From “No” to “Now”: A 7-Layer Strategy for Enterprise AI Safety
The “block” posture on Generative AI has failed. In a global enterprise, banning these tools doesn't stop usage; it simply pushes intellectual property into unmanaged channels and creates a massive visibility gap in corporate telemetry. The priority has now shifted from stopping AI to hardening the environment so that innovation can run at velocity without compromising data sovereignty. Traditional security perimeters are ineffective against the “slow bleed” of AI leakage - where data moves through prompts, clipboards, and autonomous agents rather than bulk file transfers. To secure this environment, a 7-layer defense-in-depth model is required to treat the conversation itself as the new perimeter. 1. Identity: The Only Verifiable Perimeter Identity is the primary control plane. Access to AI services must be treated with the same rigor as administrative access to core infrastructure. The strategy centers on enforcing device-bound Conditional Access, where access is strictly contingent on device health. To solve the "Account Leak" problem, the deployment of Tenant Restrictions v2 (TRv2) is essential to prevent users from signing into personal tenants using corporate-managed devices. For enhanced coverage, Universal Tenant Restrictions (UTR) via Global Secure Access (GSA) allows for consistent enforcement at the cloud edge. While TRv2 authentication-plane is GA, data-plane protection is GA for the Microsoft 365 admin center and remains in preview for other workloads such as SharePoint and Teams. 2. Eliminating the Visibility Gap (Shadow AI) You can’t secure what you can't see. Microsoft Defender for Cloud Apps (MDCA) serves to discover and govern the enterprise AI footprint, while Purview DSPM for AI (formerly AI Hub) monitors Copilot and third-party interactions. By categorizing tools using MDCA risk scores and compliance attributes, organizations can apply automated sanctioning decisions and enforce session controls for high-risk endpoints. 3. Data Hygiene: Hardening the “Work IQ” AI acts as a mirror of internal permissions. In a "flat" environment, AI acts like a search engine for your over-shared data. Hardening the foundation requires automated sensitivity labeling in Purview Information Protection. Identifying PII and proprietary code before assigning AI licenses ensures that labels travel with the data, preventing labeled content from being exfiltrated via prompts or unauthorized sharing. 4. Session Governance: Solving the “Clipboard Leak” The most common leak in 2025 is not a file upload; it’s a simple copy-paste action or a USB transfer. Deploying Conditional Access App Control (CAAC) via MDCA session policies allows sanctioned apps to function while specifically blocking cut/copy/paste. This is complemented by Endpoint DLP, which extends governance to the physical device level, preventing sensitive data from being moved to unmanaged USB storage or printers during an AI-assisted workflow. Purview Information Protection with IRM rounds this out by enforcing encryption and usage rights on the files themselves. When a user tries to print a "Do Not Print" document, Purview triggers an alert that flows into Microsoft Sentinel. This gives the SOC visibility into actual policy violations instead of them having to hunt through generic activity logs. 5. The “Agentic” Era: Agent 365 & Sharing Controls Now that we're moving from "Chat" to "Agents", Agent 365 and Entra Agent ID provide the necessary identity and control plane for autonomous entities. A quick tip: in large-scale tenants, default settings often present a governance risk. A critical first step is navigating to the Microsoft 365 admin center (Copilot > Agents) to disable the default “Anyone in organization” sharing option. Restricting agent creation and sharing to a validated security group is essential to prevent unvetted agent sprawl and ensure that only compliant agents are discoverable. 6. The Human Layer: “Safe Harbors” over Bans Security fails when it creates more friction than the risk it seeks to mitigate. Instead of an outright ban, investment in AI skilling-teaching users context minimization (redacting specifics before interacting with a model) - is the better path. Providing a sanctioned, enterprise-grade "Safe Harbor" like M365 Copilot offers a superior tool that naturally cuts down the use of Shadow AI. 7. Continuous Ops: Monitoring & Regulatory Audit Security is not a “set and forget” project, particularly with the EU AI Act on the horizon. Correlating AI interactions and DLP alerts in Microsoft Sentinel using Purview Audit (specifically the CopilotInteraction logs) data allows for real-time responses. Automated SOAR playbooks can then trigger protective actions - such as revoking an Agent ID - if an entity attempts to access sensitive HR or financial data. Final Thoughts Securing AI at scale is an architectural shift. By layering Identity, Session Governance, and Agentic Identity, AI moves from being a fragmented risk to a governed tool that actually works for the modern workplace.
Survey: Microsoft Purview Retention Labels in Outlook Mobile (iOS/Andriod)
We need your input! Today, in Outlook for Windows, Outlook for the Web, and (currently rolling out) Outlook for Mac, end-users can manually apply Microsoft Purview retention labels and MRM personal tags to individual emails and non-default (user-created) folders. The Outlook and Data Lifecycle Management product groups are interested in learning from our customers how important that same functionality would be in Outlook for Mobile (iOS/Android). Please consider filling out and sharing the following survey to let us know how this feature would or would not be useful to you and your organization: https://aka.ms/RetentionLabels-OutlookMobile Please note that your responses will remain anonymous unless you choose to provide contact information at the end of the survey.
