Purview YouTube Show and Podcast
I am a Microsoft MVP who co-hosts All Things M365 Compliance with Ryan John Murphy from Microsoft. The show focuses on Microsoft 365 compliance, data security, and governance. Our episodes cover: Microsoft Purview features and updates Practical guidance for improving compliance posture Real-world scenarios and expert discussions Recent episodes include: Mastering Records Management in Microsoft Purview: A Practical Guide for AI-Ready Governance Teams Private Channel Messages: Compliance Action Required by 20 Sept 2025 Microsoft Purview DLP: Best Practices for Successful Implementation Shadow AI, Culture Change, and Compliance: Securing the Future with Rafah Knight đș Watch on YouTube: All Things M365 Compliance - YouTube đ§ Listen on your favourite podcast platform: All Things M365 Compliance | Podcast on Spotify If youâre responsible for compliance, governance, or security in Microsoft 365, this is for you. đ Subscribe to stay up to date â and let us know in the comments what topics youâd like us to cover in future episodes!September Calendar IS HERE!
đâš Another month, another exciting calendar from the Microsoft Hero âšđ From đ different time zones, and đ diverse topics, weâre bringing incredible sessions designed for everyone, whether youâre just starting your journey or already an expert in Microsoft and the cloud. This month, weâve packed the calendar with amazing speakers from across the globe đ who will be sharing their invaluable knowledge and real-world experiences. đ đĄ Join our live sessions, learn from inspiring experts, and take a step closer to transforming your career, boosting your skills, and making an impact in your organization. â° Just like last month, weâre covering multiple time zones, from Australia đŠđș, to Europe đȘđș, to the Americas đ, so no matter where you are, thereâs a session waiting for you! đ Donât miss out, register today, get ready, and letâs grow together from Zero to Hero! đȘđ Santhoshkumar Anandakrishnan https://streamyard.com/watch/3CCPGbvGeEfZ?wt.mc_id=MVP_350258 September 4, 2025 11:00 AM CET September 4, 2025 07:00 PM AEST Arafat Tehsin https://streamyard.com/watch/Nyq7gkQEhXkm?wt.mc_id=MVP_350258 September 9, 2025 11:00 AM CET September 9, 2025 07:00 PM AEST Kim Berg https://streamyard.com/watch/6AyAT6PhD9xv?wt.mc_id=MVP_350258 September 13, 2025 06:00 PM CET Andrew O'Young https://streamyard.com/watch/qTvq25R7dfmu?wt.mc_id=MVP_350258 September 16, 2025 11:00 AM CET September 16, 2025 07:00 PM AEST Pam DeGraffenreid https://streamyard.com/watch/UmwbDn9Gimn8?wt.mc_id=MVP_350258 September 20, 2025 06:00 PM CET Anthony Porter https://streamyard.com/watch/8SFHqmDB3gxH?wt.mc_id=MVP_350258 September 29, 2025 09:00 AM CET September 29, 2025 05:00 PM AESTData security for agents and 3rd party AI in Microsoft Purview
With built-in visibility into how AI apps and agents interact with sensitive data â whether inside Microsoft 365 or across unmanaged consumer tools â you can detect risks early, take decisive action, and enforce the right protections without slowing innovation. See usage trends, investigate prompts and responses, and respond to potential data oversharing or policy violations in real time. From compliance-ready audit logs to adaptive data protection, youâll have the insights and tools to keep data secure as AI becomes a part of everyday work. Shilpa Ranganathan, Microsoft Purview Principal Group PM, shares how to balance AI innovation with enterprise-grade data governance and security. Move from detection to prevention. Built-in, pre-configured policies you can activate in seconds. Check out DSPM for AI. Monitor risky usage and take action. Block risky users from uploading sensitive data into AI apps. See how to use DSPM for AI. Set instant guardrails. Use DSPM for AI to identify AI agents that may be at risk of data oversharing and take action. Get started. QUICK LINKS: 00:00 â AI app security, governance, & compliance 01:30 â Take Action with DSPM for AI 02:08 â Activity logging 02:32 â Control beyond Microsoft services 03:09 â Use DSPM for AI to monitor data risk 05:06 â ChatGPT Enterprise 05:36 â Set AI Agent guardrails using DSPM for AI 06:44 â Data oversharing 08:30 â Audit logs 09:19 â Wrap up Link References Check out https://aka.ms/SecureGovernAI Unfamiliar with Microsoft Mechanics? As Microsoftâs official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -Do you have a good handle on the data security risks introduced by the growing number of GenAI apps inside your organization? Today, 78% of users are bringing their own AI tools, often consumer grade, to use as they work and bypassing the data security protections youâve set. And now, combined with the increased use of agents, it can be hard to know what data is being used in AI interactions to keep valuable data from leaking outside of your organization. -In the next few minutes, Iâll show you how enterprise grade data security, governance, and compliance can go hand in hand with GenAI adoption inside your organization with Data Security Posture Management for AI in Microsoft Purview. This single solution not only gives you automatic visibility into Microsoft Copilot and custom apps and agents in use inside your organization, but extends visibility into AI interactions happening across different non-Microsoft AI services that may be in