Safeguard & Protect Your Custom Copilot Agents (Cyber Dial Agent)
Overview and Challenge Security Operations Centers (SOCs) and InfoOps teams are constantly challenged to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Analysts often spend valuable time navigating multiple blades in Microsoft Defender, Purview, and Defender for Cloud portals to investigate entities like IP addresses, devices, incidents, and AI risk criteria. Sometimes, investigations require pivoting to other vendors’ portals, adding complexity and slowing response. Cyber Dial Agent is a lightweight agent and browser add-on designed to streamline investigations, minimize context switching, and accelerate SecOps and InfoOps workflows. What is Cyber Dial Agent? The Cyber Dial Agent is a “hotline accelerator” that provides a unified, menu-driven experience for analysts. Instead of manually searching through multiple portals, analysts simply select an option from a numeric menu (1–10), provide the required value, and receive a clickable deep link that opens the exact page in the relevant Microsoft security portal. Agent base experience The solution introduces a single interaction model: analysts select an option from a numeric menu (1–10), provide the required value, and receive a clickable deep link that opens the exact page in the Microsoft Defender, Microsoft Purview, Microsoft Defender for Cloud portal. Browser based add-on experience The add-on introduces a unified interaction model: analysts select an option from a numeric menu (1–10), enter the required value, and are immediately redirected to the corresponding entity page with full details provided. Why It Matters Faster Investigations: Analysts pivot directly to the relevant entity page, reducing navigation time by up to 60%. Consistent Workflows: Standardized entry points minimize errors and improve collaboration across tiers. No Integration Overhead: The solution uses existing Defender and Purview URLs, avoiding complex API dependencies. Less complex for the user who is not familiar with Microsoft Defender/Purview Portal. Measuring Impact Track improvements in: Navigation Time per Pivot MTTD and MTTR Analyst Satisfaction Scores Deployment and Setup Process: Here’s a step-by-step guide for importing the agent that was built via Microsoft Copilot Studio solution into another tenant and publishing it afterward: Attached a direct download sample link, click here ✅ Part 1: Importing the Agent Solution into Another Tenant Important Notes: Knowledge base files and authentication settings do not transfer automatically. You’ll need to reconfigure them manually. Actions and connectors may need to be re-authenticated in the new environment. ✅ Part 2: Publishing the Imported Agent Here’s a step-by-step guide to add your browser add-on solution in Microsoft Edge (or any modern browser): ✅ Step 1: Prepare and edit your add-on script Copy the entire JavaScript snippet you provided, starting with: javascript:(function(){ const choice = prompt( "Select an option to check the value in your Tenant:\n" + "1. IP Check\n" + "2. Machine ID Check\n" + "3. Incident ID Check\n" + "4. Domain-Base Alert (e.g. mail.google.com)\n" + "5. User (Identity Check)\n" + "6. Device Name Check\n" + "7. CVE Number Check\n" + "8. Threat Actor Name Check\n" + "9. DSPM for AI Sensitivity Info Type Search\n" + "10. Data and AI Security\n\n" + "Enter 1-10:" ); let url = ''; if (choice === '1') { const IP = prompt("Please enter the IP to investigate in Tenant:"); url = 'https://security.microsoft.com/ip/' + encodeURIComponent(IP) + '/'; } else if (choice === '2') { const Machine = prompt("Please enter the Device ID to investigate in Tenant:"); url = 'https://security.microsoft.com/machines/v2/' + encodeURIComponent(Machine) + '/'; } else if (choice === '3') { const IncidentID = prompt("Please enter the Incident ID to investigate in Tenant:"); url = 'https://security.microsoft.com/incident2/' + encodeURIComponent(IncidentID) + '/'; } else if (choice === '4') { const DomainSearch = prompt("Please enter the Domain to investigate in Tenant:"); url = 'https://security.microsoft.com/url?url=%27 + encodeURIComponent(DomainSearch); } else if (choice === %275%27) { const userValue = prompt("Please enter the value (AAD ID or Cloud ID) to investigate in Tenant:"); url = %27https://security.microsoft.com/user?aad=%27 + encodeURIComponent(userValue); } else if (choice === %276%27) { const deviceName = prompt("Please enter the Device Name to investigate in Tenant:"); url = %27https://security.microsoft.com/search/device?q=%27 + encodeURIComponent(deviceName); } else if (choice === %277%27) { const cveNumber = prompt("Enter the CVE ID | Example: CVE-2024-12345"); url = %27https://security.microsoft.com/intel-profiles/%27 + encodeURIComponent(cveNumber); } else if (choice === %278%27) { const threatActor = prompt("Please enter the Threat Actor Name to investigate in Tenant:"); url = %27https://security.microsoft.com/intel-explorer/search/data/summary?&query=%27 + encodeURIComponent(threatActor); } else if (choice === %279%27) { url = %27https://purview.microsoft.com/purviewforai/data%27; } else if (choice === %2710%27) { url = %27https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/AscInformationProtection'; } else { alert("Invalid selection. Please refresh and try again."); return; } if (!url) { alert("No URL generated."); return; } try { window.location.assign(url); } catch (e) { window.open(url, '_blank'); } })(); Make sure it’s all in one line (bookmarklets cannot have line breaks). If your code has line breaks, you can paste it into a text editor and remove them. ✅ Step 2: Open Edge Favorites Open Microsoft Edge. Click the Favorites icon (star with three lines) or press Ctrl + Shift + O. Click Add favorite (or right-click the favorites bar and choose Add page). ✅ Step 3: Add the Bookmark Name: Microsoft Cyber Dial URL: Paste the JavaScript code you copied (starting with javascript:). Click Save. ✅ Step 4: Enable the Favorites Bar (Optional) If you want quick access: Go to Settings → Appearance → Show favorites bar → Always (or Only on new tabs). ✅ Step 5: Test the Bookmarklet Navigate to any page (e.g., security.microsoft.com). Click Microsoft Cyber Dial from your favorites bar. A prompt menu should appear with options 1–10. Enter a number and follow the prompts. ⚠ Important Notes Some browsers block javascript: in bookmarks by default for security reasons. If it doesn’t work: Ensure JavaScript is enabled in your browser. Try running it from the favorites bar, not the address bar If you see encoding issues (like %27), replace them with proper quotes (' or "). Safeguard, monitor, protect, secure your agent: Using Microsoft Purview (DSPM for AI) https://purview.microsoft.com/purviewforai/ Step-by-Step: Using Purview DSPM for AI to Secure (Cyber Dial Custom Agent) Copilot Studio Agents: Prerequisites Ensure users have Microsoft 365 E5 Compliance and Copilot licenses. Enable Microsoft Purview Audit to capture Copilot interactions. Onboard devices to Microsoft Purview Endpoint DLP (via Intune, Group Policy, or Defender onboarding). Deploy the Microsoft Purview Compliance Extension for Edge/Chrome to monitor web-based AI interactions. Access DSPM for AI in Purview Portal Go to the https://compliance.microsoft.com. Navigate to Solutions > DSPM for AI. Discover AI Activity Use the DSPM for AI Hub to view analytics and insights into Copilot Studio agent activity. See which agents are accessing sensitive data, what prompts are being used, and which files are involved. Apply Data Classification and Sensitivity Labels Ensure all data sources used by your Copilot Studio agent are classified and labeled. Purview automatically surfaces the highest sensitivity label applied to sources used in agent responses. Set Up Data Loss Prevention (DLP) Policies Create DLP policies targeting Copilot Studio agents: Block agents from accessing or processing documents with specific sensitivity labels or information types. Prevent agents from using confidential data in AI responses. Configure Endpoint DLP rules to prevent copying or uploading sensitive data to third-party AI sites. Monitor and Audit AI Interactions All prompts and responses are captured in the unified audit log. Use Purview Audit solutions to search and manage records of activities performed by users and admins. Investigate risky interactions, oversharing, or unethical behavior in AI apps using built-in reports and analytics. Enforce Insider Risk and Communication Compliance Enable Insider Risk Management to detect and respond to risky user behavior. Use Communication Compliance policies to monitor for unethical or non-compliant interactions in Copilot Studio agents. Run Data Risk Assessments DSPM for AI automatically runs weekly risk assessments for top SharePoint sites. Supplement with custom assessments to identify, remediate, and monitor potential oversharing of data by Copilot Studio agents. Respond to Recommendations DSPM for AI provides actionable recommendations to mitigate data risks. Activate one-click policies to address detected issues, such as blocking risky AI usage or unethical behavior. Value Delivered Reduced Data Exposure: Prevents Copilot Studio agents from inadvertently leaking sensitive information. Continuous Compliance: Maintains regulatory alignment with frameworks like NIST AI RMF. Operational Efficiency: Centralizes governance, reducing manual overhead for security teams. Audit-Ready: Ensures all AI interactions are logged and searchable for investigations. Adaptive Protection: Responds dynamically to new risks as AI usage evolves. Example: Creating a DLP Policy in Microsoft Purview for Copilot Studio Agents In Purview, go to Solutions > Data Loss Prevention. Select Create Policy. Choose conditions (e.g., content contains sensitive info, activity is “Text sent to or shared with cloud AI app”). Apply to Copilot Studio agents as the data source. Enable content capture and set the policy mode to “Turn on.” Review and create the policy. Test by interacting with your Copilot Studio agent and reviewing activity in DSPM for AI’s Activity Explorer. ✅ Conclusion The Cyber Dial Agent combined with Microsoft Purview DSPM for AI creates a powerful synergy for modern security operations. While the Cyber Dial Agent accelerates investigations and reduces context switching, Purview DSPM ensures that every interaction remains compliant, secure, and auditable. Together, they help SOC and InfoSec teams achieve: Faster Response: Reduced MTTD and MTTR through streamlined navigation. Stronger Governance: AI guardrails that prevent data oversharing and enforce compliance. Operational Confidence: Centralized visibility and proactive risk mitigation for AI-driven workflows. In an era where AI is deeply integrated into security operations, these tools provide the agility and control needed to stay ahead of threats without compromising compliance. 📌 Guidance for Success Start step-by-step: Begin with a pilot group and a limited set of policies. Iterate Quickly: Use DSPM insights to refine your governance model. Educate Users: Provide short training on why these controls matter and how they protect both the organization and the user. Stay Current: Regularly review Microsoft Purview and Copilot Studio updates for new features and compliance enhancements. 🙌 Acknowledgments A special thank you to the following colleagues for their invaluable contributions to this blog post and the solution design: Zaid Al Tarifi – Security Architect, Customer Success Unit, for co-authoring and providing deep technical insights that shaped this solution. Safeena Begum Lepakshi – Principal PM Manager, Microsoft Purview Engineering Team, for her guidance on DSPM for AI capabilities and governance best practices. Renee Woods – Senior Product Manager, Customer Experience Engineering Team, for her expertise in aligning the solution with customer experience and operational excellence. Your collaboration and expertise made this guidance possible and impactful for our security community.People of Purview: Elie El Karkafi
