Insider Risk Management empowering risky AI usage visibility and security investigations
Discover how Microsoft Purview Insider Risk Management helps you safeguard your data in the AI era and empowers security operations centers to enhance incident investigations with comprehensive data security context.New M365 Copilot Data Lifecycle Management options
Organizations can use Purview Data Lifecycle Management policies to keep or delete Microsoft 365 Copilot prompts and responses, known as interactions. For example, organizations may want to keep prompts and responses for legal reasons or ensure they are deleted after a period of time due to a company policy. Previously, these Copilot interactions shared a policy targeting location with Microsoft Teams chats, which meant that Copilot interactions and Teams chats were managed using the same retention and deletion settings. Organizations often have different retention and deletion strategies for these two types of content, so managing them with the same settings was too inflexible. Today we are announcing a new Data Lifecycle Management policy location dedicated to Microsoft Copilot experiences. This new location enables admins to specify retention and deletion settings for only Copilot interactions, separate from Microsoft Teams chat settings. For example, now you can delete Microsoft Teams chats after 90 days and delete Copilot interactions after 30 days. Additionally, this Copilot experiences location will manage both Microsoft 365 and Copilot Studio generated interactions. Organizations that are currently using Data Lifecycle Management to retain or delete Copilot interactions will not experience any changes to how their data is managed today. To take advantage of this new location separation, a compliance administrator will need to create a new policy using the new Copilot experiences location and a new Microsoft Teams chat policy. Then once the policy takes effect, you can delete the old, combined location policy. Learn more about retention and deletion for Copilot interactions in Data Lifecycle Management. Data Lifecycle Management Resources Ninja training:https://aka.ms/DLM/NinjaTraining Interactive guide:https://aka.ms/Guide Documentation:https://aka.ms/DLM/Documentation Blog:https://aka.ms/DLM/Blog Roadmap:https://aka.ms/DLM/Roadmap Customer stories:https://aka.ms/DLM/Stories Set-up guide:https://aka.ms/DLM/SetUp Start a 90-day trial: https://aka.ms/DLM/FreeTrial Website:https://aka.ms/DLM/WebsiteStrengthen your data security posture in the era of AI with Microsoft Purview
Organizations face challenges with fragmented data security solutions and the amplified risks due to generative AI. We are now introducing Microsoft Purview Data Security Posture Management (DSPM) in public preview, which provides comprehensive visibility into sensitive data, contextual insights, and continuous risk assessment. DSPM is integrated with Microsoft 365 and Windows devices, leveraging generative AI through Security Copilot for deeper investigations and efficient risk management, and provides several capabilities across centralized visibility, actionable policy recommendations, and continuous risk assessment to enhance data security.Accelerate AI adoption with next-gen security and governance capabilities
Generative AI adoption is accelerating across industries, and organizations are looking for secure ways to harness its potential. Today, we are excited to introduce new capabilities designed to drive AI transformation with strong security and governance tools.Strengthening data protection in the modern workplace with Microsoft Purview Information Protection
In today's rapidly evolving digital landscape, the protection of sensitive organizational data is critical, especially given the accelerated adoption of AI technology. However, only 22% of organizations feel extremely confident in their ability to keep data secure as they adopt generative AI technologies [1]. Simultaneously, data security teams are tasked with protecting organizationaldata across a growing set of access points as employees work from a variety of different devices, browsers, and locations. Microsoft Purview Information Protection continues to invest in comprehensive protections to safeguard data across modern data estates – including those that have enabled generative AI for their workforce. In this blog, we’ll share notable classification improvements and additions to Information Protection that can help your organization protect sensitive data wherever it lives or travels, extend support for protected documents wherever work happens, and strengthen protections for mission-critical documents. Protecting sensitive data wherever it lives or travels across the modern data estate Today, we are excited to announce enhanced labeling and document protections for Office files and PDFs in SharePoint for customers with E5 and SharePoint Advanced Management licenses. Previously, SharePoint site owners could apply default sensitivity labels to newly added or created files in a document library. Now, site owners can easily extend sensitivity labels to all documents at rest in a library and protect them through the label if they are downloaded, moved, or copied from SharePoint. This two-fold enhancement, now in public preview, not only streamlines labeling for all currently-unlabeled and unprotected documents at rest but also ensures that protections travel with the documents if they leave the original SharePoint site. After selecting the option to “Extend protections on unencrypted files when they’re downloaded, copied, or moved" in the library settings, site owners will now see the specified label applied to all previously-unlabeled files or files with labels that were not configured to apply encryption. These labels also extend to files that are synchronized with OneDrive. Based on the label’s user-defined permissions, only those who have access rights to the online copy of the file can decrypt and access the file when downloaded. If a user's permissions to the original SharePoint library are revoked, their access to any documents within that library – even when downloaded locally – are also revoked. This keeps documents protected as they leave SharePoint, such as for collaboration purposes or due to attempted exfiltration. This feature is also supported by the Information Protection SDK. It is worth noting that this capability only supports labels with user-defined permissions at this time. Additional labeling & SDK improvements in Microsoft Purview Information Protection In addition to the enhanced labeling capability for SharePoint document libraries detailed above, we are pleased to share improvements to our auto labeling capacity for OneDrive and SharePoint. Purview Information Protection now supports auto-labeling of up to 100k files per day, up from the previous 25k file limit. This improvement is generally available. Additionally, auto-labeling simulation mode