Purview Webinars
REGISTER FOR ALL WEBINARS HERE Upcoming Microsoft Purview Webinars JULY 15 (8:00 AM) Microsoft Purview | How to Improve Copilot Responses Using Microsoft Purview Data Lifecycle Management Join our non-technical webinar and hear the unique, real life case study of how a large global energy company successfully implemented Microsoft automated retention and deletion across the entire M365 landscape. You will learn how the company used Microsoft Purview Data Lifecyle Management to achieve a step up in information governance and retention management across a complex matrix organization. Paving the way for the safe introduction of Gen AI tools such as Microsoft Copilot. 2025 Past Recordings JUNE 10 Unlock the Power of Data Security Investigations with Microsoft Purview MAY 8 Data Security - Insider Threats: Are They Real? MAY 7 Data Security - What's New in DLP? MAY 6 What's New in MIP? APR 22 eDiscovery New User Experience and Retirement of Classic MAR 19 Unlocking the Power of Microsoft Purview for ChatGPT Enterprise MAR 18 Inheriting Sensitivity Labels from Shared Files to Teams Meetings MAR 12 Microsoft Purview AMA - Data Security, Compliance, and Governance JAN 8 Microsoft Purview AMA | Blog Post đź“ş Subscribe to our Microsoft Security Community YouTube channel for ALL Microsoft Security webinar recordings, and more!People of Purview: Karen Lopez
In this latest edition of People of Purview, we are excited to spotlight Karen Lopez. Karen is a seasoned data architect and passionate advocate for the Microsoft community. With decades of experience and a longstanding commitment to data management excellence, Karen has shaped the way organizations approach data governance and collaboration. Join us as she shares insights from her remarkable journey, her experiences with Microsoft technologies—from the days of MS-DOS to the cutting edge of Purview—and what continues to inspire her as a leader and mentor in the data world. Read on to meet Karen Lopez: Data Governance Leader and Community Champion! Let's get this Purview Party started, Karen! How long have you been working with Microsoft products, as well as Purview specifically? I'm not sure I can remember that far back. I first started working with SQL Server 7.0, so that's about 1998. However, the first product I worked with was MS-DOS, then Windows when it was released. At the US Department of Defense, I even worked on Wang PCs with MS-DOS. As a data architect and data management professional, I worked with Azure Data Catalog when it first came out. I was happy to see Microsoft move in the data world beyond databases and storage. I of course moved to the first versions of Purview to take advantage of the data classification and lineage functions. Data governance is a big part of my practice, so this was a good fit. I'm looking forward to learning more about Microsoft 365 compliance features, and then whatever AI features it will be getting. How (and when) did you get involved in the Microsoft Community? Tell us about your journey! I became a Microsoft MVP (SQL Server, now Data Platform) about 14 years ago. My technology areas are Azure SQL DB and Microsoft Purview - Data Governance. I spent time speaking at Microsoft user groups and conferences Along the way, I founded a SQL Server User Group in Toronto. I'm also a Microsoft Certified Trainer and I'm always working on passing a new exam so I can train in that area. What do you find most rewarding about being a community member? Meeting others who are working towards the same goals as I am. User groups and conferences are like mini-family reunions to me. We talk about work, life, and families. We share hobbies like running and space exploration. We debate contentious design patterns, toolsets, and project techniques. I've made friends over the years who share the same data passions as I do — plus a lot more. "What I like about Microsoft in 2025 is that our community recognizes that we work with tools and software from outside the Microsoft ecosystem. That's one of the things I like about Purview: it supports data governance for all our data inventory." What advice do you have for others who would like to get involved in their Microsoft Community? Jump on social media like Bluesky and LinkedIn to meet others around the world. Talk about your work, ask questions, get into debates, and share your wins. Then plan on making it to local and global events to meet others. Start writing about your experiences. It could be a blog, or just an article or newsletter on LinkedIn. Don't forget to attend virtual meetings, too.  Anything else you’d like to share? 👩‍🚀👠I love that I can mix my interest in data and space as a NASA Datanaut. We help citizen scientists work with NASA and other space agency open data. In fact, almost all my demos use NASA open data. My two favourites are Meteorite Landings and US & Russian EVA (space walks) data. My other nerd fun is to mentor and judge data-driven hackathons. I'm a frequent volunteer for Microsoft Imagine Cup and the NASA Space Apps Challenge. I travel with a mascot or two: usually astronaut Barbies. It sounds weird, but they get invited to space agencies and astronaut conferences all over the world and I get to tag along. It has been fun. I usually have space swag to share during my talks and the events I attend. Where can people find you? I blog at www.datamodel.com. I'm on Bluesky as datachick@bksy.social. My favourite book is always the one I last read, so I don't have one to recommend. Karen is based in Toronto, Ontario, Canada and works as a Data Evangelist for InfoAdvisors. ______________________________________________________________________________________________________________________________________________________________ Stay tuned to meet more People of Purview! If you would like to get involved with the Microsoft Security Community, here are some quick actions you can take: Log in (here, on Tech Community!) and follow: The Purview Community - post questions, respond to community members The all-up Microsoft Security Blog Join the Security Community mailing list Join the Customer Connection Program Check out this Community Choice article for a comprehensive list of Microsoft Security Community offerings. Karen's Links: http://www.datamodel.com mailto:datachick@bksy.social. Questions? Feel free to post below or message blog author RenWoods directly.Microsoft Purview eDiscovery is getting a unified, streamlined experience starting May 26, 2025!