use. Risk analytics then help you see at a glance whatâs happening with your data with a breakdown of the top unethical AI interactions, sensitive data interactions per AI app, along with how employees are interacting with apps based on their risk profile, either high, medium, or low. And specifically for agents, we also provide dedicated reports to expose the data risks posed by agents in Microsoft 365 Copilot and maker created agents from Copilot Studio. And visibility is just one half of what we give you. You can also take action. -Here, DSPM for AI provides you proactive recommendations to help you take immediate action to enhance your data security and compliance posture right from the service using built-in and pre-configured Microsoft Purview policies. And with all AI interactions audited, not only do you get the visibility I just showed, but the data is automatically captured for data lifecycle management, eDiscovery, and Communication Compliance investigations. In fact, clicking on this one recommendation for compliance controls can help you set up policies in all these areas. -Now, if youâre wondering how activity signals from AI apps and agents flow into DSPM for AI in the first place, the good news is, for the AI apps and agents you build with either Microsoft Copilot services or with Azure AI, even if you havenât configured a single policy in Microsoft Purview, activity logging is enabled by default, and built-in reports are generated for you out of the gate. As I showed, visibility and control extend beyond Microsoft services as soon as you take proactive action. Directly from DSPM for AI, the fortify data security recommendation, for example, when activated under the covers leverage Microsoft Purviewâs built-in classifiers to detect sensitive data and to log interactions from local app traffic over the network, as well as the device level to protect file system interactions on Microsoft Purview onboarded PCs and Macs, and even web-based apps running in Microsoft Edge, to help prevent risky users from leaking sensitive data. -Next, with insights now flowing in, let me walk you through how you can use DSPM for AI every day to monitor your data risks and take action. Iâll start again from reports in the overview to look at GenAI apps that are popular in our organization. Something that is really concerning are the ones in use by my riskiest users who are interacting with popular consumer apps like DeepSeek and Google Gemini. ChatGPT consumer is at the top of the list, and itâs not a managed app for our organization. Itâs brought in by users who are either using it for free or with a personal license, but whatâs really concerning is that it has the highest number of risky users interacting with it, which could increase our risk of data loss. Now, my first inclination might be to block usage of the app outright. That said, if I scroll back up, instead I can see a proactive recommendation to prevent sensitive data exfiltration in ChatGPT with adaptive protection. -Clicking in, I can see the types of sensitive data shared by users and their prompts. Creating this policy will log the actions of minor-risk users and block high-risk users from typing in or uploading sensitive information into ChatGPT. I can also choose to customize this policy further, but Iâll keep whatâs there and confirm. And with the policies activated, now let me show you the result. Here we have a user with an elevated risk level. Theyâre entering sensitive information into the prompt, and when they submit it, they are blocked. On the other hand, when a user with a lower risk level enters sensitive information and submits their prompt, theyâre informed that their actions are being audited. -Next, as an admin, let me show you how this activity was audited. From DSPM for AI in the Activity Explorer, I can see all interactions and any matching sensitive information types. Hereâs the activity we just saw, and I can click into it to see more details, including exactly what was shared in the userâs prompt. Now for ChatGPT Enterprise, thereâs even more visibility due to the deep API integration with Microsoft Purview. By selecting this recommendation, you can register your ChatGPT Enterprise workspace to discover and govern AI interactions. In fact, this recommendation walks you through the setup process. Then with the interactions logged in Activity Explorer, not only are you able to see what prompts were submitted, but you can also get complete visibility into the generated responses. -Next, with the rapid development of AI agents, let me show you how you can use DSPM for AI to discover and set guardrails around information used with your user-created agents. Clicking on agents takes you to a filtered view. Immediately, I can see indicators of a potential oversharing issue. This is where data access permissions may be too broad and where not enough of my data is labeled with corresponding protections. I can also see the total agent interactions over time, the top five agents open to internet users, with interactions by unauthenticated or anonymous users. This is where people outside of my organization are interacting with agents grounded on my organizationâs data, which can be bad. -I can also quickly see a breakdown of sensitive interactions per agent along with the top sensitivity labels referenced to get