now features the ability to view the sensitivity label currently applied to a file, and the ability to filter based on label. These improvements to auto-labeling simulation mode will become available in public preview in the coming weeks. Learn more about auto-labeling simulation mode here. Extending label-based protections to Teams, Copilot Studio, and Fabric To further enable consistent, streamlined sensitivity labeling of your important business data, we are announcing label inheritance for Teams meetings based on the sensitivity of files shared in the meeting in public preview. This capability, which will be available in the coming weeks, facilitates secure collaboration across your organization by ensuring that if labeled files are referenced in a Teams meeting, the highest sensitivity label will be applied holistically to the meeting, its artifacts, and the files that were shared within. For example, if a Teams meeting is initiated with a “General” sensitivity label, and a collaborator in the meeting shares a document labeled “Highly Confidential” in the meeting chat, the label of the meeting will be upgraded to “Highly Confidential.” Microsoft Purview is also supporting ways to protect sensitive data in custom AI applications built through Copilot Studio. In May, we announced that developers using Copilot Studio can turn on the Purview integration to extend our best-of-suite data security controls to their custom apps – this includes the ability to limit access to sensitive data to only authorized users, and for AI-generated outputs to inherit and cite the sensitivity label of referenced files. To learn more about new Purview data security & governance controls for apps built in Copilot Studio, visit the blog. Last month, weannounced that we were extending the ability to apply labels and restrict access to content based on sensitivity label to Fabric data, helping admins discover, classify, and protect sensitive information. With this expanded sensitivity label support, admins could use sensitivity labels to manage who has access to Fabric items. For example, a security admin could restrict access to data items with a “financial data” sensitivity label to users except for those in the finance department. These data protection and auto labeling policies are now available in public preview for Fabric, Azure SQL, and Azure Data Lake Storage (ADLS), ensuring that your business-critical data is protected even beyond Microsoft 365. In the spirit of expanding Information Protection support across services and platforms, we’re also happy to share that the Information Protection SDK on .NET is now generally available on all supported Ubuntu LTS versions. Extending support for protected documents wherever work happens With the goal of securing sensitive data without hindering user productivity, we’d like to share three additional enhancements to Information Protection that make it easier for users to access protected documents: Broader support for protected PDFs on mobile devices: We recognize that in today’s digital world, work doesn’t just happen on a corporate desktop – employees can access organizational data from anywhere in the world, on a broad variety of devices. To better enable secure access to this data, we are excited to share expanded support for documents encrypted and protected by Information Protection on mobile devices: 1-click support on Outlook mobile application: Now generally available on iOS and Android. In the Outlook app, we are also making it easier for authorized users to decrypt and view protected PDFs with just one click, without the need for additional tools or steps. OneDrive mobile application: Now generally available on iOS and in coming weeks on Android. Microsoft 365 mobile application: Now generally available on iOS and Android. Broader support for protected PDFs on web: As the global workforce spends more of its time working directly in browsers, we must also expand our support for protected documents on the web. We're happy to share that starting today, OneDrive and SharePoint Online users can now view protected PDFs directly from any browser – including Chrome, Firefox, and Safari – without the need to switch to desktop applications for rendering and decryption. This makes it easier for users to access and consume protected PDFs without disruption. These improvements augment support for Information Protection-defined usage rights restrictions that already exist in the Microsoft Edge browser, such as screen capture restrictions on Office files. Strengthening document protections with dynamic watermarking Earlier this year, weannounced dynamic watermarking in preview, which equips information protection admins with more robust document protections through sensitivity labels. This capability is available in public preview for all Information Protection customers with Information Protection Plan 2 (included in E5). When an admin enables the dynamic watermarking setting for a protected sensitivity label, files with that sensitivity label will render with dynamic watermarks when opened in Word, Excel, and PowerPoint. This deters collaborators or users who have access to the document from sharing its contents broadly, preventing sensitive data leakage and enabling easier attribution of leaks. Noteworthy classification updates to optical character recognition and named entity SITs Optical character recognition (OCR) enables Microsoft Purview to scan images for sensitive information. Examples include screenshots of sensitive documents, scanned forms, and pictures of proprietary data like Personal IDs or credit cards. OCR is billed to customers based on the number of images scanned In September of this year, we announced the availability of the OCR Cost estimator in public preview. The OCR cost estimator minimizes uncertainty due to lack of visibility or predictability into the total images you may incur costs for. It also breaks down a clear estimate by location for Exchange, Teams, SharePoint, OneDrive, and endpoints. Once you select “Try for free,” you will have 30 days to run estimates through the OCR cost estimator and configure settings based on the needs and budget of your organization. It can be run without setting up an Azure subscription, making it accessible to all organizations. We are also delighted to announce a significant expansion innamed entity sensitive information types (SITs). Named entity SITs play a crucial role in identifying and protecting sensitive data within documents such as person names, physical addresses, and health-related data. This is essential for ensuring compliance with various regulations and safeguarding privacy even across geographic regions. Recent improvements include: Expanded support for the detection of disease names to 26 additional languages. This enhancement enables more comprehensive protection of health-related information across a broader range of linguistic contexts. Expanded support for physical address detections to 7 additional countries: China, South Korea, Taiwan, Greenland, Russia, Ukraine, and South Africa. Get started You can try Microsoft Purview Information Protection and other Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial! Interactive guide:aka.ms/InfoProtectionInteractiveGuide Mechanics videoon how to automatically classify and protect documents and data Mechanics videoon AI-powered data classification And, lastly, join the Microsoft Purview DLP Customer Connection Program (CCP) to get information and access to upcoming capabilities in private previews in Microsoft Purview Information Protection. An active NDA is required. Click here to join. We look forward to your feedback. [1]2024 Data Security Index Report | Microsoft SecuritySafely activate your data estate with Microsoft Purview
