Protect at the speed and scale of AI with Copilot for Security in Microsoft Purview
Published Mar 13 2024 09:00 AM 5,212 Views
Microsoft

In today's fast-paced AI-driven world, data security and compliance admins face the daunting task of keeping up with the overwhelming volume and complexity of alerts. To effectively prioritize and address critical alerts, organizations need the power of AI to provide concise alert summaries, integrated insights, and natural language support within their trusted investigation workflows.

 

To help address these challenges, we announced two experiences back in November. First was the standalone experience to help SOC teams gain visibility across security data – bringing signals together from Defender, Sentinel, Intune, Entra and Purview into a single pane of glass. Today, we are excited to announce that the Purview capabilities will be generally available as of April 1st, to help SOC teams identify risky user activities and sensitive data that could be at risk when investigating a security incident.

 

Figure 1: User risk and data risk insights in Copilot for Security standalone experienceFigure 1: User risk and data risk insights in Copilot for Security standalone experience

Second is the embedded experience, which is integrated directly into your data security and compliance workflows, allowing you to leverage Copilot directly within your environment.  we are excited to announce these capabilities will be available in public preview on April 1st:

 

Summarize alerts in Microsoft Purview Data Loss Prevention

Investigations can be overwhelming for data security admins due to the large number of sources to analyze and varying policy rules. To help alleviate these challenges, Copilot is now natively embedded in Data Loss Prevention to provide a quick summary of alerts, including the source, attributed policy rules, and user risk insights from Microsoft Purview Insider Risk Management. This summary helps admins understand what sensitive data was leaked and associated user risk, providing a better starting point for further investigation. Learn more in our Microsoft Purview Data Loss Prevention announcement.

 

Figure 2: Summarize alerts in Microsoft Purview Data Loss PreventionFigure 2: Summarize alerts in Microsoft Purview Data Loss Prevention

Summarize alerts in Microsoft Purview Insider Risk Management

Insider Risk Management provides comprehensive insights into risky user activities that may lead to potential data security incidents. To accelerate investigations, Copilot in Insider Risk Management summarizes alerts to provide context into user intent and timing of risky activities. These summaries enable admins to tailor investigations with specific dates in mind and quickly pinpoint sensitive files at risk. Learn more in our Microsoft Purview Insider Risk Management announcement. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

 

Figure 3: Summarize alerts in Microsoft Purview Insider Risk ManagementFigure 3: Summarize alerts in Microsoft Purview Insider Risk Management

Contextual summary of communications in Microsoft Purview Communication Compliance

Organizations are subject to regulatory obligations related to business communications, requiring compliance investigators to review lengthy communication violations. Copilot in Communication Compliance helps summarize alerts and highlights high-risk communications that may lead to a data security incident or business conduct violation. Contextual summaries help you evaluate the content against regulations or corporate policies, such as gifts and entertainment and stock manipulation violations. Learn more in our Microsoft Purview Communication Compliance announcement. Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (e.g. SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.

 

Figure 4: Gain contextual summary of policy violations in Microsoft Purview Communication ComplianceFigure 4: Gain contextual summary of policy violations in Microsoft Purview Communication Compliance

Contextual summary of documents in review sets in Microsoft Purview eDiscovery

Legal investigations can take hours, days, even weeks to sift through the list of evidence collected in review sets. This often requires costly resources like outside council to manually go through each document to determine the relevancy to the case. To help customers address this challenge, we are excited to introduce Copilot in eDiscovery. This powerful tool generates quick summaries of documents in a review set, helping you save time and conduct investigations more efficiently. Learn more in our Microsoft Purview eDiscovery announcement.

 

Figure 5: Gain contextual summary of evidence collected in review sets in Microsoft Purview eDiscoveryFigure 5: Gain contextual summary of evidence collected in review sets in Microsoft Purview eDiscovery

Get started

Thanks,

Talhah Mir, Principal Product Manager, Microsoft Purview

Liz Willets, Sr. Product Marketing Manager, Microsoft Purview

1 Comment
Version history
Last update:
‎Mar 12 2024 06:37 AM
Updated by: