Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations monitor AI activity, enforce security policies, and prevent unauthorized data exposure. Learn how to configure DSPM for AI, track AI interactions, run data assessments, and apply security controls to reduce risks associated with AI usage.

Course Objectives:

In this course, you will learn to:

• Explain the purpose and benefits of Microsoft Purview DSPM for AI.
• Set up and configure DSPM for AI to monitor AI interactions.
• Identify and analyze AI security risks using reports and insights.
• Run and review AI data assessments to detect oversharing risks.
• Apply security policies, such as DLP and sensitivity labels, to protect AI-referenced data.

Course content

Introduction

• Identify security risks in AI interactions
• Monitor AI usage and enforce security policies
• Protect sensitive data in AI-generated content
• Run data assessments to detect oversharing risks
• Use reports to track AI activity and strengthen compliance

Understand AI security risks

Limited visibility into AI usage

• Identify which AI tools are being used (for example, Microsoft 365 Copilot, ChatGPT, Gemini)
• Track what kind of data is being shared with AI models
• Determine whether AI-generated content includes sensitive information

Data exposure in AI interactions

• Sensitive data being entered into AI prompts without security controls
• AI-generated responses containing confidential information
• AI referencing or summarizing data that shouldn’t be widely accessible

Compliance and regulatory risks

• AI-generated content including regulated data
• Employees sharing sensitive information with external AI tools
• Lack of audit logs for AI activity, making compliance reporting difficult

AI-generated content security risks

• Confidential information being included in AI-generated text
• Inappropriate or noncompliant content being created and shared
• AI-generated files being saved without tracking or security controls

Addressing security gaps in AI usage

• Identify when and how AI tools are used within their environment
• Track and protect sensitive data in AI-generated content
• Apply security policies to prevent unauthorized data exposure

Data Security Posture Management (DSPM) for AI overview

AI insights and analytics

• Identify which AI tools are in use, including Microsoft 365 Copilot and non-Microsoft AI services
• Insights into data exposure risks in AI-generated content
• Reports to help assess compliance and security posture

Security policies for AI usage

• Detect when users share sensitive data with AI tools
• Block or warn users before sharing regulated or confidential data
• Apply sensitivity labels and data loss prevention policies to AI-generated content

Data assessments

• Data that is frequently accessed or overshared
• Files containing sensitive information that might be exposed through AI
• Content missing appropriate labelling or governance controls

Compliance controls

• Sensitivity labelsto classify and protect AI-referenced data
• Data classificationto apply security controls based on content type
• Customer Keyfor encryption with customer-managed keys
• Communication complianceto detect risky AI interactions
• Auditingand eDiscovery for tracking AI activity and managing investigations

Configure DSPM for AI

Types of AI security recommendations

• A preconfigured policy that can be activated immediately (one-click policy)
• Guidance on security measures that require manual implementation

Understand recommendation status

• Not Started: Recommendations that haven’t been acted on.
• Dismissed: Recommendations that were reviewed but not applied.
• Completed: Recommendations that have been fully implemented.

Policy activation timeline

• Policies take up to 24 hours to take effect. Once activated, they track AI interactions based on configured rules, with results appearing in DSPM reports and Activity Explorer after data processing. Deleted policies remain visible with a PendingDeletionstatus until fully removed.
• After configuring DSPM for AI, use Microsoft Purview reports and data assessments to evaluate AI interactions and identify potential risks. Reports provide insights into policy enforcement, AI data exposure, and compliance status, while data assessments help detect oversharing risks before they affect security.

Apply AI security recommendations with DSPM for AI

About AI security recommendations

• Data security: Prevent oversharing, apply labels, and enforce protective actions
• Data discovery: Detect where sensitive information is used in AI tools
• AI regulations: Help align AI usage with regulatory requirements
• Insight into communications: Detect inappropriate or risky prompts and responses

What to expect after activating a policy

• DLP policies created from DSPM for AI recommendations start in simulation mode, where enforcement actions aren’t applied, but results are logged for review.
• Insider Risk Management policies generate alerts based on user behavior signals.
• Communication Compliance policies flag content for review based on detected policy violations.
• Data assessments identify oversharing risks and surface them in reports.

Review AI security reports

Understand report categories and their insights

• Each report helps organizations understand AI usage and risks in different ways. The reports are grouped into three sections: Activity, Data, and User Risk.

Activity reports

• Total interactions over time (Microsoft Copilot & enterprise AI apps): Tracks the number of AI interactions within Microsoft 365 Copilot and non-Microsoft AI tools. This report helps organizations monitor AI adoption and identify patterns that might require further investigation.
• Total visits (other AI apps): Displays user visits to AI applications such as ChatGPT, Gemini, and Copilot for Bing. This report helps organizations determine whether employees are engaging with unauthorized AI tools and take action if needed.

Data insights

• Sensitive interactions per AI app: Identifies AI applications that process sensitive data. This report helps security teams assess which AI tools pose the highest data exposure risks.
• Top unethical AI interactions: Surfaces instances where Microsoft 365 Copilot has generated or responded to unethical, inappropriate, or noncompliant content. This information is useful for organizations using Communication Compliance policies to monitor AI-generated messages.
• Top sensitivity labels referenced in Copilot for Microsoft 365: Displays which sensitivity-labelled content is being referenced by AI tools. This insight helps organizations assess whether AI interactions involve confidential or highly classified data.

User risk reports

• Insider risk severity: Shows user AI interactions grouped by risk levels, helping security teams identify patterns that might indicate excessive or inappropriate AI usage.
• Insider risk severity per AI app: Breaks down user risk levels by specific AI applications, showing where risky Behavior is occurring. This report helps organizations determine whether Copilot or non-Microsoft AI tools require stricter monitoring.

Taking action on reports

• Extend insights: If reports show “Data discovery is yet to be defined,” AI interactions aren’t currently being tracked. Select Extend insights to enable monitoring for Microsoft 365 Copilot and non-Microsoft AI tools.
• Enable policies: Certain reports require data loss prevention (DLP) policies, sensitivity labels, or communication compliance rules to be activated before tracking begins. If a report remains empty despite AI activity in your environment, check policy configurations.
• Review flagged activity: Reports can highlight sensitive data usage, risky AI interactions, or insider threats. If an anomaly is detected, security teams should investigate further using Activity Explorer. They can then apply necessary controls, such as blocking AI interactions with classified data or restricting access to high-risk AI tools.

Use Data assessments (preview) to detect oversharing risks

Review and act on assessment results

• After a data assessment runs, security teams can analyze the results and take action using the Protect and Monitor tabs. These tabs provide insights into how sensitive data is being accessed and shared, and offer remediation options to reduce oversharing risks.

Investigate frequently accessed or unlabelled sites

• Whether the data is still needed
• If it contains sensitive content that should be labelled
• If access should be limited to fewer users or groups

Review broad internal sharing

• Sites shared with “People in your organization” might still be too permissive. Follow up with site owners to confirm whether that level of access is necessary. If not, adjust permissions or run a SharePoint site access review to delegate clean-up.

Apply protections to sensitive files

• Running an auto-labelling policy to apply the appropriate sensitivity level
• Restricting access to high-risk data using DLP or Restricted Content Discoverability
• Applying retention policies to remove stale content no longer in use

Clean up unused or empty data sources

• If a site shows no scanned items or access activity, determine whether it’s still needed. Inactive sites can be archived or restricted to reduce your organization’s overall exposure risk.

Follow up with content owners

• Review and update sharing settings
• Label content correctly
• Remove unused files or folders

To see the full course content Download now