60% of CDOs cite data integration challenges as a top pain-point due to lack of knowledge of where relevant data resides[1]. Companies operate on multi-platform, multi-cloud data estates making it harder than ever to seamlessly discover, secure, govern and activate data. This increases the overall complexity when enabling users to responsibly derive insights and drive business value from data. In the era of AI, data governance is no longer an afterthought, data security and data governance are now both table stakes. Data Governance is not a new concept but with the proliferation of AI and evolving regulatory landscape, data governance is critical for safeguarding data related to AI-driven business innovation. With 95% of organizations implementing or developing an AI strategy[2], customers are facing emerging governance challenges, such as: False signals: The lack of clean accurate data can cause false signals in AI which can trigger consequential business outcomes or lead to incorrect reported forecasting and regulatory fines. Time to insight: Data scientists and analysts spend 60-80% of their time on data access and preparation to feed AI initiatives which leads to staff frustration, increased OPEX, and delays in critical AI innovation priorities. Shadow innovation: Data innovation outside governance can increase business risks around data leakage, oversharing, or inaccurate outcomes. This is why federated governance has surfaced as a top priority across security and data leaders because it unlocks data innovation while maintaining appropriate data oversight to help minimize risks. Customers are seeking more unified solutions that enable data security and governance seamlessly across their complex data estate. To help customers better respond to these needs, Microsoft Purview unifies data security, data governance, and data compliance solutions across the heterogeneous data estate for the era of AI. Microsoft Purview also works closely with Microsoft Fabric to integrate capabilities that help seamlessly secure and govern data to help reduce risks associated with data activation across the Microsoft Intelligent Data Platform and across the Microsoft Cloud portfolio. Microsoft Fabricdelivers a pre-integrated and optimized SaaS environment for data teams to work faster together over secure and governed data within the Fabric environment. Combining the strengths of Microsoft Purview and Microsoft Fabric enables organizations to more confidently leverage Fabric to unlock data innovation across data engineers, analysts, data scientists, and developers whilst Purview enables data security teams to extend Purview advanced data security value and enables the central data office to extend Purview advanced data governance value across Fabric, Azure, M365, and the heterogenous data estate. Furthering this vision, today Microsoft is announcing 1. a new name for the Purview Data Governance solution, Purview Unified Catalog, to better reflect its growing catalog capabilities, 2. integration with new OneLake catalog, 3. a new data quality scan engine, 4. Purview Analytics in OneLake, and 5. expanded Data Loss Prevention (DLP) capabilities for Fabric lakehouse and semantic models. Introducing Unified Catalog: a new name for the visionary solution The Microsoft Purviewdata governance solution, made generally available in September, delivers comprehensive visibility, data confidence, and responsible innovation—for greater business value in the era of AI. The solution streamlines metadata from disparate catalogs and sources, like OneLake, Databricks Unity, and Snowflake Polaris, into a unified experience. To better reflect these comprehensive customer benefits, Microsoft Purview Data Catalog is being renamed to Microsoft Purview Unified Catalog to exemplify the growing catalog capabilities such as deeper data quality support for more cloud sources, and Purview Analytics in OneLake. Adata catalogserves as a comprehensive inventory of an organization's data assets. As the Microsoft Purview Unified Catalog continues to add on capabilities within curation, data quality, and third-party platform integration, the new Unified Catalog name reflects the current cross-cloud capability. This cross-cloud capability is illustrated in the figure below. This data product contains data assets from multiple different sources, including a Fabric lakehouse table, Snowflake Table and Azure Databricks Table. With the proper curation of analytics into data products, data users can govern data assets easier than ever. Figure 1: Curation of a data product from disparate data sources within Purview’s Unified Catalog Introducing OneLake catalog (Preview) As announced in the Microsoft Fabric blog earlier today, the OneLake catalog is a solution purpose-built for data engineers, data scientists, developers, analysts, and data consumers to explore, manage, and govern data in Fabric. The new OneLake catalog works with Purview by seamlessly connecting data assets governed by OneLake catalog into Purview Unified Catalog, enabling the central data office to centrally govern and manage data assets. The Purview Unified Catalog offers data stewards and data owners advanced capabilities for data curation, advanced data quality, end-to-end data lineage, and an intuitive global catalog that spans the data estate. For data leaders, Unified Catalog offers built-in reports for actionable insights into data health and risks and the ability to confidently govern data across the heterogeneous data estate. In figure 2, you can see how Fabric data is seamlessly curated into the Corporate Emissions Created by AI for CY2024 Data Product, built with data assets from OneLake. Figure 2: Data product curated with Fabric assets Introducing a new data quality scan engine for deeper data quality (Preview) Purview offers deeper data quality support, through a new data quality scan engine for big data platforms, including: Microsoft Fabric, Databricks Unity Catalog, Snowflake, Google Big Query, and Amazon S3, supporting open standard file and table formats. In short, this new scan engine allows businesses to centrally perform rich data quality management from within the Purview Unified Catalog. In Figure 3, you can see how users can run different data quality rules on a particular asset, in this case, a table hosted in OneLake, and when users click on “run quality scan”, the scanner runs a deep scan on the data itself, running the data quality rules in real time, and updating the quality score for that particular asset. Figure 3: Running a data quality scan on an asset living in OneLake Introducing Purview Analytics in OneLake (Preview) To further an organization’s data quality management practice, data stewards can now leverage a new Purview Analytics in OneLake capability, in preview, to extract tenant-specific metadata from the Purview Unified Catalog and publish to OneLake. This new capability enables deeper data quality and lineage investigation using the rich capabilities in Power BI within Microsoft Fabric. Figure 4: In Unified Catalog settings, a user can add self-serve analytics to Microsoft Fabric Figure 5: Curated metadata from Purview within Fabric Expanded Data Loss Prevention (DLP) capabilities for Fabric lakehouse and semantic models To broaden Purview data security features for Fabric, today we are announcing that the restrict access action in Purview DLP policies now extends to Fabric semantic models. With the restrict access action, DLP admins can configure policies to detect sensitive information in semantic models and limit access to only internal users or data owners. This control is valuable for when a Fabric tenant includes guest users and you want to limit unnecessary access to internal proprietary data. The addition of the restrict access action for Fabric semantic models augments the existing ability to detect upload of sensitive data to Fabric lakehouses announced earlier this year. Learn more about the new Purview DLP capabilities for Fabric lakehouses and semantic models in the DLP blog. Figure 6: Example of restricted access to a Fabric semantic model enforced through a Purview DLP policy. Summary With these investments in security and governance, Microsoft Purview is delivering on its vision to extend data protection customer value and innovation across your heterogenous data estate for reduced complexities and improved risk mitigation. Together Purview and Fabric set the foundations for a modern intelligent data platform with seamless security and governance to drive AI innovation you can trust. Learn more As we continue to innovate our products to expand the security and governance capabilities, check out these resources to stay informed. https://aka.ms/Try-Purview-Governance https://www.microsoft.com/en-us/security/business/microsoft-purview https://aka.ms/try-fabric [1] Top 7 Challenges in Data Integration and How to Solve Them | by Codvo Marketing | Medium [2] Microsoft internal research May 2023, N=638Empowering compliance in a complex regulatory landscape with Microsoft Purview Compliance Manager
As organizations increasingly adopt AI-driven solutions and multi-cloud environments, managing compliance across diverse and evolving regulatory frameworks has become critical. At Microsoft Ignite 2024, we are thrilled to showcase the latest innovations in Microsoft Purview Compliance Manager—designed to empower businesses to navigate complex regulations, like the EU AI Act, GDPR, DORA, NIS2, and more. Whether your organization is focused on data privacy, industry-specific standards, or AI governance, Compliance Manager provides the tools to help you proactively manage compliance, streamline risk mitigation and help ensure operational resilience. Let’s explore how these new features can support your compliance journey. Here’s What’s New in Compliance Management at Microsoft Ignite 2024 This year, Microsoft Purview Compliance Manager introduces powerful new capabilities designed to help organizations tackle today’s complex compliance landscape. With tools addressing AI governance and global data privacy regulations, Compliance Manager offers enhanced support for navigating regulatory requirements with greater ease and efficiency.' New Features: Custom Templates for Tailored Compliance Flexibility is key in the regulatory landscape. With Custom Templates, organizations can now modify compliance frameworks to match specific regulatory and operational needs. This feature empowers teams to configure regulations, making Compliance Manager a uniquely adaptable solution for your compliance management journey. Expanded Coverage with Key Global AI Regulations Compliance Manager regulatory scope has broadened to support both AI and other essential global frameworks, now covering the EU AI Act, NIST AI Risk Management Framework, and ISO standards 42001 and 23894. Beyond AI, we’ve added support for key regulations like DORA, NIST CSF 2.0, Indonesia’s PDP law, and Qatar’s Cloud Computing regulations, providing up-to-date support to address new and evolving requirements. EUAI Act Assessment. Pre-Deployment Compliance Tool For regulated industries, compliance validation has often been a roadblock to efficient cloud adoption. Our new Pre-Deployment Compliance Tool enables customers to assess the regulatory alignment of Azure services prior to production deployment. This feature helps accelerate the path to compliant cloud solutions, reducing validation time from weeks to hours. Compliance History Report for Enhanced Tracking Monitoring compliance trends is easier than ever with the new Compliance History Report. This tool provides a timeline view of your compliance score, making it simple to track progress, understand score changes, and address recurring issues, helping teams build a more proactive approach to compliance management. These new capabilities make Microsoft Purview Compliance Manager an essential asset for addressing complex regulatory requirements, supporting responsible AI, and empowering your organization to manage compliance confidently. Addressing Today’s Compliance Challenges with Microsoft Purview Compliance Manager Compliance Manager is tailored to help organizations address key regulatory challenges by providing a unified solution for managing, monitoring, and enhancing compliance efforts. Here are the primary challenges it helps solve: Navigating Complex Regulatory Landscapes: With an ever-growing set of regulations, Compliance Manager provides guidance and tools to monitor and respond to these evolving requirements. Data Privacy and Security Risks: Compliance Manager's automated tools help to identify risks and enforce privacy best practices, mitigating potential exposures and protecting sensitive data. Scaling Compliance Efforts: Compliance Manager enables scalability, helping organizations address both regional and industry-specific needs while maintaining a consistent compliance posture. AI Governance and Accountability: The EU AI Act and similar regulations are driving the need for transparent, accountable AI governance. Compliance Manager supports organizations in establishing ethical frameworks, tracking AI systems, and compliance with principles of fairness, transparency, and accountability. View your compliance score and recommended actions. Key Capabilities of Microsoft Purview Compliance Manager Microsoft Purview Compliance Manager offers a robust suite of features to streamline and automate compliance management across cloud environments: Unified Compliance Dashboard: A centralized dashboard offers real-time visibility into compliance scores, risk mitigation efforts and control implementation. This enables organizations to efficiently manage compliance across the data estate. Automated Compliance Checks: Compliance Manager reduces the time and effort required for compliance checks through automated assessments that recommend actions based on risk levels, helping you stay ahead of compliance demands. Multi-Cloud Support: Compliance Manager extends beyond Microsoft 365, offering support for Azure services, Amazon Web Services and Google Cloud services, providing a unified view of compliance across your digital ecosystem. AI Compliance suggested actions and workflow management for implementation of appropriate controls: With pre-built assessments and recommended actions aligned with AI governance requirements, Compliance Manager helps organizations adopt AI responsibly by providing specific insights to help implement controls aligned to regulatory requirements. How Compliance Manager Supports the EU AI Act and Other Key Regulations Microsoft Purview Compliance Manager simplifies regulatory alignment for critical frameworks, such as the EU AI Act, by providing: Pre-Built Assessment Templates: These templates guide organizations through EU AI Act requirements, identifying gaps and recommending corrective actions to facilitate compliance workflows. Continuous Monitoring: Ongoing monitoring of AI systems supports alignment with responsible AI principles, such as transparency, fairness, and accountability. AI Governance Capabilities: Compliance Manager supports audit trails for AI use, helping customers ensure that AI-driven decisions comply with legal standards and corporate policies. Accelerating Cloud Innovation with Purview Compliance Manager’s Pre-deployment Compliance Tool Pre-deployment Compliance Tool, one of the latest features in Purview Compliance Manager, is a game changer designed to accelerate cloud adoption for regulated industries. This tool enables Microsoft customers to validate complex service compliance requirements during pre-deployment, streamlining the path to cloud adoption and reducing compliance process time with automation. Begin Your Compliance Journey: Try Microsoft Purview Compliance Manager for Free To experience the full capabilities of Microsoft Purview Compliance Manager, start a free trial and explore how it can simplify and automate your compliance efforts. Steps to Begin Your Trial: Start Your Free Trial: Sign up at aka.ms/PurviewTrial to begin your free trial of Microsoft Purview Compliance Manager premium assessments. Learn More: Visit the Microsoft Learn page for resources, best practices, and tutorials on setting up Compliance Manager.Unleashing the power of Microsoft Purview with Security Copilot
With cyber threats escalating in scale and complexity, generative AI (GenAI) is redefining data security by enabling faster, smarter threat detection and response. Unlike traditional security systems, which often rely on rigid rules and past patterns, GenAI continuously learns and adapts, identifying anomalies and suspicious activities that would otherwise remain undetected. Recent research underscores this shift, showing that organizations using AI-powered security solutions can cut data breach costs by as much as 22%[1] and reduce incident response times by up to 50%[2], marking a major leap forward in protecting critical data. GenAI is also transforming the way investigations are conducted, helping security teams delve deeper into complex incidents with speed and precision. By automating the analysis of massive datasets, GenAI can uncover critical insights in minutes, rather than days. This rapid investigative power not only enhances response times but also strengthens predictive security measures, empowering organizations to stay ahead of emerging threats in an increasingly volatile cyber landscape. That’s why today we’re thrilled to announce the most recent integrations of Security Copilot with Microsoft Purview, taking data security teams’ experience and investigations to the next level. Fortifying data security posture with the power of generative AI Visibility into data and user activities is considered vital for most organizations to understand the efficacy of their data security programs. Today we are excited to announce the public preview of Microsoft Purview Data Security Posture Management (DSPM), that for the first time brings together insights from Microsoft Purview Information Protection, Data Loss Prevention, and Insider Risk Management in a centralized place, providing visibility into data security risks and recommending controls to protect data. DSPM offers contextual insights into data, its usage, and continuous risk assessment of your evolving data landscape, and it can be enhanced by Security Copilot for deeper investigations and uncovering unseen risks with AI-powered insights. With Security Copilot embedded in DSPM, organizations can gain more out of DSPM by accessing GenAI-powered insights in natural language. Data Security teams can conduct deeper investigations to better understand potential risks to their data. DSPM with the embedded Security Copilot capabilities will help teams get started and prioritize their efforts through: Starting suggested prompts: These are contextually relevant insights for the top data risks in your organizations such as ‘Which sensitive files were shared outside the org from SharePoint last week?”