We are announcing three major updates to Microsoft Purview eDiscovery, enhancing our commitment to data security, privacy, and compliance. Beginning May 26, 2025: Content Search will transition to the new unified Purview eDiscovery experience. The eDiscovery (Standard) classic experience will transition to the new unified Purview eDiscovery experience. The eDiscovery export PowerShell cmdlet parameters will be retired. Check out the full details in the official announcement: Upcoming changes to Microsoft Purview eDiscovery | Microsoft Community HubEverything to See at RSAC 2025
Are you heading to RSAC 2025? Unsure of what to add to your calendar? Well, starting with the Microsoft Security Pre-Day on April 27th, there is so much content packed into the week that you may feel the need to clone yourself! Check it out: The Ultimate Guide to Microsoft Security at RSAC 2025 | Microsoft Community HubMicrosoft Purview – Data Security Posture Management (DSPM) for AI
Introduction to DSPM for AI In an age where Artificial Intelligence (AI) is rapidly transforming industries, ensuring the security and compliance of AI integrations is paramount. Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations monitor AI activity, enforce security policies, and prevent unauthorised data exposure. Microsoft Purview Data Security Posture Management (DSPM) for AI addresses three primary areas: Recommendations, Reports, and Data Assessments. DSPM for AI assists in identifying vulnerabilities associated with unprotected data and enables prompt action to enhance data security posture and mitigate risks effectively. Getting Started with DSPM for AI To manage and mitigate AI-related risks, Microsoft Purview provides easy-to-use graphical tools and comprehensive reports. These features allow you to quickly gain insights into AI use within your organization. The one-click policies offered by Microsoft Purview simplify the process of protecting your data and ensuring compliance with regulatory requirements. Prerequisites for Data Security Posture Management for AI To use DSPM for AI from the Microsoft Purview portal or the Microsoft Purview compliance portal, you must have the following prerequisites: You have the right permissions. Monitoring Copilot interactions requires: Users are assigned a license for Microsoft 365 Copilot. o Microsoft Purview auditing enabled. Check instructions for Turn auditing on or off. Required for monitoring interactions with third-party generative AI sites: Devices are onboarded to Microsoft Purview, required for: Gaining visibility into sensitive information that's shared with third-party generative AI sites. (e.g., credit card numbers pasted into ChatGPT). Applying endpoint DLP policies to warn or block users from sharing sensitive information with third-party generative AI sites. (e.g. a user identified as elevated risk in Adaptive Protection is blocked with the option to override when they paste credit card numbers into ChatGPT) The Microsoft Purview browser extension is deployed to users and required to discover site visits to third-party generative AI sites. Things to consider Recommendations may differ based on M365 licenses and features. Not all recommendations are relevant for every tenant and can be dismissed. Any default policies created while Data Security Posture Management for AI was in preview and named Microsoft Purview AI Hub won't be changed. For example, policy names will retain their Microsoft AI Hub -prefix. In this blog post we are going to focus on Recommendations. Recommendations Let's explore each of the recommendations in detail, which will encompass one-click policy creation, data assessments, step-by-step guidance, and regulations. The data in the reports section will be contingent upon the completion of each recommendation. Figure 1: Recommendations – DSPM for AI Control unethical behaviour in AI Type: One-click policy Solution: Communication Compliance Description: This policy identifies sensitive information within prompts and response activities in Microsoft 365 Copilot. Action: Create policy to setup a one-click policy. Conditions: Content matches any of these trainable classifiers: Regulatory Collusion, Stock manipulation, Unauthorized disclosure, Money laundering, Corporate Sabotage, Sexual, Violence, Hate, Self-harm By default, all users and groups are added. The customisation of the policy is also available during the one-click policy creation process. Figure 2: Recommendations – One-click policy Guided assistance to AI regulations Type: New AI regulations Solution: Compliance manager Description: This recommendation is based on the NIST AI RMF regulations, suggesting actions to help users protect data during interactions with AI systems. Action: Monitor AI interaction logs: Go to Audit logs, configure search with workload filter, select copilot and sensitive information type and review search results. Monitor AI interactions in other AI apps: Navigate to DSPM for AI and review interactions in other AI apps for sensitive content and turn on policies to discover data across AI interactions and other AI apps. Flag