How long have you been working with Microsoft products? I am a Microsoft MVP in Security and a results-driven and dedicated Senior Solutions Architect with more than 14 years of professional experience in Microsoft Technologies. I have in-depth experience in Cloud, Security, Enterprise Mobility, Messaging & Collaboration, and IT Infrastructure. I am dedicated to customer satisfaction with focused delivery of technical solutions. I'm a proven leader in directing operations, maintenance, and support of complex systems. Highly adept in request for proposal development, technology needs assessment and staff training. How (and when) did you get involved in the Microsoft Community? (MCCP, MVP) Tell us about your journey! I became a member of the Microsoft Customer Connection Program (MCCP) in 2022 and was honored with the Microsoft MVP award in Security in 2023. Throughout my time in the MCCP, I’ve consistently contributed valuable insights and feedback to help enhance Microsoft Security products. Over the past years, I’ve been recognized as one of the top contributors across several MCCP focus areas—ranking second in Security, and first in Identity, Management, and Purview in the last two years. My contributions have earned me multiple accolades, including the Community Rockstar Award and Community Leader Awards in Security, Management, Entra, and Purview, along with several Partner of the Month honors. My engagement spans more than 150 private previews, 200 surveys, 50 focus groups, and 50 one-on-one feedback sessions with Microsoft product teams. I’ve been actively involved in shaping the future of AI and Microsoft Security Copilot, including identifying and resolving bugs in Copilot for Entra and Purview. As a Security Design Partner, I’ve collaborated directly with Microsoft designers on key features such as XDR Case Management and Microsoft Entra Conditional Access Optimization Agent. The MVP recognition not only validates my expertise but also enhances my professional credibility, supporting both client engagements and career growth. Being an MVP provides early access to Microsoft products and services, allowing me to deliver cutting-edge solutions. It also opens direct communication channels with Microsoft product teams, enabling me to influence product development and stay informed about upcoming features and roadmaps. What do you find most rewarding about being a community member? Being part of Microsoft Customer Connection Program (MCCP) significantly enhanced and diversified my skill sets in many ways: Product Innovation: Contributed to the enhancement of Microsoft products—specifically Defender, Sentinel, Entra, Purview, and Intune—by supporting the development of new features and improved functionalities. Community Empowerment: Actively supported peers in engaging with Microsoft Customer Connection Programs (MCCP), helping them amplify their impact through increased contributions and facilitating more direct interactions with product teams. Program Advocacy: Championed participation in Microsoft initiatives by providing strategic feedback and encouraging broader community involvement to drive continuous improvement. Collaborative Development: Partnered closely with Microsoft Product Groups and UX Designers, delivering in-depth user feedback to influence product direction and usability. Program Shaping: Leveraged personal experience within Microsoft programs to help co-develop and refine these initiatives in collaboration with internal teams. Tool Creation: Designed and launched a security calculator—originally built for internal use—which is now widely adopted by CCP members to assess and compare Microsoft security solutions and simulate associated costs. What advice do you have for others who would like to get involved in their Microsoft Community? To all Folks, look for opportunities to join programs like the Microsoft Customer Connection Program (MCCP), MVP program, or private previews. These give you direct access to product teams and a chance to influence development through feedback. Don’t be afraid to ask questions, share your experiences, or offer help. Even small contributions like answering a question or sharing a tip can make a big impact and help you build credibility Community involvement is a journey. Stay curious, keep learning, and show up regularly. Over time, your presence and contributions will be recognized!!! And the most important thing is to stay humble!!! Do you have anything you’d like to promote or recommend? (your blog or podcast, an article you recommend, a book everyone should read, etc) Security Calculator that I Built: Login - Microsoft Security Calculator Personal website where my blogs are posted : Elie El Karkafi - MVP - Personal Blog LinkedIn Page: (1) Elie El Karkafi | LinkedIn Credly Profile: https://www.credly.com/users/eliekarkafy MVP Profile: MVP Communities --- Elie is based in Dallas, Texas and is a Senior Solutions Architect at ampiO Solutions. (Listen.Develop.Deliver - ampiO Solutions) Banner photos (above) are from Elie's trip to Spain visiting Santiago Bernabeu stadium as he is a fan of Real Madrid football Team. ____________________________________________________________________________________ Stay tuned to meet more People of Purview! If you would like to get involved with the Microsoft Security Community, here are some quick actions you can take: Log in (here, on Tech Community!) and follow: The Purview Community - post questions, respond to community members The all-up Microsoft Security Blog Join the Security Community mailing list Join the Customer Connection Program Check out this Community Choice article for a comprehensive list of Microsoft Security Community offerings.Purview Webinars
REGISTER FOR ALL WEBINARS HERE Upcoming Microsoft Purview Webinars JULY 15 (8:00 AM) Microsoft Purview | How to Improve Copilot Responses Using Microsoft Purview Data Lifecycle Management Join our non-technical webinar and hear the unique, real life case study of how a large global energy company successfully implemented Microsoft automated retention and deletion across the entire M365 landscape. You will learn how the company used Microsoft Purview Data Lifecyle Management to achieve a step up in information governance and retention management across a complex matrix organization. Paving the way for the safe introduction of Gen AI tools such as Microsoft Copilot. 2025 Past Recordings JUNE 10 Unlock the Power of Data Security Investigations with Microsoft Purview MAY 8 Data Security - Insider Threats: Are They Real? MAY 7 Data Security - What's New in DLP? MAY 6 What's New in MIP? APR 22 eDiscovery New User Experience and Retirement of Classic MAR 19 Unlocking the Power of Microsoft Purview for ChatGPT Enterprise MAR 18 Inheriting Sensitivity Labels from Shared Files to Teams Meetings MAR 12 Microsoft Purview AMA - Data Security, Compliance, and Governance JAN 8 Microsoft Purview AMA | Blog Post 📺 Subscribe to our Microsoft Security Community YouTube channel for ALL Microsoft Security webinar recordings, and more!People of Purview: Karen Lopez
In this latest edition of People of Purview, we are excited to spotlight Karen Lopez. Karen is a seasoned data architect and passionate advocate for the Microsoft community. With decades of experience and a longstanding commitment to data management excellence, Karen has shaped the way organizations approach data governance and collaboration. Join us as she shares insights from her remarkable journey, her experiences with Microsoft technologies—from the days of MS-DOS to the cutting edge of Purview—and what continues to inspire her as a leader and mentor in the data world. Read on to meet Karen Lopez: Data Governance Leader and Community Champion! Let's get this Purview Party started, Karen! How long have you been working with Microsoft products, as well as Purview specifically? I'm not sure I can remember that far back. I first started working with SQL Server 7.0, so that's about 1998. However, the first product I worked with was MS-DOS, then Windows when it was released. At the US Department of Defense, I even worked on Wang PCs with MS-DOS. As a data architect and data management professional, I worked with Azure Data Catalog when it first came out. I was happy to see Microsoft move in the data world beyond databases and storage. I of course moved to the first versions of Purview to take advantage of the data classification and lineage functions. Data governance is a big part of my practice, so this was a good fit. I'm looking forward to learning more about Microsoft 365 compliance features, and then whatever AI features it will be getting. How (and when) did you get involved in the Microsoft Community? Tell us about your journey! I became a Microsoft MVP (SQL Server, now Data Platform) about 14 years ago. My technology areas are Azure SQL DB and Microsoft Purview - Data Governance. I spent time speaking at Microsoft user groups and conferences Along the way, I founded a SQL Server User Group in Toronto. I'm also a Microsoft Certified Trainer and I'm always working on passing a new exam so I can train in that area. What do you find most rewarding about being a community member? Meeting others who are working towards the same goals as I am. User groups and conferences are like mini-family reunions to me. We talk about work, life, and families. We share hobbies like running and space exploration. We debate contentious design patterns, toolsets, and project techniques. I've made friends over the years who share the same data passions as I do — plus a lot more. "What I like about Microsoft in 2025 is that our community recognizes that we work with tools and software from outside the Microsoft ecosystem. That's one of the things I like about Purview: it supports data governance for all our data inventory." What advice do you have for others who would like to get involved in their Microsoft Community? Jump on social media like Bluesky and LinkedIn to meet others around the world. Talk about your work, ask questions, get into debates, and share your wins. Then plan on making it to local and global events to meet others. Start writing about your experiences. It could be a blog, or just an article or newsletter on LinkedIn. Don't forget to attend virtual meetings, too. Anything else you’d like to share? 👩🚀👠 I love that I can mix my interest in data and space as a NASA Datanaut. We help citizen scientists work with NASA and other space agency open data. In fact, almost all my demos use NASA open data. My two favourites are Meteorite Landings and US & Russian EVA (space walks) data. My other nerd fun is to mentor and judge data-driven hackathons. I'm a frequent volunteer for Microsoft Imagine Cup and the NASA Space Apps Challenge. I travel with a mascot or two: usually astronaut Barbies. It sounds weird, but they get invited to space agencies and astronaut conferences all over the world and I get to tag along. It has been fun. I usually have space swag to share during my talks and the events I attend. Where can people find you? I blog at www.datamodel.com. I'm on Bluesky as datachick@bksy.social. My favourite book is always the one I last read, so I don't have one to recommend. Karen is based in Toronto, Ontario, Canada and works as a Data Evangelist for InfoAdvisors. ______________________________________________________________________________________________________________________________________________________________ Stay tuned to meet more People of Purview! If you would like to get involved with the Microsoft Security Community, here are some quick actions you can take: Log in (here, on Tech Community!) and follow: The Purview Community - post questions, respond to community members The all-up Microsoft Security Blog Join the Security Community mailing list Join the Customer Connection Program Check out this Community Choice article for a comprehensive list of Microsoft Security Community offerings. Karen's Links: http://www.datamodel.com mailto:datachick@bksy.social. Questions? Feel free to post below or message blog author RenWoods directly.People of Purview: Nikki Chapple
Meet Nikki Chapple, from the London area of the UK, Principal Cloud Architect at CloudWay, and Microsoft MVP and Customer Connection Program member! Nikki has worked with Microsoft products for over 10 years, although her IT career spans four decades, starting in the days of paper tape and punch cards! Her background is in enterprise architecture, translating business needs into practical technical solutions. Nikki specializes in data governance, security, and change management, helping organizations adopt Microsoft 365 in a way that prioritizes people, processes, and policy, not just technology. Read on to learn more about Nikki, her experience with Microsoft Communities, and her favorite resources to share! To kick this off, tell us about your start with Microsoft Purview; when and why? I began focusing on Microsoft Purview with the rise of Microsoft Teams. I viewed it as a chance to rethink how organizations manage collaboration, prioritizing people, processes, and governance. Microsoft Purview is now essential to my work, helping organizations protect sensitive data, comply with regulations, and integrate governance into daily practices. It's about creating a trusted digital workplace where security, transparency, and user empowerment are key. When did you begin your involvement in the Microsoft Community? Tell us about your journey. I’ve been a Microsoft MVP for three years. My journey began before this, as I shared my experiences through blogs and speaking engagements. I've found that sharing our experiences, both successes and challenges, can be incredibly inspiring and motivating for others. Connecting with others who are passionate about Microsoft 365 and Purview has been inspiring and rewarding. What do you find most rewarding about being a community member? The most rewarding aspect is the people, connecting with others who share a passion for Microsoft Purview, innovation, and lifelong learning. The community is a continuous source of inspiration, insights, and support. Whether through events, forums, or collaboration, there's always a chance to grow, share, and give back. What advice do you have for others wanting to get involved in their Microsoft Community? Start small: Join forums or webinars. Share what you know in blogs, talks, or conversations. Be consistent and stay curious. Connect with others and give back when you can. Everyone has something valuable to contribute! Can you tell us more about your Microsoft Customer Connection Program (MCCP) Experience? How has it helped you, your customers, and fellow community members? Being part of the Microsoft Purview CCP has allowed me to share real-world customer scenarios directly with the product team, ensuring our clients' voices are heard. This direct line of communication has significantly boosted customer confidence and loyalty as they see their feedback shaping the platform's evolution. Knowing that their challenges are being addressed reassures them that their investment in Microsoft 365 is secure and future-proof. As a Principal Cloud Architect, I collaborate closely with customers to understand their specific needs and challenges. By influencing the design of Purview features based on these insights, I help create highly relevant and practical solutions. This real-world application results in faster adoption and greater satisfaction, as clients see immediate benefits in their day-to-day operations. The CCP provides early access to new features through private preview programs, a strategic advantage for planning governance and compliance strategies for my clients. As an MVP and consultant, this is especially advantageous when working with large or regulated organizations, where preparation and alignment with internal controls are essential. Furthermore, it enables me to share practical insights through my blog "nikkichapple.com" and my podcast "All Things M365 Compliance", benefiting the wider community. Anything else you’d like to share? I’m passionate about making complex topics like compliance and governance more accessible. Whether through writing, presenting, or mentoring, I love helping others build confidence in this space, especially those just starting their journey in Microsoft 365. Do you have anything you’d like to promote or recommend? (your blog or podcast, an article you recommend, a book everyone should read, etc.) I share my insights at nikkichapple.com, focusing on data security, governance, and compliance topics that matter. Additionally, I co-host the All Things M365 Compliance video podcast, where I team up with Ryan John Murphy from Microsoft and a former MVP to explore everything about Microsoft 365 Purview. ______________________________________________________________________________________________________ Stay tuned to meet more People of Purview! If you would like to get involved with the Microsoft Security Community, here are some quick actions you can take: Log in (here, on Tech Community!) and follow: The Purview Community - post questions, respond to community members The all-up Microsoft Security Blog Join the Security Community mailing list Join the Customer Connection Program Check out this Community Choice article for a comprehensive list of Microsoft Security Community offerings. Nikki's links: Nikki Chapple- Microsoft 365 Blog All Things M365 Compliance - YouTube Questions? Feel free to post below or message blog author RenWoods directly.Microsoft Purview eDiscovery is getting a unified, streamlined experience starting May 26, 2025!