an idea of the type of data in use and how well protected it is. To find out more, from the Activity Explorer, I can see in this AI interaction, the agent was invoked in Copilot Chat, and I can view the agentâs details and see the prompt and response just like before. Now what I really want to do is to take a closer look at the potential data oversharing issue that was flagged. For that, Iâll return to my dashboard and click into the default assessment. These run every seven days, scanning files containing sensitive data and identifying where those files are located, such as SharePoint sites with overly permissive user access. -And I can dig into the details. Iâll click into the top one for âObsidian Mergerâ and I can see label coverage for the data within it. And in the protect tab, there are eight sensitivity labels and five that are referenced by Copilot and agents. Since I want agents to honor data classifications and their related protections, I can configure recommended policies. The most stringent option is to restrict all items, removing the entire site from view of Copilot and agents. Or for more granular controls, I also have a few more options. I can create default sensitivity labels for newly created items, or if I move back to the top-level options, I have the option to âRestrict Access by Label.â The Obsidian Merger information is highly privileged, and even if youâre on the core team working on it, we donât want agents to reason over the information, so Iâll pick this label option. -From there, I need to extend the list of sensitivity labels and Iâll select Obsidian Merger, then confirm to create the policy. And this will now block the agent from reasoning over the content that includes the Obsidian Merger label. In fact, letâs look at the policy in action. Here you can see the user is asking the Copilot agent to summarize the Project Obsidian M&A doc and even though they are the owner and author of the file, the agent cannot reason over it. It responds, âUnfortunately, I canât provide detailed information because the content is protected.â -As I mentioned, for both your agents and GenAI apps across Microsoft and non-Microsoft services, all activity is recorded in Audit logs to help conduct investigations whenever needed. In fact, DSPM for AI logged activity flows directly into Microsoft Purviewâs best-in-class solutions for insider risk management, letting your security teams detect risky AI prompts as part of their investigations into risky users, communication compliance to aid investigations into non-compliance use in AI interactions, such as a user trying to get sensitive information like an acquisition plan, eDiscovery, where interactions across your Copilots, agents, and AI apps can be collected and reviewed to help conduct investigations and respond to litigations. -So that was an overview of how GenAI adoption can go hand in hand with your enterprise grade data security, governance, and compliance requirements for your organizations, keeping your data protected. To learn more, check out aka.ms/SecureGovernAI. Keep watching Microsoft Mechanics for the latest updates, and thanks for watching.
Can MS Purview mask data in CE
Hi Can MS Purview enable data masking in Dynamics Customer Engagement / Service, If yes how this can be achieved? if No, Can we expect this feature in near future? Note: We would not enable any mask (Field Security Profile) features directly in CE, would like to happen using MS PurviewPurview AMA March 12 - Ask Questions Below!
The next Purview AMA covering Data Security, Compliance, and Governance takes place on 12 March at 8am Pacific. Register HERE! Your subject matter experts are: Maxime Bombardier - Purview Data Security and Horizontals Sandeep Shah - Purview Data Governance Peter Oguntoye - Purview Compliance And, if you'd like to get started now, feel free to post your questions as comments below. They may be answered live, or if we don't get to them, they will be answered in-text below (you may also note what you'd prefer!) Thank you for being a part of the Purview community, we can't do exciting events like this without you! Don't forget to register âïž
Sensitivity Label change alert
We have successfully rolled out Sensitivity Labels across our organization. All users an admins subscribe to M365 E5 I would like create an alert email which fires when a Sensitivity Label is replaced with a lower-order label on any document or email. The Activity Explorer logs in Purview show the labell applied, but events, but I am struggling to find a way to create an alert. I tried using PowerAutomate, but unable to find a solution there. Thanks DheerajSecuring outbound traffic with Azure Data Factory's outbound network rules
The Outbound Rules feature in Azure Data Factory allows organizations to exercise granular control over outbound traffic, thereby strengthening network security. By integrating with Azure Policy, this feature also improves overall governance.Kick Start Your Security Learning with a 7-lesson, Open-Source Course
This course is designed to teach you fundamental cyber security concepts to kick start your security learning. It is vendor agnostic and is divided into small lessons that should take around 30-60 mins to complete. Each lesson has a small quiz and links to further reading if you want to dive into the topic a bit more.
