Microsoft Purview – Data Security Posture Management (DSPM) for AI
Introduction to DSPM for AI In an age where Artificial Intelligence (AI) is rapidly transforming industries, ensuring the security and compliance of AI integrations is paramount. Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations monitor AI activity, enforce security policies, and prevent unauthorised data exposure. Microsoft Purview Data Security Posture Management (DSPM) for AI addresses three primary areas: Recommendations, Reports, and Data Assessments. DSPM for AI assists in identifying vulnerabilities associated with unprotected data and enables prompt action to enhance data security posture and mitigate risks effectively. Getting Started with DSPM for AI To manage and mitigate AI-related risks, Microsoft Purview provides easy-to-use graphical tools and comprehensive reports. These features allow you to quickly gain insights into AI use within your organization. The one-click policies offered by Microsoft Purview simplify the process of protecting your data and ensuring compliance with regulatory requirements. Prerequisites for Data Security Posture Management for AI To use DSPM for AI from the Microsoft Purview portal or the Microsoft Purview compliance portal, you must have the following prerequisites: You have the right permissions. Monitoring Copilot interactions requires: Users are assigned a license for Microsoft 365 Copilot. o Microsoft Purview auditing enabled. Check instructions for Turn auditing on or off. Required for monitoring interactions with third-party generative AI sites: Devices are onboarded to Microsoft Purview, required for: Gaining visibility into sensitive information that's shared with third-party generative AI sites. (e.g., credit card numbers pasted into ChatGPT). Applying endpoint DLP policies to warn or block users from sharing sensitive information with third-party generative AI sites. (e.g. a user identified as elevated risk in Adaptive Protection is blocked with the option to override when they paste credit card numbers into ChatGPT) The Microsoft Purview browser extension is deployed to users and required to discover site visits to third-party generative AI sites. Things to consider Recommendations may differ based on M365 licenses and features. Not all recommendations are relevant for every tenant and can be dismissed. Any default policies created while Data Security Posture Management for AI was in preview and named Microsoft Purview AI Hub won't be changed. For example, policy names will retain their Microsoft AI Hub -prefix. In this blog post we are going to focus on Recommendations. Recommendations Let's explore each of the recommendations in detail, which will encompass one-click policy creation, data assessments, step-by-step guidance, and regulations. The data in the reports section will be contingent upon the completion of each recommendation. Figure 1: Recommendations – DSPM for AI Control unethical behaviour in AI Type: One-click policy Solution: Communication Compliance Description: This policy identifies sensitive information within prompts and response activities in Microsoft 365 Copilot. Action: Create policy to setup a one-click policy. Conditions: Content matches any of these trainable classifiers: Regulatory Collusion, Stock manipulation, Unauthorized disclosure, Money laundering, Corporate Sabotage, Sexual, Violence, Hate, Self-harm By default, all users and groups are added. The customisation of the policy is also available during the one-click policy creation process. Figure 2: Recommendations – One-click policy Guided assistance to AI regulations Type: New AI regulations Solution: Compliance manager Description: This recommendation is based on the NIST AI RMF regulations, suggesting actions to help users protect data during interactions with AI systems. Action: Monitor AI interaction logs: Go to Audit logs, configure search with workload filter, select copilot and sensitive information type and review search results. Monitor AI interactions in other AI apps: Navigate to DSPM for AI and review interactions in other AI apps for sensitive content and turn on policies to discover data across AI interactions and other AI apps. Flag risky communication and content in AI interactions: Create Communication compliance policy to define the necessary conditions and fields and select Microsoft Copilot as location. Prevent sensitive data from being shared in AI apps: Create Data loss prevention (DLP) policy with sensitive information type as conditions for Teams and Channel messages location. Manage retention and deletion policies for AI interactions: Create a retention policy for Teams chat and Microsoft 365 Copilot interactions to preserve relevant AI activities for a longer duration while promptly deleting non-relevant user actions. Protect sensitive data referenced in Copilot responses Type: Assessment Solution: Data assessments Description: Use data assessments to identify potential oversharing risks, including unlabelled files. Action: Create Data Assessments, Navigate to DSPM for AI - Data Assessments and Create Assessments. Enter assessment name and description Select users and data sources to assets for oversharing data Conduct the assessment scan and review the results to gain insights into oversharing risks and recommended solutions to restrict access to sensitive data. Implement the necessary fixes to protect your data. Discover and govern interactions with ChatGPT Enterprise AI (preview) Type: ChatGPT Enterprise AI (Data discovery) Solution: Microsoft Purview Data Map Description: Register ChatGPT Enterprise workspace to discover and govern interactions with ChatGPT Enterprise AI. Action: If you’re organisation is using ChatGPT Enterprise, then enable the Connector In Microsoft Azure, use Key Vault to manage credentials for third-party connectors: Use Key Vault to create and manage the secret for the ChatGPT Enterprise AI Connector. In Microsoft Purview, configure the new connector using Data Map: How to manage data