We are announcing three major updates to Microsoft Purview eDiscovery, enhancing our commitment to data security, privacy, and compliance. Beginning May 26, 2025: Content Search will transition to the new unified Purview eDiscovery experience. The eDiscovery (Standard) classic experience will transition to the new unified Purview eDiscovery experience. The eDiscovery export PowerShell cmdlet parameters will be retired. Check out the full details in the official announcement: Upcoming changes to Microsoft Purview eDiscovery | Microsoft Community HubShare Your Experience with Microsoft Purview on Gartner Peer Insights!
When deciding which products to include in an RFP or to purchase, companies often look at reviews from real customers. At Microsoft, we are committed to delivering top-notch security solutions that meet your needs and exceed your expectations. Additionally, we’re always looking to get more online reviews from users of our products. You would have the chance to help your peers, who can benefit from your experiences and feedback so that they buy products they can trust. And as a token of our appreciation for taking 10 minutes to fill out a review, Gartner Peer Insights will prompt you to choose a $25 USD gift card option! How to Submit Your Review for Microsoft Purview Communication Compliance: Click this direct link: Purview Communication Compliance. You’ll be prompted to create an account first or log in. Once you have completed your review, GPI will prompt you to choose a gift card option. As soon as your review is approved, the card will be made available to you digitally. You can also click this link to review other Microsoft Security Products that you are familiar with. Privacy/Guidelines: Please Note: Only Microsoft customers are eligible to participate. Microsoft partners, MVPs and Microsoft employees are not eligible. Microsoft Privacy Statement Gartner’s Community Guidelines & Gartner Peer Insights Review Guide Please feel free to comment on this post or message RenWoods with any questions!Microsoft Purview – Data Security Posture Management (DSPM) for AI
Introduction to DSPM for AI In an age where Artificial Intelligence (AI) is rapidly transforming industries, ensuring the security and compliance of AI integrations is paramount. Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations monitor AI activity, enforce security policies, and prevent unauthorised data exposure. Microsoft Purview Data Security Posture Management (DSPM) for AI addresses three primary areas: Recommendations, Reports, and Data Assessments. DSPM for AI assists in identifying vulnerabilities associated with unprotected data and enables prompt action to enhance data security posture and mitigate risks effectively. Getting Started with DSPM for AI To manage and mitigate AI-related risks, Microsoft Purview provides easy-to-use graphical tools and comprehensive reports. These features allow you to quickly gain insights into AI use within your organization. The one-click policies offered by Microsoft Purview simplify the process of protecting your data and ensuring compliance with regulatory requirements. Prerequisites for Data Security Posture Management for AI To use DSPM for AI from the Microsoft Purview portal or the Microsoft Purview compliance portal, you must have the following prerequisites: You have the right permissions. Monitoring Copilot interactions requires: Users are assigned a license for Microsoft 365 Copilot. o Microsoft Purview auditing enabled. Check instructions for Turn auditing on or off. Required for monitoring interactions with third-party generative AI sites: Devices are onboarded to Microsoft Purview, required for: Gaining visibility into sensitive information that's shared with third-party generative AI sites. (e.g., credit card numbers pasted into ChatGPT). Applying endpoint DLP policies to warn or block users from sharing sensitive information with third-party generative AI sites. (e.g. a user identified as elevated risk in Adaptive Protection is blocked with the option to override when they paste credit card numbers into ChatGPT) The Microsoft Purview browser extension is deployed to users and required to discover site visits to third-party generative AI sites. Things to consider Recommendations may differ based on M365 licenses and features. Not all recommendations are relevant for every tenant and can be dismissed. Any default policies created while Data Security Posture Management for AI was in preview and named Microsoft Purview AI Hub won't be changed. For example, policy names will retain their Microsoft AI Hub -prefix. In this blog post we are going to focus on Recommendations. Recommendations Let's explore each of the recommendations in detail, which will encompass one-click policy creation, data assessments, step-by-step guidance, and regulations. The data in the reports section will be contingent upon the completion of each recommendation. Figure 1: Recommendations – DSPM for AI Control unethical behaviour in AI Type: One-click policy Solution: Communication Compliance Description: This policy identifies sensitive information within prompts and response activities in Microsoft 365 Copilot. Action: Create policy to setup a one-click policy. Conditions: Content matches any of these trainable classifiers: Regulatory Collusion, Stock manipulation, Unauthorized disclosure, Money laundering, Corporate Sabotage, Sexual, Violence, Hate, Self-harm By default, all users and groups are added. The