risky communication and content in AI interactions: Create Communication compliance policy to define the necessary conditions and fields and select Microsoft Copilot as location. Prevent sensitive data from being shared in AI apps: Create Data loss prevention (DLP) policy with sensitive information type as conditions for Teams and Channel messages location. Manage retention and deletion policies for AI interactions: Create a retention policy for Teams chat and Microsoft 365 Copilot interactions to preserve relevant AI activities for a longer duration while promptly deleting non-relevant user actions. Protect sensitive data referenced in Copilot responses Type: Assessment Solution: Data assessments Description: Use data assessments to identify potential oversharing risks, including unlabelled files. Action: Create Data Assessments, Navigate to DSPM for AI - Data Assessments and Create Assessments. Enter assessment name and description Select users and data sources to assets for oversharing data Conduct the assessment scan and review the results to gain insights into oversharing risks and recommended solutions to restrict access to sensitive data. Implement the necessary fixes to protect your data. Discover and govern interactions with ChatGPT Enterprise AI (preview) Type: ChatGPT Enterprise AI (Data discovery) Solution: Microsoft Purview Data Map Description: Register ChatGPT Enterprise workspace to discover and govern interactions with ChatGPT Enterprise AI. Action: If you’re organisation is using ChatGPT Enterprise, then enable the Connector In Microsoft Azure, use Key Vault to manage credentials for third-party connectors: Use Key Vault to create and manage the secret for the ChatGPT Enterprise AI Connector. In Microsoft Purview, configure the new connector using Data Map: How to manage data sources in the Microsoft Purview Data Map Create and start a new scan: Create a new scan, select credential, review, and run the scan. Protect sensitive data referenced in Microsoft 365 Copilot (preview) Type: Data Security Solution: Data loss prevention Description: Content with sensitivity labels will be restricted from Copilot interactions with a data loss prevention policy. Action: Create a custom DLP policy and select Microsoft 365 Copilot as the data source. Create a custom rule o Condition: content contains sensitivity labels. o Action: Prevent Copilot from processing content. Figure 3: Custom DLP policy condition and action Fortify your data security Type: Data security Solution: Data loss prevention Description: Data security risks can range from accidental oversharing of information outside of the organization to data theft with malicious intent. These policies will protect against the data security risks with AI apps. Action: A one-click policy is available to create a data loss prevention (DLP) policy for endpoints (devices), aimed at blocking the transmission of sensitive information to AI sites. It utilises Adaptive Protection to give a warn-with-override alert to users with elevated risk levels who attempt to paste or upload sensitive information to other AI assistants in browsers such as Edge, Chrome, and Firefox. This policy covers all users and groups in your org in test mode. Figure 4: Block with override for elevated risk users Information Protection Policy for Sensitivity Labels Type: Data security Solution: Sensitivity Labels Description: This policy will set up default sensitivity labels to preserve document access rights and protect Microsoft 365 Copilot output. Action: Create policies will navigate to Information protection portal to set up sensitivity labels and publishing policy. Protect your data from potential oversharing risks Type: Data Security Solution: Data Assessment Description: Data assessments provide insights on potential oversharing risks within your organisation for SharePoint Online and OneDrive for Business (roadmap) along with fixes to limit access to sensitive data. This report will include sharing links. Action: This is a default oversharing assessment policy. To see the latest oversharing scan results: Select View latest results and choose a data source. Complete fixes to secure your data. Figure 5: Data assessments – Oversharing assessment data with sharing links report Use Copilot to improve your data security posture (preview) Type: Data security posture management Solution: Data security posture management (DSPM) Description: Data Security Posture Management (preview) combines deep insights with Security Copilot capabilities to help you identify and address security risks in your org. Benefits: Data security recommendations Gain insights into your data security posture and get recommendations protecting sensitive data and closing security gaps. Data security trends Track your org's data security posture over time with reports summarizing sensitive label usage, DLP policy coverage, changes in risky user behaviour, and more. Security Copilot Security Copilot helps you investigate alerts, identify risk patterns, and pinpoint the top data security risks in your org.People of Purview: Victor Wingsing, Jr.