sources in the Microsoft Purview Data Map Create and start a new scan: Create a new scan, select credential, review, and run the scan. Protect sensitive data referenced in Microsoft 365 Copilot (preview) Type: Data Security Solution: Data loss prevention Description: Content with sensitivity labels will be restricted from Copilot interactions with a data loss prevention policy. Action: Create a custom DLP policy and select Microsoft 365 Copilot as the data source. Create a custom rule o Condition: content contains sensitivity labels. o Action: Prevent Copilot from processing content. Figure 3: Custom DLP policy condition and action Fortify your data security Type: Data security Solution: Data loss prevention Description: Data security risks can range from accidental oversharing of information outside of the organization to data theft with malicious intent. These policies will protect against the data security risks with AI apps. Action: A one-click policy is available to create a data loss prevention (DLP) policy for endpoints (devices), aimed at blocking the transmission of sensitive information to AI sites. It utilises Adaptive Protection to give a warn-with-override alert to users with elevated risk levels who attempt to paste or upload sensitive information to other AI assistants in browsers such as Edge, Chrome, and Firefox. This policy covers all users and groups in your org in test mode. Figure 4: Block with override for elevated risk users Information Protection Policy for Sensitivity Labels Type: Data security Solution: Sensitivity Labels Description: This policy will set up default sensitivity labels to preserve document access rights and protect Microsoft 365 Copilot output. Action: Create policies will navigate to Information protection portal to set up sensitivity labels and publishing policy. Protect your data from potential oversharing risks Type: Data Security Solution: Data Assessment Description: Data assessments provide insights on potential oversharing risks within your organisation for SharePoint Online and OneDrive for Business (roadmap) along with fixes to limit access to sensitive data. This report will include sharing links. Action: This is a default oversharing assessment policy. To see the latest oversharing scan results: Select View latest results and choose a data source. Complete fixes to secure your data. Figure 5: Data assessments – Oversharing assessment data with sharing links report Use Copilot to improve your data security posture (preview) Type: Data security posture management Solution: Data security posture management (DSPM) Description: Data Security Posture Management (preview) combines deep insights with Security Copilot capabilities to help you identify and address security risks in your org. Benefits: Data security recommendations Gain insights into your data security posture and get recommendations protecting sensitive data and closing security gaps. Data security trends Track your org's data security posture over time with reports summarizing sensitive label usage, DLP policy coverage, changes in risky user behaviour, and more. Security Copilot Security Copilot helps you investigate alerts, identify risk patterns, and pinpoint the top data security risks in your org.Protecting Public Data and Trust with Azure Security and Microsoft Entra – A State DOJ Case
On June 27, 2022 - California Department of Justice launched a new Firearms Dashboard Portal with altruistic intentions to “improve transparency and information sharing for firearms-related data” and “balance its duties to provide gun violence and firearms data to support research efforts while protecting the personal identifying information in the data the Department collects and maintains”. Fast forward less than 30 days, the Attorney General’s office is now being sued by two different parties, a national non-profit on July 1 and a group of four CA citizens on July 18 respectively. Both lawsuits are predicated on the assumption that the bold text was not upheld. The CA DOJ and the CA Attorney General are not alone in facing the three pressures that incited this particular incident. Citizens want greater transparency when it comes to community health data, criminal activity, and other politically impacted domains like firearm ownership. This data comes in many forms (databases, video footage, internal reports/memos, court documents, etc.) and resides on a broad array of digital locations. This data is of special interest to hackers looking to leverage Personal Identifiable Information (PII) for financial gain OR hacktivists desiring to expose a particular truth or perceived truth by leaking the information to the broader public.
Purview Webinars
REGISTER FOR ALL WEBINARS HERE Upcoming Microsoft Purview Webinars JULY 15 (8:00 AM) Microsoft Purview | How to Improve Copilot Responses Using Microsoft Purview Data Lifecycle Management Join our non-technical webinar and hear the unique, real life case study of how a large global energy company successfully implemented Microsoft automated retention and deletion across the entire M365 landscape. You will learn how the company used Microsoft Purview Data Lifecyle Management to achieve a step up in information governance and retention management across a complex matrix organization. Paving the way for the safe introduction of Gen AI tools such as Microsoft Copilot. 2025 Past Recordings JUNE 10 Unlock the Power of Data Security Investigations with Microsoft Purview MAY 8 Data Security - Insider Threats: Are They Real? MAY 7 Data Security - What's New in DLP? MAY 6 What's New in MIP? APR 22 eDiscovery New User Experience and Retirement of Classic MAR 19 Unlocking the Power of Microsoft Purview for ChatGPT Enterprise MAR 18 Inheriting Sensitivity Labels from Shared Files to Teams Meetings MAR 12 Microsoft Purview AMA - Data Security, Compliance, and Governance JAN 8 Microsoft Purview AMA | Blog Post 📺 Subscribe to our Microsoft Security Community YouTube channel for ALL Microsoft Security webinar recordings, and more!
