IRM, DLM, CC and eDiscovery actions as needed.

Purview Roles and Permissions Needed by Users

To manage and operate DSPM for AI effectively, assign the following roles:

Role	Responsibilities
Purview Compliance Administrator	Full access to configure policies and DSPM for AI setup
Purview Security Reader	View reports, dashboards, policies and AI Activity
Content Explorer Content Viewer	Additional Permission to view the actual prompts and responses on top of the above permissions

More details on Purview DSPM for AI Roles & permissions can be found here, Permissions for Microsoft Purview Data Security Posture Management for AI | Microsoft Learn

Purview Costs

Microsoft Purview now offers a combination of entitlement-based (per-user-per-month) and Pay-As-You-Go (PAYG) pricing models. The PAYG model applies to a broader set of Purview capabilities—including Insider Risk Management, Communication Compliance, eDiscovery, and other data security and governance solutions—based on copilot for Power BI usage volume or complexity. Purview Audit logging of Copilot for Power BI activity remains included at no additional cost as part of Microsoft 365 E5 licensing. This flexible pricing structure ensures that organizations only pay for what they use as data flows through AI models, networks, and applications.

For further details, please refer to this blog:

New Purview pricing options for protecting AI apps and agents | Microsoft Community Hub

Conclusion

Microsoft Purview DSPM for AI is a game-changer for organizations looking to adopt AI responsibly. By integrating with Copilot in Fabric, it provides a comprehensive framework to discover, protect, and govern AI interactions—ensuring compliance, reducing risk, and enabling secure innovation.

Whether you're a Fabric Admin, compliance admin or security admin, enabling this integration is a strategic step toward building a secure, AI-ready enterprise.