It is our pleasure to introduce you to Microsoft Purview practitioner and MVP, Victor Wingsing Jr., who hails from “the bright and sunny London, United Kingdom” and currently serves as a Senior Manager in Technology Consulting at Protiviti. Victor has been working on Exchange and Windows since 2006, when his first tech job gave him the opportunity to work on Windows XP Migration and Exchange 2007 administration, which was also his very first Microsoft Certification! He has been working with Purview for five years. How (and when) did you get involved in the Microsoft Community? (Customer Connection Program, MVP, etc) Tell us about your journey! I've been part of the CCP for the past 3 years and the MVP community this past year when I got my MVP recognition. The CCP has been great since it has helped me get ahead of my tech learning. Each CCP call that I've attended has allowed me to immerse myself in Microsoft Security solutions. These then translated to me being able to better explain the technology to my clients. Learn More About the Customer Connection Program (CCP) What do you find most rewarding about being a community member? I find that the most rewarding part is connecting with the community. My pool of contacts and resources has significantly grown after being a member. The other thing that I value about the program is the connection with the Microsoft product groups during the Product Group feedback session. I know that we are being heard as I see our feedback from years back being introduced as part of the solution. What advice do you have for others who would like to get involved in their Microsoft Community? Get started today. You don't need to be an expert to join. Start by asking questions as there are many helpful and knowledgeable members who are ready and willing to share. The Microsoft Community is NOT just an online community. You can likely find a local community in your area. There are many Microsoft User Groups for you to join in-person or virtually. Check out Meet Up or Facebook groups for these kinds of user groups. Do you have anything you’d like to promote or recommend? (your blog or podcast, an article you recommend, a book everyone should read, etc) If you'd like to hear more about my thoughts on Information Security, Data Loss Prevention, Insider Risk Management, AI and more. Please read my blog at: https://victorwingsing.com/ Feel free to follow me on LinkedIn: https://www.linkedin.com/in/victorwingsing/ I can also be found in the Microsoft Tech Community at : Member: vicwingsing | Microsoft Community Hub For books to read: I'm a big fan of sci-fi books. Give these books a read: Of Ants and Dinosaurs by Cixin Liu Starter Villian by John Scalzi Kaiju Preservation Society by John Scalzi Rivers of London by Ben Aaronovitch (this one is a fantasy series set in real location in and around London) _____________________________________________________________________________________________________ Stay tuned to meet more People of Purview! If you'd like to get involved with the Microsoft Security Community, here are a some quick actions you can take: Log in (here, on Tech Community!) and follow: The Purview Community - post questions, respond to community members The all-up Microsoft Security Blog Join the Security Community mailing list Join the Customer Connection Program Check out this Community Choice article for a comprehensive list of Microsoft Security Community offerings. Questions? Feel free to post below or message blog author RenWoods directly.
Set Up Endpoint DLP Evidence Collection on your Azure Blob Storage
Endpoint Data Loss Prevention (Endpoint DLP) is part of the Microsoft Purview Data Loss Prevention (DLP) suite of features you can use to discover and protect sensitive items across Microsoft 365 services. Microsoft Endpoint DLP allows you to detect and protect sensitive content across onboarded Windows 10, Windows 11 and macOS devices. Learn more about all of Microsoft's DLP offerings. Before you start setting up the storage, you should review Get started with collecting files that match data loss prevention policies from devices | Microsoft Learn to understand the licensing, permissions, device onboarding and your requirements. Prerequisites Before you begin, ensure the following prerequisites are met: You have an active Azure subscription. You have the necessary permissions to create and configure resources in Azure. You have setup endpoint Data Loss Prevention policy on your devices Configure the Azure Blob Storage You can follow these steps to create an Azure Blob Storage using the Azure portal. For other methods refer to Create a storage account - Azure Storage | Microsoft Learn Sign in to the Azure Storage Accounts with your account credentials. Click on + Create On the Basics tab, provide the essential information for your storage account. After you complete the Basics tab, you can choose to further customize your new storage account, or you accept the default options and proceed. Learn more about azure storage account properties Once you have provided all the information click on the Networking tab. In network access, select Enable public access from all networks while creating the storage account. Click on Review + create to validate the settings. Once the validation passes, click on Create to create the storage Wait for deployment of the resource to be completed and then click on Go to resource. Once the newly created Blob Storage is opened, on the left panel click on Data Storage -> Containers Click on + Containers. Provide the name and other details and then click on Create Once your container is successfully created, click on it. Assign relevant permissions to the Azure Blob Storage Once the container is created, using Microsoft Entra authorization, you must configure two sets of permissions (role groups) on it: One for the administrators and investigators so they can view and manage evidence One for users who need to upload items to Azure from their devices Best