AI‑Powered Troubleshooting for Microsoft Purview Data Lifecycle Management
Announcing the DLM Diagnostics MCP Server! Microsoft Purview Data Lifecycle Management (DLM) policies are critical for meeting compliance and governance requirements across Microsoft 365 workloads. However, when something goes wrong – such as retention policies not applying, archive mailboxes not expanding, or inactive mailboxes not getting purged – diagnosing the issue can be challenging and time‑consuming. To simplify and accelerate this process, we are excited to announce the open‑source release of the DLM Diagnostics Model Context Protocol (MCP) Server, an AI‑powered diagnostic server that allows AI assistants to safely investigate Microsoft Purview DLM issues using read‑only PowerShell diagnostics. GitHub repository: https://github.com/microsoft/purview-dlm-mcp The troubleshooting challenge When you notice issues such as: “Retention policy shows Success, but content isn’t being deleted” “Archiving is enabled, but items never move to the archive mailbox” The investigation typically involves: Connecting to Exchange Online and Security & Compliance PowerShell sessions Running 5–15 diagnostic cmdlets in a specific order Interpreting command output using multiple troubleshooting reference guides (TSGs) Correlating policy distribution, holds, archive configuration, and workload behavior Producing a root‑cause summary and recommended remediation steps This workflow requires deep familiarity with DLM internals and is largely manual. Introducing the DLM Diagnostics MCP Server The DLM Diagnostics MCP Server automates this diagnostic workflow by allowing AI assistants – such as GitHub Copilot, Claude Desktop, and other MCP‑compatible clients – to investigate DLM issues step by step. An administrator simply describes the symptom in natural language. The AI assistant then: Executes read‑only PowerShell diagnostics Evaluates results against known troubleshooting patterns Identifies likely root causes Presents recommended remediation steps (never executed automatically) Produces a complete audit trail of the investigation All diagnostics are performed under a strict security model to ensure safety and auditability. What is the Model Context Protocol (MCP)? The Model Context Protocol (MCP) is an open standard that enables AI assistants to interact with external tools and data sources in a secure and structured way. You can think of MCP as a “USB port for AI”: Any MCP‑compatible client can connect to an MCP server The server exposes well‑defined tools The AI can use those tools safely and deterministically The DLM Diagnostics MCP Server exposes Purview DLM diagnostics as MCP tools, enabling AI assistants to run PowerShell diagnostics, retrieve execution logs, and surface Microsoft Learn documentation. More information: https://modelcontextprotocol.io Diagnostic tools exposed by the server The server exposes four MCP tools. 1. Run read‑only PowerShell diagnostics This tool executes PowerShell commands against Exchange Online and Security & Compliance sessions using a strict allow list. Only read‑only cmdlets are permitted: Allowed verbs: Get-*, Test-*, Export-* Blocked verbs: Set-*, New-*, Remove-*, Enable-*, Invoke-*, and others Every command is validated before execution. Example: Archive mailbox not working Admin: “Archiving is not working for john.doe@contoso.com” The AI follows the archive troubleshooting guide: 1 Step 1 – Check archive mailbox status 2 Get-Mailbox -Identity john.doe@contoso.com | 3 Format-List ArchiveStatus, ArchiveState 4 5 Step 2 – Check archive mailbox size 6 Get-MailboxStatistics -Identity john.doe@contoso.com -Archive | 7 Format-List TotalItemSize, ItemCount 8 9 Step 3 – Check auto-expanding archive 10 Get-Mailbox -Identity john.doe@contoso.com | 11 Format-List AutoExpandingArchiveEnabled Finding The archive mailbox is not enabled. Recommended action (not executed automatically): 1 Enable-Mailbox <user mailbox> –Archive All remediation steps are presented as text only for administrator review. 2. Retrieve the execution log Every diagnostic session is fully logged, including: Command executed Timestamp Duration Status Output Admins can retrieve the complete investigation as a Markdown‑formatted audit trail, making it easy to attach to incident records or compliance documentation. 3. Microsoft Learn documentation lookup If a question does not match a diagnostic scenario – such as “How do I create a retention policy?” – the server falls back to curated Microsoft Learn documentation. The documentation lookup covers 11 Purview areas, including: Retention policies and labels Archive and inactive mailboxes eDiscovery Audit Communication compliance Records management Adaptive scopes 4. Create a GitHub issue (create_issue) create_issue lets the assistant open a feature request in the project’s GitHub repo and attach key session details (such as the commands run and any failures) to help maintainers reproduce and prioritize the request. Example: File a feature request from a failed diagnostic ✅ Created GitHub issue #42 Title: Allowlist should allow Get-ComplianceTag cmdlet Category: feature request Labels: enhancement URL: https://github.com/microsoft/purview-dlm-mcp/issues/42 Session context included: 3 commands executed, 1 failure Security and safety model Security is enforced at multiple layers: Read‑only allow list: Only approved diagnostic cmdlets can run No stored credentials: Authentication uses MSAL interactive sign‑in Session isolation: Each server instance runs in its own PowerShell process Full audit trail: Every command and result is logged No automatic remediation: Fixes are never executed by the server This design ensures diagnostics are safe to run even in sensitive compliance environments. Supported diagnostic scenarios The server currently includes 12 troubleshooting reference guides, covering common DLM issues such as: Retention policy shows Success but content is not retained or deleted Policy status shows Error or PolicySyncTimeout Items do not move to archive mailbox Auto‑expanding archive not triggering Inactive mailbox creation failures SubstrateHolds and Recoverable Items growth Teams messages not deleting Conflicts between MRM and Purview retention Adaptive scope misconfiguration Auto‑apply label failures SharePoint