customisation of the policy is also available during the one-click policy creation process. Figure 2: Recommendations – One-click policy Guided assistance to AI regulations Type: New AI regulations Solution: Compliance manager Description: This recommendation is based on the NIST AI RMF regulations, suggesting actions to help users protect data during interactions with AI systems. Action: Monitor AI interaction logs: Go to Audit logs, configure search with workload filter, select copilot and sensitive information type and review search results. Monitor AI interactions in other AI apps: Navigate to DSPM for AI and review interactions in other AI apps for sensitive content and turn on policies to discover data across AI interactions and other AI apps. Flag risky communication and content in AI interactions: Create Communication compliance policy to define the necessary conditions and fields and select Microsoft Copilot as location. Prevent sensitive data from being shared in AI apps: Create Data loss prevention (DLP) policy with sensitive information type as conditions for Teams and Channel messages location. Manage retention and deletion policies for AI interactions: Create a retention policy for Teams chat and Microsoft 365 Copilot interactions to preserve relevant AI activities for a longer duration while promptly deleting non-relevant user actions. Protect sensitive data referenced in Copilot responses Type: Assessment Solution: Data assessments Description: Use data assessments to identify potential oversharing risks, including unlabelled files. Action: Create Data Assessments, Navigate to DSPM for AI - Data Assessments and Create Assessments. Enter assessment name and description Select users and data sources to assets for oversharing data Conduct the assessment scan and review the results to gain insights into oversharing risks and recommended solutions to restrict access to sensitive data. Implement the necessary fixes to protect your data. Discover and govern interactions with ChatGPT Enterprise AI (preview) Type: ChatGPT Enterprise AI (Data discovery) Solution: Microsoft Purview Data Map Description: Register ChatGPT Enterprise workspace to discover and govern interactions with ChatGPT Enterprise AI. Action: If you’re organisation is using ChatGPT Enterprise, then enable the Connector In Microsoft Azure, use Key Vault to manage credentials for third-party connectors: Use Key Vault to create and manage the secret for the ChatGPT Enterprise AI Connector. In Microsoft Purview, configure the new connector using Data Map: How to manage data sources in the Microsoft Purview Data Map Create and start a new scan: Create a new scan, select credential, review, and run the scan. Protect sensitive data referenced in Microsoft 365 Copilot (preview) Type: Data Security Solution: Data loss prevention Description: Content with sensitivity labels will be restricted from Copilot interactions with a data loss prevention policy. Action: Create a custom DLP policy and select Microsoft 365 Copilot as the data source. Create a custom rule o Condition: content contains sensitivity labels. o Action: Prevent Copilot from processing content. Figure 3: Custom DLP policy condition and action Fortify your data security Type: Data security Solution: Data loss prevention Description: Data security risks can range from accidental oversharing of information outside of the organization to data theft with malicious intent. These policies will protect against the data security risks with AI apps. Action: A one-click policy is available to create a data loss prevention (DLP) policy for endpoints (devices), aimed at blocking the transmission of sensitive information to AI sites. It utilises Adaptive Protection to give a warn-with-override alert to users with elevated risk levels who attempt to paste or upload sensitive information to other AI assistants in browsers such as Edge, Chrome, and Firefox. This policy covers all users and groups in your org in test mode. Figure 4: Block with override for elevated risk users Information Protection Policy for Sensitivity Labels Type: Data security Solution: Sensitivity Labels Description: This policy will set up default sensitivity labels to preserve document access rights and protect Microsoft 365 Copilot output. Action: Create policies will navigate to Information protection portal to set up sensitivity labels and publishing policy. Protect your data from potential oversharing risks Type: Data Security Solution: Data Assessment Description: Data assessments provide insights on potential oversharing risks within your organisation for SharePoint Online and OneDrive for Business (roadmap) along with fixes to limit access to sensitive data. This report will include sharing links. Action: This is a default oversharing assessment policy. To see the latest oversharing scan results: Select View latest results and choose a data source. Complete fixes to secure your data. Figure 5: Data assessments – Oversharing assessment data with sharing links report Use Copilot to improve your data security posture (preview) Type: Data security posture management Solution: Data security posture management (DSPM) Description: Data Security Posture Management (preview) combines deep insights with Security Copilot capabilities to help you identify and address security risks in your org. Benefits: Data security recommendations Gain insights into your data security posture and get recommendations protecting sensitive data and closing security gaps. Data security trends Track your org's data security posture over time with reports summarizing sensitive label usage, DLP policy coverage, changes in risky user behaviour, and more. Security Copilot Security Copilot helps you investigate alerts, identify risk patterns, and pinpoint the top data security risks in your org.People of Purview: Victor Wingsing, Jr.