Getting Contextual Summary from SIT(Sensitive info types) via PowerShell cmd
Hi, I am using a PowerShell command(Export-ContentExplorerData) to extract data from an SIT. In the response, I am getting most of the data but I am interested in getting the matching primary element from Contextual summary(Content explorer) https://learn.microsoft.com/en-us/powershell/module/exchange/export-contentexplorerdataHelp! Sensitivity label applied to whole tenant mistakenly with Watermark
We create a sensitivity label to have a watermark to be applied on the files on where it assigned but accidentally or due to misconfiguration, the watermark applied to whole tenant and the files, need a solution to automatically removed these watermarks from the files wherever it is applied. Please assist, TIA... .Sharing: All Built-in SIT categorised
So, Microsoft Purview gives you 313 built-in Sensitive Information Types (SITs)—yes, I counted! When I worked with an Cyber Risk auditor, one of their ask was categorizing all the items that we decided for it to be deployed. This was a bit of a nightmare, so I took one for the team and grouped them into three neat categories: PII, Financial, and Medical. Now, I’m sharing it with you so that my struggle can save you the headache. You’re welcome! Download the excel spreadsheet here: All SIT list and their categories.xlsxIngesting Purview compliance DLP logs to Splunk
We are in the process of enabling Microsoft purview MIP DLP for a large-scale enterprise, and there is a requirement to push MIP DLP related alerts, incidents and data to Splunk SIEM. Could not find any specific documentation for the same. researched on this and found below solutions however not sure which could work to fit in our requirement: Splunk add on for Microsoft security is available: The Splunk Add-on for Microsoft Security is now available - Microsoft Community Hub but this does not talk about Purview DLP logs. This add-on is available for Splunk but only says MIP can be integrated however does not talk about DLP logs: https://splunkbase.splunk.com/app/4564 As per few articles we can also ingest Defender logs to Azure event hub then event hub can be connected to splunk. Above mentioned steps do not explain much about Ingestion of MIP DLP raw data or incidents. If anyone has done it in the past I will appreciate any input.
Sensitivity Labels not working as expected
Hi experts, I've been playing with sensitivity labels recently and I'm in testing phase currently having few ppl testing it for me before I officially deploy to all. However, it looks like there are few things that do not work as expected and I'm not sure why. Hope I can find some help here. Here is what I have configured and what is the experience during our testing Email should inherit sensitivity label form attachment I have label for documents set as required , and email is set to no default label and selected "inherit" label from attachment I have "Confidential\View Only" label that has allowed only "View rights / Reply / Reply all" allowed permission. Testing experience: For emails, when I attach a document with this label assigned, there is no restriction at all and I can forward, download, etc... and the recipient can forward with no issues. Looks like inheritance of label from attachments to email is not working at all. When I (as a recipient) download the attachment, I see that the document has restricted permissions (can't print, save, etc) so it looks it is working on the document level. "Confidential\Internal" label should be blocked I can share with external users via SharePoint ...and can even open it as external user with no issues at all.. Label access control nor DLP prevents this!!! Is there something I miss here? Not sure if important - I have "MS Entra for Sharepoint enabled" DLP is configured to check Sharepoint, Emails, OneDrive for "Confidential\Internal" for "content shared outside the organization" and "sensitivity label Confidential\Internal" and BLOCK it DLP works fine for emails with attachments labelled with this label, and it is blocked as expected Confidential\Internal is blocked in the outlook when trying to send email when I am sending an attachment with Confidential\Internal document in Outlook (New Outlook), I see a note about external users that needs to be removed. When trying to send anyway, it is blocked and I get a message below. Which is great however, another two testers do not get this experience and their email is blocked with DLP (mentioned above) only - which is nice, but the experience I get is much better as users can correct recipients instantly (FYI - I am using NEW Outlook - need to check later this week with the testers if they are on Old or NEW one) Its a bit of text, and I apologize... Wanted to describe is as best as I can 🙂 ... and hopefully help anyone else facing the same... Would be grateful for your help.... As the testing is super time consuming due to the fact that any change I make to sensitivity label and policy, I prefer to wait recommended 24 hrs to see if it had any effect.... Update: forgot to ask, why I see some "built-in" labels when creating emails? When I go to "More Options", in new email, I can see the below: When I go through New Email > Options > Sensitivity - I can see the labels I configuredAll the locations where you can find Sensitivity labels
Update (14-Mar-25): Removed Windows Explorer Here are the locations where you can find the sensitivity label of a document (if there are any that I've missed, please feel free to add it here) Sensitivity Label Button in the Document: In Office applications such as Word, Excel, and PowerPoint, you can find the Sensitivity label button on the Home tab. This button allows users to apply or view sensitivity labels directly within the document interface. (Sensitivity label app on the upper right) Document Properties > Advanced Properties Sensitivity labels can also be found in the document properties. To access this, go to File > Info > Properties > Advanced Properties. Here, you can see detailed metadata, including any applied sensitivity labels. Sensitivity Label Column in SharePoint: In SharePoint, sensitivity labels are displayed in a dedicated column. This allows users to quickly see the sensitivity level of documents stored within SharePoint libraries (Removed) Windows File Explorer: - As it was rightly pointed in the comment section, this is a roadmap item that has yet to materialise. Mobile Applications: Office mobile apps for iOS and Android also support sensitivity labels, enabling users to apply and view labels on the go. Microsoft Purview Compliance Portal: Administrators can manage and view sensitivity labels applied across the organization through the Microsoft Purview Compliance Portal. This portal is only accessible to IT admins who has the right Purview role.New Place to Chat with the Microsoft Information Protection Team
Happy Wednesday, all! We're constantly working to provide easily accessible channels for direct interaction with our product team including feedback on how to improve your experience with our products! Moving forward, you can: talk to the Microsoft Information Protection team about our product and integrations via our Yammer Channel or provide feedback via our UserVoice Forum. You can also continue to get updates in our Microsoft Information Protection blog. Finally, we have a complete list of resources available here. If you're currently engaged in a conversation, the conversation space will be moved to the Microsoft Security and Compliance conversation space on 9/2. Feel free to comment with any questions regarding channels or informational resources.