site deletion blocked by retention Unified Audit Configuration validation Each guide maps symptoms to diagnostic checks and remediation guidance. Getting started Prerequisites Node.js 18 or later PowerShell 7 ExchangeOnlineManagement module (v3.4+) Exchange Online administrator permissions Required permissions Option Roles Notes Least-privilege Global Reader + Compliance Administrator Recommended, covers both EXO and S&C read access. Single role group Organization Management Covers both workloads but broader than necessary. Full admin Global Administrator Works but overly broad, not recommended. Exchange Online (Connect-ExchangeOnline): cmdlets like Get-Mailbox, Get-MailboxStatistics, Export-MailboxDiagnosticLogs, Get-OrganizationConfig Security & Compliance (Connect-IPPSSession): cmdlets like Get-RetentionCompliancePolicy, Get-RetentionComplianceRule, Get-AdaptiveScope, Get-ComplianceTag Exchange cmdlets require EXO roles; compliance cmdlets require S&C roles. Without both, some diagnostics will fail with permission errors. Why both workloads? The server connects to two PowerShell sessions: The authenticating user (DLM_UPN) needs read access to both Exchange Online and Security & Compliance PowerShell sessions. MCP client configuration The server can be connected to IDE like Claude Desktop or Visual Studio Code (GitHub Copilot) using MCP configuration. Include this configuration in your MCP config JSON file (for VS Code, use .vscode/mcp.json; for Claude Desktop, use claude_desktop_config.json) { "mcpServers": { "dlm-diagnostics": { "command": "npx", "args": [ "-y", "@microsoft/purview-dlm-mcp" ], "env": { "DLM_UPN": "admin@yourtenant.onmicrosoft.com", "DLM_ORGANIZATION": "yourtenant.onmicrosoft.com", "DLM_COMMAND_TIMEOUT_MS": "180000" } } } } Summary The DLM Diagnostics MCP Server brings AI‑assisted, auditable, and safe troubleshooting to Microsoft Purview Data Lifecycle Management. By combining structured troubleshooting guides with read‑only PowerShell diagnostics and MCP, it significantly reduces the time and expertise required to diagnose complex DLM issues. We invite you to try it out, provide feedback, and contribute to the project via GitHub. GitHub repository: https://github.com/microsoft/purview-dlm-mcp Rishabh Kumar, Victor Legat & Purview Data Lifecycle Management TeamMicrosoft deployment blueprint - Address oversharing concerns for your M365 Copilot deployment
Optimized deployment leverages advanced compliance and automation capabilities available in Microsoft 365 E5. This episode outlines how E5 customers can proactively secure data and enhance Copilot performance.From Oversharing to Enforcement: A Practical Guide to AI Data Security with Microsoft Purview
Why AI Changed the Data Security Problem AI does not create entirely new categories of risk—it supercharges existing ones. Traditional data leakage stems from ordinary behavior: sharing a document too broadly, sending an email to the wrong person, copying regulated data to an uncontrolled device. Generative AI amplifies all of these because of the power and speed with which it can proactively surface content that may be obsolete, over-permissioned, or ungoverned. DSPM exists to help with exactly this challenge: it continuously scans your environment to identify sensitive data, assess risk, and recommend actions to reduce exposure. Oversharing at Scale Before AI, an overshared SharePoint file might sit unnoticed. Now, Copilot can summarize it in response to a casual prompt, distributing its contents far beyond the original audience. Prompt Leakage Users can inadvertently expose sensitive information—financial account numbers, health records, project code names—simply by typing them into a Copilot prompt. Because AI interactions feel conversational, users tend to drop their guard. Shadow AI Beyond sanctioned tools, employees experiment with unapproved AI services. Autonomous Agents Autonomous agents expand the data security threat surface by acting independently on sensitive information across systems and boundaries. Their ability to access and share data without direct user interaction increases the risk of oversharing, exfiltration, and unauthorized access, while also introducing complex behavior patterns that are harder to monitor, govern, and control using traditional security models. What Microsoft Purview Now Brings Together Data Security Posture Management (DSPM) DSPM consolidates insights from Data Loss Prevention (DLP), Insider Risk Management, Information Protection, and Data Security Investigations into a single view for monitoring data risks, policy coverage, and posture trends. Now also in Public Preview, DSPM extends coverage to third-party SaaS and IaaS platforms such as Google Cloud Platform, Snowflake, and Databricks, and integrates with partner solutions including Cyera, BigID, and OneTrust for comprehensive risk insights. A central innovation in this version is data security objectives—prominent, selectable cards that each represent a specific security goal. Selecting an objective guides administrators through an end-to-end workflow that groups together the most relevant Purview solutions—information protection, DLP, Insider Risk Management, and eDiscovery—so teams can focus on achieving a specific data security outcome rather than navigating separate solutions. Each Outcome card displays key metrics such as the percentage of data covered by policies, the number of risky sharing incidents, and improvements over time. Within each outcome, DSPM surfaces suggested prioritized actions—applying sensitivity labels, configuring DLP policies, or investigating alerts—all tailored to the organization's data. Administrators can take action directly from the workflow, including remediating oversharing, configuring one-click policies, or launching investigations into suspicious activity. DLP Integration for AI Interactions DLP is one of the core solutions integrated into DSPM's unified approach. The Activity Explorer's AI activities tab captures events where DLP rules were matched during AI interactions—including prompts, responses, and browsing to generative AI sites. DSPM can automate remediation steps such as removing public sharing links or applying data loss prevention policies to help prevent incidents before they happen. AI Observability and