It is our pleasure to introduce you to Microsoft Purview practitioner and MVP, Victor Wingsing Jr., who hails from “the bright and sunny London, United Kingdom” and currently serves as a Senior Manager in Technology Consulting at Protiviti. Victor has been working on Exchange and Windows since 2006, when his first tech job gave him the opportunity to work on Windows XP Migration and Exchange 2007 administration, which was also his very first Microsoft Certification! He has been working with Purview for five years. How (and when) did you get involved in the Microsoft Community? (Customer Connection Program, MVP, etc) Tell us about your journey! I've been part of the CCP for the past 3 years and the MVP community this past year when I got my MVP recognition. The CCP has been great since it has helped me get ahead of my tech learning. Each CCP call that I've attended has allowed me to immerse myself in Microsoft Security solutions. These then translated to me being able to better explain the technology to my clients. Learn More About the Customer Connection Program (CCP) What do you find most rewarding about being a community member? I find that the most rewarding part is connecting with the community. My pool of contacts and resources has significantly grown after being a member. The other thing that I value about the program is the connection with the Microsoft product groups during the Product Group feedback session. I know that we are being heard as I see our feedback from years back being introduced as part of the solution. What advice do you have for others who would like to get involved in their Microsoft Community? Get started today. You don't need to be an expert to join. Start by asking questions as there are many helpful and knowledgeable members who are ready and willing to share. The Microsoft Community is NOT just an online community. You can likely find a local community in your area. There are many Microsoft User Groups for you to join in-person or virtually. Check out Meet Up or Facebook groups for these kinds of user groups. Do you have anything you’d like to promote or recommend? (your blog or podcast, an article you recommend, a book everyone should read, etc) If you'd like to hear more about my thoughts on Information Security, Data Loss Prevention, Insider Risk Management, AI and more. Please read my blog at: https://victorwingsing.com/ Feel free to follow me on LinkedIn: https://www.linkedin.com/in/victorwingsing/ I can also be found in the Microsoft Tech Community at : Member: vicwingsing | Microsoft Community Hub For books to read: I'm a big fan of sci-fi books. Give these books a read: Of Ants and Dinosaurs by Cixin Liu Starter Villian by John Scalzi Kaiju Preservation Society by John Scalzi Rivers of London by Ben Aaronovitch (this one is a fantasy series set in real location in and around London) _____________________________________________________________________________________________________ Stay tuned to meet more People of Purview! If you'd like to get involved with the Microsoft Security Community, here are a some quick actions you can take: Log in (here, on Tech Community!) and follow: The Purview Community - post questions, respond to community members The all-up Microsoft Security Blog Join the Security Community mailing list Join the Customer Connection Program Check out this Community Choice article for a comprehensive list of Microsoft Security Community offerings. Questions? Feel free to post below or message blog author RenWoods directly.How can we help you?
You may have noticed that this Purview Community space has had a bit of a glow-up, and the great news is that it will continue to be tailored to meet the needs of its members. Our engineers, subject matter experts, MVPs, and enthusiastic technologists would like to bring you the content and engagements that you desire, and there's no better way to know what you want than to ask! So, please take the Purview Community Engagement Survey by March 3rd 2025 and share it widely with any other Purview users that you know! Do you have additional thoughts about what you'd like to see in the Purview community and would like to gather others' opinions? Post a comment below so that others can view and weigh in! Don't forget to take the survey!