. Right in the DSPM experience, your teams can see five categories such as ‘alerts to prioritize’, ‘sensitive data leaks detected’, ‘devices at risk’, and ‘risky sequenced activity’. Suggested prompts: Building on the response to these starting prompts or user-entered open prompt, Copilot provides suggested prompts to guide you through a recommended path of investigation. Open prompts: You can further customize your analysis by using open prompts allowing you to explore investigations in many directions across data sets, alerts, users, and activities. Security Copilot in DSPM enables teams to discover previously unseen risks and accelerate data security by suggesting scenarios and prompts that can help triage and prioritize risks. Through these guided investigations, Copilot makes it easy to onboard newer team members and drive greater efficiency for experienced team members. Learn more about DSPM in our documentation and deep dive video. This capability will be available in public preview within the coming weeks. New enhancements to embedded Security Copilot experiences in Purview Data Loss Prevention We are also excited to announce new Security Copilot skills in public preview that are embedded in Purview DLP to assist admins. These capabilities augment the embedded & standalone Security Copilot-powered alert summarization experiences that are already available in Purview DLP. The new enhanced hunting prompts in Security Copilot allow for a deeper dive into DLP alert summaries (to complement enhanced hunting prompts in IRM summary that are already in preview) providing detailed exploration of data and users involved in incidents. This includes actions taken on the data and the specific sensitive information type (SIT) that triggered the alert. Additionally, Security Copilot now guides admins through analyzing insights within Activity Explorer. Pre-built prompts offer a birds-eye view of top activities detected over the past week, such as DLP rule matches or sensitive data used in M365 Copilot interactions. With Security Copilot, admins can also use natural language to apply the correct investigation filters to pinpoint specific activities or data. One of the persistent challenges for DLP admins has been quickly and easily grasping the full extent of their DLP policies' coverage across the environment. The new Security Copilot-powered policy insights skill addresses this by summarizing the intent, scope, and resulting matches of existing DLP policies in natural language. This skill provides insights such as the DLP policies deployed for each workload (like SharePoint or Exchange), the sensitive information types they aim to detect, and the number of rule matches associated with those policies. With this information, security admins can swiftly identify and address any protection gaps. You might ask something like “do my DLP policies cover my organization for PII information” or “What policies protect my OneDrive sites". Upskilling data security, compliance and governance with generative AI We are also thrilled to announce new Security Copilot and Purview capabilities for beyond just data security. The eDiscovery quick case summarization feature is designed to streamline case management by providing an intuitive, at-a-glance overview. This new capability allows users to quickly access a comprehensive summary of eDiscovery cases, holds, and searches, eliminating the need to navigate through multiple tabs. It consolidates information into a single, easy-to-understand summary, displaying status, statistics of completed actions, pending tasks, and ongoing jobs. This feature significantly reduces the time needed for investigations when dealing with large amounts of evidence data. eDiscovery also leverages AI to build search queries by generating keyword query language from natural language (NL2KeyQL) -already in Public Preview Other capability we’re making available now is theKnowledge Base Copilot, crafted to improve user experience by offering instant answers to general questions about the Purview platform and its solutions, utilizing public Microsoft documentation. The prompt cards are dynamically displayed based on the page context. It supports both open-prompt and zero-prompt interactions, allowing users to either submit any prompt they wish or engage with pre-defined prompts for immediate responses. This Copilot experience aims to resolve customer complaints about navigating documentation by providing direct answers to their questions, minimizing the need to open multiple tabs and search through links. Knowledge Base Copilot is a global capability accessible through the Purview portal and provides answers to queries related to all Purview solutions and capabilities. Get started Learn more about Copilot for Security in Purview with Microsoft Documentation. If you are a security partner interested in using Microsoft Security Copilot with your solutions, please sign up to join theSecurity Copilot Partner Ecosystem. Stay up to date on our Microsoft Purview features through theMicrosoft 365 Roadmap for Microsoft Purview. Learn more about these solutions in theMicrosoft Purview compliance portal. Visit your Microsoft Purview compliance portal toactivate your free trialand begin using our new features. An active Microsoft 365 E3 subscription is required as a prerequisite to activate the free trial. Join the community -https://aka.ms/JoinCCP Get started with Microsoft Copilot for Security -Get started with Microsoft Copilot for Security - Training | Microsoft Learn Copilot for Security Ninja -How to Become a Microsoft Copilot for Security Ninja: The Complete Level 400 Training Microsoft Copilot for Security Community Github -GitHub - Azure/Copilot-For-Security: Microsoft Copilot for Security is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale, while remaining com [1] AI reduces data breach lifecycles and costs, Security Intelligence (2023) [2] Secureworks Threat Score Ushers In a New Age of Cybersecurity AI | Secureworks (2024)Simplify & scale data protection in the era of AI with Microsoft Purview Data Loss Prevention
Securing the use of AI may be a daunting charter for many security teams, but it is clear and present need in the modern workplace: 40% of organizations report that their AI apps have already been breached or compromised in a data security incident [1]. As AI technology drives data generation in unprecedented volumes, the need to secure organizational data and prevent loss of sensitive information becomes even more crucial. We believe that a scalable and proactive data security strategy for AI starts with a strong DLP foundation. That's why we continue to invest in data loss prevention that adapts and scales to the contemporary challenges faced by data security teams. Today, Microsoft Purview Data Loss Prevention is announcing several new capabilities that extend DLP protections to new surfaces such as Microsoft 365 Copilot, unlock insights and investigation abilities for DLP admins by leveraging AI, and fortify core data loss prevention controls & coverage: Extended protection: New capabilities that extend our best-of-breed data protection across your modern data ecosystem, including the introduction of DLP controls for Microsoft 365 Copilot and enhancements to endpoint DLP controls on macOS. Strengthened protection: Capabilities that strengthen core data protections on endpoint devices, including expanding file type coverage for endpoint DLP and new blanket protections for non-scannable file types. Streamlined investigation & insights: Capabilities designed to simplify the admin experience as you investigate DLP incidents and look to address gaps in protection, such as new Security Copilot skills in Purview and the new Power Automate connector. Introducing Microsoft Purview Data Loss Prevention for Microsoft 365 Copilot Data oversharing and leakage is top of mind for organizations adopting generative AI technologies, including Microsoft 365 Copilot – 80% of business leaders cite data leakage by employees using AI as their top concern regarding generative AI adoption. [2] Today, we are excited to announceMicrosoft Purview DLP for Microsoft 365 Copilot in public preview to help reduce the risk of AI-related oversharing at scale. With DLP for M365 Copilot, data security admins can now create DLP policies to exclude documents with specified sensitivity labels from being summarized or used in responses in M365 Copilot Business Chat. This capability, which currently works with Office files and PDFs in SharePoint, helps ensure that potentially-sensitive content within a labeled document is not readily available to users to copy and paste into other applications or processed by M365 Copilot for grounding data. An example of such content includes confidential legal documents with highly specific semantic that could lead to improper guidance if summarized by AI or modified by end users. This can also apply to "Internal only” documents with data that shouldn’t be copy & pasted into emails sent outside of the organization. This capability can be configured for a specific sensitivity label at a file, group, site, and/or user level, giving you the flexibility to scope the policy based on the needs of your organization. For example, if you have users who are privy to a Merger and Acquisition (M&A) and scoped into an M&A group, you can design your DLP for M365 Copilot policy to prevent Copilot from summarizing M&A-labeled documents for everyone except those in the M&A group. As a reminder, M365 Copilot already has the ability to honor Microsoft Purview Information Protection sensitivity label access settings such as item-level view and extract restrictions when referencing sensitive documents. With this new DLP capability, admins can more easily exclude sensitive content from being used by M365 Copilot for all items with the specified sensitivity label. Read more about new capabilities in Microsoft Purview that support secure generative AI adoption here, and learn more about how Data Security Posture Management (DSPM) for AI, previously known as AI hub, is providing data security admins with visibility into risky generative AI interactions in this blog. Extending additional protections across the data estate Last month, we also announced support forMicrosoft Purview Data Loss Prevention for Fabric items. This capability allows you to apply Purview DLP policies to detect the upload of sensitive data, like social security numbers to a lakehouse in Fabric. If detected, the event will automatically be audited. This can also alert the admin and even surface a custom policy tip to data owners to take action and remedy non-compliance with the policy. Today, we are extending the restrict access action in Purview DLP policies to Fabric semantic models. With support for this restrict access action in Fabric, admins can configure policies that will automatically detect sensitive information in semantic models and limit access to internal users or data owners. This control is especially valuable when your tenant includes guest users, and you want to enforce proper restrictions to ensure these users do not accidentally access sensitive information like internal proprietary data. Alongside the introduction of Purview DLP capabilities for M365 Copilot and Fabric, we are broadening our capabilities on macOS devices: Support for archive files, now in public preview: Detect when files are created and added to archives and apply restrictions to archive files when they contain sensitive information. This helps reduce the risk of exfiltration through concealment in archive files on macOS (.zip, .zipx, .rar, .7z, .tar, and .gz file formats). Just-in-time (JIT) protection, now in public preview: With just-in-time protection, admins can proactively secure files containing sensitive information – regardless of type – that may not have been interacted with for a long time by applying restrictions upon egress. JIT suspends the egress operation and performs an evaluation against organizational policies before resuming the operation. JIT can also be enforced for scenarios based on network location, such as printing files on personal versus corporate networks. This capability is also available on Windows devices. Support for web-based activities, now in public preview: These controls, already available in Windows, apply to printing, saving, and copying of web content on macOS. Strengthening core data protections and posture Though data protection controls for genAI and the use of AI as a productivity driver for admins is top of mind for many security teams, we are also committed to strengthening the robustness and reliability of our foundational DLP capabilities. This fortifies protections for your existing data estate and builds the resilience of your data security program as AI-generated data proliferates. In this spirit, we are pleased to share several new improvements to Purview endpoint DLP controls, including: Extended file type coverage for endpoint DLP in public preview: We are greatly expanding the breadth of scannable file types (110+) and extraction limits for endpoint DLP on Windows devices. Not only does this broaden coverage across your environment but also helps ensure that files covered by DLP policies are protected in a consistent way across workloads. This improvement will begin rolling out to customers this month and continue worldwide in the coming weeks. Blanket protections for non-supported file types in public preview: Enforce blanket-level protections for file types that Purview endpoint DLP does not currently scan and classify, ensuring that the diverse range of file types found in your environment are still protected. For example, DLP admins can now prevent copying to USB for all CAD files, regardless of their contents. Pause and resume now generally available: This enhancement to endpoint DLP automatically resumes an initial task such as copying to USB or network share when an end user overrides a policy tip. This helps minimize end user disruption and enables more seamless interaction with sensitive data without sacrificing security. On top of strengthening the breadth & depth of Purview DLP controls, we are doubling down on ways to help admins continuously assess the efficacy and coverage of their DLP programs. Therefore, we are excited to announce the new DLP policy insights skill in Security Copilot in public preview. Historically, the ability to quickly & easily understand the full breadth of DLP policy coverage across the organization has proved a challenging task for many DLP admins. In some organizations, admins have inherited or migrated hundreds, sometimes thousands, of DLP policies that were created in legacy DLP tools and pieced together for coverage. However, environment-wide visibility is critical to ensuring that there are no gaps in protection for business-critical workloads. The embedded Security Copilot-powered