Agent Governance Dedicated dashboards and metrics monitor risks associated with AI apps and agents. AI observability enables tracking of agent-specific activities—oversharing, exfiltration, and unusual access patterns—across both Microsoft and third-party environments. Enhanced reporting provides advanced filtering and customizable views, supporting granular analysis of sensitive data usage, DLP activity, and posture trends. Audit logs and activity explorer features help track interactions with AI apps and agents, supporting compliance investigations and incident response. AI-Powered Security Operations DSPM not only secures and governs AI apps and agents but also uses Microsoft Security Copilot and AI agents to help secure and govern data. AI analyzes access patterns, sharing behaviors, and policy gaps to surface actionable risks and can detect unusual activity such as excessive sharing or suspicious downloads. Under administrator guidance, AI agents can take direct action on detected risks—removing public sharing links, applying DLP policies, or revoking permissions. These actions are always audited. To streamline investigations, AI-driven triage agents review alerts from DLP and Insider Risk Management solutions, filtering out noise and highlighting the most critical threats. Three Practical Starting Points For many organizations adopting generative AI, the biggest hurdle isn't recognizing new risks—it's figuring out where to begin. A "boil the ocean" approach can stall progress, while tackling a few targeted areas delivers quicker wins. The best early moves are those that reduce exposure quickly, improve visibility, and build a foundation for stronger governance over time. Starting Point 1: Enable prompt-level protection for Microsoft 365 Copilot An effective first step is to put guardrails on the prompts users enter into AI. Microsoft Purview DLP allows administrators to restrict Microsoft 365 Copilot and Copilot Chat from processing prompts that contain sensitive information. In practice, users are often more comfortable pasting data into a chat prompt than attaching it to an email, which means a well-meaning employee could inadvertently feed a confidential file or personal data into Copilot. Enabling prompt-level DLP creates an immediate safety net: if a user's prompt includes, say, a credit card number or a customer's national ID, Copilot will detect it and refuse to process or share that content. DSPM provides suggested prioritized actions—including configuring DLP policies—that can be activated directly from the workflow, and recommended policies can start in simulation mode. Simulation mode lets you see what would have been blocked or flagged, without actually interrupting users, so you can fine-tune the policy and prepare your helpdesk for any questions. Once you're comfortable with the results, switching to enforcement mode will actively block disallowed prompts and log those events for review. By activating this one control, you've significantly reduced the most immediate oversharing risk—the "oops, I pasted the wrong data" scenario—within hours of starting your AI governance program. Tradeoff: Simulation mode provides safety but delays enforcement. For organizations with imminent regulatory exposure, consider shortening the simulation window and monitoring alert volumes closely. Starting Point 2: Gain visibility into shadow AI usage before broad enforcement The second step is to illuminate what's happening in the shadows. Before rushing into blocking every unsanctioned AI tool, it's crucial to understand how and where AI is being used across the organization. In most enterprises, there's an official layer of AI usage and an often larger, unofficial layer—employees experimenting with free online AI chatbots, writing assistants, or code generators. DSPM provides this visibility. The Discover > Apps and agents dashboard shows AI apps used across the organization, including the top 20 most recently used agents, with details about sensitive data they accessed and how they are protected by Purview policies. The AI observability page provides a broader inventory of all AI apps and agents with activity in the last 30 days, including how many are high risk and the total with sensitive interactions. The Activity Explorer's AI activities tab shows when users browsed to generative AI sites, the prompts and responses involved, whether sensitive information was present, and whether DLP rules were matched. Armed with this insight, you can make informed decisions. If you discover that the majority of "AI consumption" comes from just two external apps, you might focus your immediate controls on those two. Conversely, if the data shows most unsanctioned usage is low-risk, you might decide to monitor rather than block it. The key is visibility first, enforcement second—letting real data guide where to tighten controls versus where to offer secure alternatives. Tradeoff: Visibility without timely follow-through can create a false sense of security. Set a defined window (e.g., 30 days) after which findings must translate into at least one concrete policy action. Starting Point 3: Operationalize DSPM objectives for Copilot A stronger third starting point is to use DSPM as your operational guide, not just a dashboard of charts. DPSM introduces data security objectives—each one a focused end-to-end workflow for a specific outcome. Rather than configuring individual features in isolation, you select an objective and let Purview navigate you through achieving that outcome with the relevant tools. For generative AI, the key objective to leverage early is "Prevent data exposure in Microsoft 365 Copilot and Microsoft Copilot interactions". By selecting this objective in the Purview portal, you're effectively telling Purview, "help me implement whatever is needed to make Copilot safe with our data." The DSPM interface then groups together the critical pieces: it may prompt you to enable a DLP policy, suggest applying or refining sensitivity labels on content, or surface an Insider Risk Management policy template for detecting AI-related risky behavior. It also surfaces metrics so you can track progress—for example, the percentage of data covered by policies, or the number of risky sharing incidents that have been remediated. Using