practice is to enforce least privilege for all users, regardless of role. By enforcing least privilege, you ensure that user permissions are limited to only those permissions necessary for their role. We will use portal to create these custom roles. Learn more about custom roles in Azure RBAC Open the container and in the left panel click on Access Control (IAM) Click on the Roles tab. It will open a list of all available roles. Open context menu of Owner role using ellipsis button (…) and click on Clone. Now you can create a custom role. Click on Start from scratch. We have to create two new custom roles. Based on the role you are creating enter basic details like name and description and then click on JSON tab. JSON tab gives you the details of the custom role including the permissions added to that role. For owner role JSON looks like this: Now edit these permissions and replace them with permissions required based on the role: Investigator Role: Copy the permissions available at Permissions on Azure blob for administrators and investigators and paste it in the JSON section. User Role: Copy the permissions available at Permissions on Azure blob for usersand paste it in the JSON section. Once you have created these two new roles, we will assign these roles to relevant users. Click on Role Assignments tab, then on Add + and on Add role assignment. Search for the role and click on it. Then click on Members tab Click on + Select Members. Add the users or user groups you want to add for that role and click on Select Investigator role – Assign this role to users who are administrators and investigators so they can view and manage evidence User role – Assign this role to users who will be under the scope of the DLP policy and from whose devices items will be uploaded to the storage Once you have added the users click on Review+Assign to save the changes. Now we can add this storage to DLP policy. For more information on configuring the Azure Blob Storage access, refer to these articles: How to authorize access to blob data in the Azure portal Assign share-level permissions. Configure storage in your DLP policy Once you have configured the required permissions on the Azure Blob Storage, we will add the storage to DLP endpoint settings. Learn more about configuring DLP policy Open the storage you want to use. In left panel click on Data Storage -> Containers. Then select the container you want to add to DLP settings. Click on the Context Menu (… button) and then Container Properties. Copy the URL Open the Data Loss Prevention Settings. Click on Endpoint Settings and then on Setup evidence collection for file activities on devices. Select Customer Managed Storage option and then click on Add Storage Give the storage name and copy the container URL we copied. Then click on Save. Storage will be added to the list. Storage will be added to the list for use in the policy configuration. You can add up to 10 URLs Now open the DLP endpoint policy configuration for which you want to collect the evidence. Configure your policy using these settings: Make sure that Devices is selected in the location. In Incident reports, toggle Send an alert to admins when a rule match occurs to On. In Incident reports, select Collect original file as evidence for all selected file activities on Endpoint. Select the storage account you want to collect the evidence in for that rule using the dropdown menu. The dropdown menu shows the list of storages configured in the endpoint DLP settings. Select the activities for which you want to copy matched items to Azure storage Save the changes Please reach out to the support team if you face any issues. We hope this guide is helpful and we look forward to your feedback. Thank you, Microsoft Purview Data Loss Prevention TeamThe First Purview AMA of 2025 is Now On-Demand
The Microsoft Purview Community has kicked off a new year picking the brains of subject matter experts to understand all that Purview can do for their data security, governance, and compliance. The panelists: Maxime Bombardier - Purview Data Security and Horizontals Sandeep Shah - Purview Data Governance Peter Oguntoye - Purview Compliance A sampling of the questions: When will we see integration between the container sensitivity labels (groups and sites) and item sensitivity labels (files and emails)? Is there a matrix to see what capabilities in Purview can be used with which license? In Purview Activity Explorers, is there a way to save custom filters? There are the built-in filters, and then you can add additional filters, but never see an option to save. If not possible, is this a future enhancement coming? What is your advice on sharing confidential information with external users and the use of Information Protection labeling? I mean, do you recommend adding external users as guest users, or using a label configured with 'Any Authenticated Users' instead? If a large enterprise customer sees many false positives returned from trainable classifiers like profanity, how can they train or recreate these to more effectively use communication compliance The rest of the questions can be found in this post; even those that didn't make it to the live AMA are answered. Here is the full Jan 8th Purview AMA Recording: And finally, please comment below- what kind of content would you like to see from Purview experts or your fellow community members/users in the future? Thank you for engaging with the Purview Community!Global Reader Role Creating Retention Policies in Purview Compliance: Bug or Intended Behaviour?
Did you know that a user with the Global Reader role in Purview Compliance can create and edit retention policies? Interestingly, while they can create and modify policies, they cannot delete them. The expected behaviour for a Global Reader is read-only access across Microsoft 365, without the ability to make any changes, including creating or editing policies. Has anyone else encountered this, and do you think this is a bug or an intended feature?