policy insights skill summarizes the intent, scope, and resulting matches of existing DLP policies in natural language. Some of the insights provided by the policy insights skill include DLP policies deployed for each workload (such as SharePoint or Exchange), the sensitive information types they are designed to detect, and the number of associated rule matches to those policies. This helps admins quickly identify and address gaps in protection. Purview is also introducing a new platform feature that correlates insights from Purview DLP with insights from Microsoft Purview Information Protection and Microsoft Purview Insider Risk Management to provide data security admins with a more holistic, actionable view of their data security posture. Starting today, Microsoft Purview Data Security Posture Management (DSPM), is now available in public preview in the Purview portal. DSPM offers unified visibility of data risks across your environment with prioritized recommendations for reducing those risks – this includes 1-click DLP policy recommendations designed to address top unresolved data loss risks. To learn more about DSPM in Purview, visit the blog. Streamlining admin investigations & insights Data security teams face an average of 66 alerts per day – up from 52 in 2023 – and only triage 63% of those daily alerts. Furthermore, organizations are experiencing an average of 156 data security incidents annually [3]. Quick triage, investigation, and remediation is key to mitigating downstream financial and infrastructural impact. However, the vast volume of alerts, data sources, and policies for those data sources can make it difficult for admins to prioritize data risks, investigate DLP incidents, and understand how to optimize their DLP program. New enhancements to embedded Security Copilot experiences in Purview DLP We are excited to announce two additional Security Copilot skills in public preview to assist admins with the challenges they face: enhanced hunting & investigation prompts and Activity Explorer prompts for targeted navigation and queries. These capabilities augment the embedded & standalone Security Copilot-powered alert summarization experiences that are already available in Purview DLP: New enhanced hunting prompts let you drill down a step further from Security Copilot-generated alert summaries to gain further context surrounding the data and users behind an incident. Such detail could include the activity performed on the data and the sensitive information type (SIT) detected that resulted in the alert. New Activity Explorer prompts assist admins as they navigate and dive deeper into Activity Explorer insights. For example, pre-built prompts can provide admins with a birds’ eye view of the top activities detected in their environment over the past week such as DLP rule matches or sensitive data used in M365 Copilot interactions. Inversely, admins can prompt Security Copilot to apply the correct investigation filters to Activity Explorer to pinpoint the specific activities or data that they want to narrow in on. Improved support for data security forensic investigations Starting today, the ability to store copies of full files that resulted in a DLP policy match on Windows endpoints is now in public preview worldwide. Customers have the option to store this file evidence in Microsoft-managed storage, or link Azure blob storage to their Purview tenant. With the Microsoft-managed option, admins can save time otherwise spent configuring additional settings, assigning permissions, and selecting the storage in the policy workflow. However, both storage options are available to customers based on the needs of their organizations. Learn more here. Customizing DLP processes & investigations with Power Automate and in Defender XDR We are also investing in ways to customize Purview DLP to the needs and established processes of your organization. Today, we are announcing the availability of the Power Automate connector in public preview, which enables admins to trigger Power Automate workflows as a DLP policy action. Configure a custom Power Automate workflow as a DLP policy action. This integration unlocks automation and customization options for DLP admins, who can now fold DLP incidents into new or established IT, security, and business operations workflows, such as for stakeholder awareness and remediation. Examples include email notifications to managers of policy violations made by their employees or automatically deleting or moving files in SharePoint that are frequently overshared. To make it easier for customers to get started, the integration will include a pre-built Power Automate template to notify managers in Outlook when policy rules are triggered by their employees. However, you can also start building unique Power Automate workflows, such as creating a ticket in your organization’s IT service management tool of choice when DLP policy conditions are met. Enhanced filtering options for DLP alerts in Defender XDR For teams that prefer to centralize their data security incident investigations in Microsoft Defender XDR, we are announcing additional rich filter options for Purview DLP alerts in public preview. In the Defender XDR Incidents view, you can now streamline alert triage and investigation even further with the ability to apply a specific DLP policy, DLP rule, or DLP workload as a filter. This helps admins better understand the data activities and sources that trigger the most alerts and ultimately drive the most downstream impact and risk. & policy rule Get started You can try Microsoft Purview DLP and other Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial! Already have a Windows 10 and 11 device? You can get started easily by turning on endpoint DLP, which is built into your device and does not require an agent or on-premises component. Interested in how Microsoft 365 Copilot can transform the way you work? Contact your Microsoft representative to learn how you can add M365 Copilot to your existing subscription. Additional resources DLP whitepaper on moving from on-premises to cloud native DLP. Mechanics video on how to create one DLP policy that works across your workloads. Updated interactive guides on DLP policy configuration, management, and investigations. Frequently asked questions on DLP for endpoints. Investigating Microsoft Purview DLP alerts in the Microsoft Defender XDR portal. Customer stories to learn why leading enterprises rely on Microsoft Purview DLP. And, lastly, join the Microsoft Purview DLP Customer Connection Program (CCP) to get information and access to upcoming capabilities in private previews in Microsoft Purview Data Loss Prevention. An active NDA is required. Click here to join. We look forward to your feedback. Thank you, The Microsoft Purview Data Loss Prevention Team [1, 3] 2024 Data Security Index Report | Microsoft Security [2] Data security market research, n = 638, commissioned by Microsoft