DSPM objectives keeps your team aligned on a clear goal from day one. It shifts the conversation from "what knobs do we turn on?" to "how do we achieve this outcome?" You follow a guided plan curated by the platform's intelligence rather than navigating five different admin pages and hoping it adds up to protection. Tradeoff: Objectives streamline the path but can obscure the underlying complexity. Teams should periodically step outside the guided workflow to review the full policy landscape and ensure no coverage gaps exist between objectives. From Visibility to Remediation: Turning Insights into Action Automated Remediation at Scale DSPM can automate remediation steps such as removing public sharing links or applying data loss prevention policies to prevent incidents before they happen. Under administrator guidance, AI agents within DSPM can take direct action on detected risks—removing sharing links, applying DLP policies, or revoking permissions—and these actions are always audited. This moves the operating model from manual, one-at-a-time fixes to systematic, policy-driven remediation. Closing the Loop: From Risk to Standing Policy DSPM's data security objectives surface suggested prioritized actions such as applying sensitivity labels, configuring DLP policies, or investigating alerts, all tailored to the organization's data. Reporting and analytics are organized by outcome, making it easier to identify and report improvements, compliance, and risk reduction. This turns recurring findings into standing preventive controls. Instead of re-running assessments and manually fixing the same patterns, administrators create durable policies that enforce the desired state going forward. Alert-Driven Investigation and Tuning Audit logs and activity explorer features help track interactions with AI apps and agents, supporting compliance investigations and incident response. Integrated investigation and forensics tools support rapid incident response and root cause analysis for data security events. Impact prediction visuals and progress tracking for remediation steps are surfaced throughout DSPM, enabling administrators to quantify the effect of their actions and adjust course. The closed-loop process is: Discover (DSPM scans and risk assessments) → Remediate (automated actions and bulk fixes) → Prevent (create or tighten DLP and auto-labeling policies) → Monitor (alert review, investigation, and policy tuning). What "Good" Looks Like in a Regulated or Risk-Aware Organization A mature AI governance posture is defined by measurable outcomes and sustainable operating rhythms—not feature count: Clear, communicated AI usage policies. Users know what is and is not acceptable in AI interactions because the tools reinforce the rules. DLP policy tips delivered at the moment of a violation are a primary training mechanism—they remind users in context why their prompt was blocked and what to do instead. Measured enablement over blanket bans. Leading organizations allow Copilot with appropriate controls and restrict only truly unacceptable scenarios. Policies deployed initially in simulation mode provide data to calibrate enforcement thresholds before blocking. This avoids productivity backlash while preserving security posture. High data hygiene and classification rates. Purview's AI protections depend heavily on sensitivity labels. If everything is unlabeled or "General," label-based controls have nothing to act on. Mature organizations invest in auto-labeling and mandatory labeling to close this gap before deploying AI at scale. DSPM's data security objectives include suggested actions such as applying sensitivity labels, directly tying classification to governance outcomes. Quantifiable risk reduction. Security leadership can produce metrics from Purview that show trend lines: DSPM Outcome cards display the percentage of data covered by policies, the number of risky sharing incidents, and improvements over time. These figures feed directly into compliance reporting and audit evidence. Key metrics are tracked over time, supporting continuous improvement of the organization's data security posture. Cross-functional governance. AI governance is not a solo IT Security effort. Stakeholders from security, compliance, legal, and business units review AI usage patterns, discuss policy tuning, and evaluate new Purview capabilities as they release. Role-based access controls within DSPM provide granular access to features and AI content for delegated administration and compliance, enabling this cross-functional model without overexposing sensitive data to every participant. Tradeoff: Strict enforcement can frustrate power users and slow AI adoption. Organizations should explicitly define escalation paths—if a legitimate use case is blocked by DLP, there must be a fast process to review and adjust, rather than a permanent "no." A Phased Adoption Model Phase Focus Key Activities Phase 1 — Quick Wins (weeks) Visibility and baseline safeguards Enable prompt-level DLP for Copilot in simulation mode. Run first DSPM data risk assessment for oversharing. Enable shadow AI discovery via DSPM's Apps and agents dashboard and AI observability page. Start from the DSPM objective "Prevent data exposure in Microsoft 365 Copilot and Microsoft Copilot interactions." Phase 2 — Broad Enforcement (months) Acting on findings Switch DLP policies from simulation to enforcement. Use automated remediation actions (removing sharing links, applying DLP policies, revoking permissions). Expand sensitive information type definitions and add custom types. Rollout user communications explaining new controls and escalation paths. Phase 3 — Mature Governance (ongoing) Continuous improvement and AI-powered operations Leverage AI-driven triage agents to filter alert noise and highlight critical threats. Conduct periodic DSPM posture reviews using Outcome card metrics. Tune policies based on impact prediction visuals and progress tracking. Extend protections to new AI apps and agents as they are adopted—DSPM's AI observability tracks agent-specific activities across Microsoft and third-party environments. Formalize cross-functional AI governance cadence. *Phase 1 should take weeks, not months—the objective is to establish a baseline before risk accumulates. *Phase 2 is where enforcement generates measurable risk reduction. *Phase 3 is ongoing: as Microsoft continues extending Purview to additional AI apps and agent types, the governance framework must evolve in tandem. The DSPM preview's integration with third-party SaaS and IaaS platforms (Google Cloud Platform, Snowflake, Databricks) and partner solutions (Cyera, BigID, OneTrust) means the governance perimeter can expand alongside the organization's AI footprint. Conclusion AI adoption and data protection are not opposing forces. Microsoft Purview now provides the visibility, policy controls, and remediation workflows to move from discovering AI risk to actively governing Copilot, third-party AI apps, and agents at scale. DSPM surfaces oversharing and AI usage patterns through unified dashboards, data risk assessments, and AI observability. DLP blocks sensitive data in prompts and restricts AI access to labeled content. Insider Risk Management detects adversarial AI behavior. AI-driven triage and remediation agents close the gap between identifying a problem and fixing it—with every automated action audited. The path forward starts with practical actions: enable prompt-level DLP, illuminate shadow AI usage, and operationalize DSPM's "Prevent data exposure in Microsoft 365 Copilot and Microsoft Copilot interactions" objective. From there, enforce what you find, measure the results using DSPM's outcome-based metrics, and progressively mature your governance posture. Organizations that operationalize this loop will be in a strong position: able to say, "We use AI to work smarter—and we have the safeguards in place to do it safely."Data Security Posture Management for AI
A special thanks to Chris Jeffrey for his contributions as a peer reviewer to this blog post. Microsoft Purview Data Security Posture Management (DSPM) for AI provides a unified location to monitor how AI Applications (Microsoft Copilot, AI systems created in Azure AI Foundry, AI Agents, and AI applications using 3 rd party Large Language Models). This Blog Post aims to provide the reader with a holistic understanding of achieving Data Security and Governance using Purview Data Security and Governance for AI offering. Purview DSPM is not to be confused with Defender Cloud Security Posture Management (CSPM) which is covered in the Blog Post Demystifying Cloud Security Posture Management for AI. Benefits When an organization adopts Microsoft Purview Data Security Posture Management (DSPM), it unlocks a powerful suite of AI-focused security benefits that helps them have a more secure AI adoption journey. Unified Visibility into AI Activities & Agents DSPM centralizes visibility across both Microsoft Copilots and third-party AI tools—capturing prompt-level interactions, identifying AI agents in use, and detecting shadow AI deployments across the enterprise. One‑Click AI Security & Data Loss Prevention Policies Prebuilt policies simplify deployment with a single click, including: Automatic detection and blocking of sensitive data in AI prompts, Controls to prevent data leakage to third-party LLMs, and Endpoint-level DLP enforcement across browsers (Edge, Chrome, Firefox) for third-party AI site usage. Sensitive Data Risk Assessments & Risky Usage Alerts DSPM runs regular automated and on-demand scans of top-priority SharePoint/E3 sites, AI interactions, and agent behavior to identify high-risk data exposures. This helps in detecting oversharing of confidential content, highlight compliance gaps and misconfigurations, and provides actionable remediation guidance. Actionable Insights & Prioritized Remediation The DSPM for AI overview dashboard offers actionable insights, including: Real-time analytics, usage trends, and risk scoring for AI interactions, and Integration with Security Copilot to guide investigations and remediation during AI-driven incidents. Features and Coverage Data Security Posture Management for AI (DSPM-AI) helps you gain insights into AI usage within the organization, the starting point is activating the recommended preconfigured policies using single-click activations. The default behavior for DSPM-AI is to run weekly data risk assessments for the top 100 SharePoint sites (based on usage) and provide data security admins with relevant insights. Organizations get an overview of how data is being accessed and used by AI tools. Data Security administrators can use on-demand classifiers as well to ensure that all contents are properly classified or scan items that were not scanned to identify whether they contain any sensitive information or not. AI access to data in SharePoint site can be controlled by the Data Security administrator using DSPM-AI. The admin can specify restrictions based on data labels or can apply a blanket restriction to all data in a specific site. Organizations can further expand the risks assessments with their own custom data risk assessments, a feature that is currently in preview. Thanks to its recommendations section, DSPM-AI helps data security administrators achieve faster time to value. Below is a sample of the policy to “Capture interactions for enterprise AI apps” that can be created using recommendations. More details about the recommendations that a Data Security Administrator can expect can be found at the DSPM-AI Documentation, these recommendations might be different in the environment based on what is relevant to each organization. Following customers’ feedback, Microsoft have announced during Ignite 2025 (18-21 Nov 2025, San Francisco – California) the inclusion of these recommendations in the Data Security Posture Management (DSPM) recommendations section, this helps Data Security Administrators view all relevant data security recommendations in the same place whether they apply to human interactions, tools interactions, or AI interactions of the data. More details about the new Microsoft Purview Data Security Posture Management (DSPM) experience are published in the Purview Technical Blog site under the article Beyond Visibility: The new Microsoft Purview Data Security Posture Management (DSPM) experience. After creating/enabling the Data Security Policies, Data Security Administrators can view reports that show AI usage patterns in the organization, in these reports Data Security Administrators will have visibility into interaction activities. Including the ability to dig into details. In the same reports view, Data Security Administrators will also be able to view reports regarding AI interactions with data including sensitive interactions and unethical interactions. And similar to activities, the Data Security Administrator can dig into Data interactions. Under reports, Data Security Administrators will also have visibility regarding risky user interaction patterns with the ability to drill down into details. Adaption This section provides an overview of the requirements to enable Data Security Posture Management for AI in an organization’s tenant. License Requirements The license requirements for Data Security Posture Management for AI depends on what features the organization needs and what AI workloads they expect to cover. To cover Interaction, Prompts, and Response in DSPM for AI, the organization needs to have a Microsoft 365 E5 license, this will cover activities from: Microsoft 365 Copilot, Microsoft 365 Copilot Chat, Security Copilot, Copilot in Fabric for Power BI only, Custom Copilot Studio Agents, Entra-registered AI Applications, ChatGPT enterprise, Azure AI Services, Purview browser extension, Browser Data Security, and Network Data Security. Information regarding licensing in this article is provided for guidance purposes only and doesn’t provide any contractual commitment. This list and license requirements are subject to change without any prior notice and readers are encouraged to consult with their Account Executive to get up-to-date information regarding license requirements and coverage. User Access Rights requirements To be able to view, create, and edit in Data Security Posture Management for AI, the user should have a role or role group: Microsoft Entra Compliance Administrator role Microsoft Entra Global Administrator role Microsoft Purview Compliance Administrator role group To have a view-only access to Data Security Posture Management for AI, the user should have a role or role group: Microsoft Purview Security Reader role group Purview Data Security AI Viewer role AI Administrator role from Entra Purview Data Security AI Content Viewer role for AI interactions only Purview Data Security Content Explorer Content Viewer role for AI interactions and file details for data risk assessments only For more details, including permissions needed per activity, please refer to the Permissions for Data Security Posture Management for AI documentation page. Technical Requirements To start using Data Security Posture Management for AI, a set of technical requirements need to be met to achieve the desired visibility, these include: Activating Microsoft Purview Audit: Microsoft Purview Audit is an integrated solution that help organizations effectively respond to security events, forensic investigations, internal investigations, and compliance obligations. Enterprise version of Microsoft Purview data governance: Needed to support the required APIs to cover Copilot in Fabric and Security Copilot. Installing Microsoft Purview browser extension: The Microsoft Purview Compliance Extension for Edge, Chrome, and Firefox collects signals that help you detect sharing sensitive data with AI websites and risky user activity activities on AI websites. Onboard devices to Microsoft Purview: Onboarding user devices to Microsoft Purview allows activity monitoring and enforcement of data protection policies when users are interacting with AI apps. Entra-registered AI Applications: Should be integrated with the Microsoft Purview SDK. More details regarding consideration for deploying Data Security Posture Management for AI can be found in the Data Security Posture Management for AI considerations documentation page. Conclusion Data Security Posture Management for AI helps Data Security Administrators gain more visibility regarding how AI Applications (Systems, Agents, Copilot, etc.) are interacting with their data. Based on the license entitlements an organization has under its agreement with Microsoft, the organization might already have access to these capabilities and can immediately start leveraging them to reduce the potential impact of any data-associated risks originating from its AI systems.Microsoft deployment blueprint - Address oversharing concerns for your M365 Copilot deployment
In regulated industries, internal oversharing can compromise data integrity and Copilot effectiveness. This episode defines what “Foundational” means for Microsoft 365 E3 customers and outlines actionable steps to mitigate oversharing risks during Copilot deployment.
The future of compliance and data governance is here: Introducing Microsoft Purview
How good is a name change? 🙂 But this announcement is more about an alignment of services into a coherent package: Microsoft Purview. (HT Pete Haigh). The future of compliance and data governance is here: Introducing Microsoft Purview - Microsoft Security Blog To meet the challenges of today’s decentralized, data-rich workplace, we’re introducing Microsoft Purview—a comprehensive set of solutions that help you govern, protect, and manage your entire data estate. This new brand family combines the capabilities of the former Azure Purview and the Microsoft 365 Compliance portfolio that customers already rely on, providing unified data governance and risk management for your organization. Announcement also covers a few new capabilities: general availability (GA) of Microsoft Purview Data Loss Prevention (DLP) for macOS endpoints preview of restricted app groups for Windows endpoints extending our sensitive information type catalog with more than 50 new classifiers. co-authoring of encrypted documents for mobile devices (iOS and Android) preview of multi-stage retention in Microsoft Purview Data Lifecycle Management (formerly Microsoft Information Governance) enhancements to the detection and investigation capabilities of Microsoft Purview Insider Risk Management additional capabilities for Microsoft Purview eDiscovery (Premium) expanded optical character recognition, machine learning model highlighting, reduced detection-to-investigation time, and step-by-step onboarding guidance for Purview Communication Compliance general availability of continuous compliance assessments in Microsoft Purview Compliance Manager.
