Overview to Microsoft Purview Data Security Posture Management (DSPM) for AI

By /
Close-up of colorful text on a computer screen, showcasing cybersecurity concepts.

What is it, and what benefits it can bring to your organization?

Now in General Availability (GA), you can utilize Microsoft Purview Data Security Posture Management (DSPM) for managing and mitigating risks associated with AI usage, as well as implement related protection and governance controls. It provides user-friendly graphical tools and reports to share insights into AI use within your organization. You can enable policies with just a few clicks to safeguard your data and comply with regulatory requirements.

You can use the DSPM solution for AI alongside other Purview solutions to enhance your data security and compliance, including Microsoft M365 copilot, copilot agents, other copilots as well as non-Microsoft generative AI apps.

What features are the most significant within the DSPM?

Overview dashboard

From the security management perspective, the most commonly looked-up items in the solution are Data Security recommendations and data security analytic trends and reports. Additionally, the DSPM for AI brings data from AI applications to broaden the security posture even further.

Picture 1. From the dashboard, you can see an overview of current AI usage, and how many sensitive interactions there have been in your environment.

From the main dashboard, you can see reports from all kinds of AI apps in your environment. When all the connectors have been configured, you can see report data from Copilot activities, Enterprise AI app activities as well as third-party AI app activities (such as Google Gemini, ChatGPT, and Copilot for Bing).

Recommendations

From the recommendations blade, you can see the current Data Security AI recommendations, with their status. The status of the recommendation can be not started, dismissed, or completed. Just keep in mind that some of the recommendations might include features that are still in preview.

Picture 2. View your recommendations in the recommendations blade, with their current statuses.

You can start the improvement activities right away when you click the additional information per recommendation. From there, you can see the description of the recommendation and Purview’s suggestion for remediation.

Picture 3. You can start creating policies just by accepting Purview’s suggestion for remediation.

Reports

The reports section includes the view of the results of the default policies you have created. You can see the reports categorized into specific types, such as Microsoft Copilot Experiences and Enterprise AI apps. The view is similar to what you can see on the main Overview page and uses the same data for it.

Picture 4. In the Reports page, you can see an overview of the policy results (Picture: Microsoft).

Policies

In the Policies page, you can see the status of the default one-click policies you have created and also other AI-related policies from other Purview solutions. To edit the policies, use the corresponding management solution in the Purview portal. For example, for DSPM for AI – Unethical behavior in Copilot, you can review and remediate the matches from the Communication Compliance solution.

Activity explorer

In the Activity explorer blade, you can see the details of the data collected from your policies. This includes activity type and user, date and time, AI app category and app, any sensitive information types, files referenced, and sensitive files referenced. This includes also a bar chart from a specified timeline, divided into two colors: Light purple for sensitive info type and dark purple for AI interaction.

Picture 5. Example view from the Activity explorer blade with the filters visible.

Data risk assessments (Preview)

In the data assessments blade, you can identify potential oversharing risks in your organization. They also provide fixes to limit access to sensitive data. The default assessment automatically runs weekly for the top 100 SharePoint sites based on usage in your organization, no matter if you might have already run a custom assessment as one of the recommendations.

Please note that the Data risk assessment section is still in preview and subject to change.

Picture 6. Default data risk assessment details described.

Conclusion

Microsoft Purview Data Security Posture Management (DSPM) for AI is a solution for organizations that want to unleash the full potential of AI services while ensuring data security and compliance. When AI technologies are integrated into business operations, safeguarding sensitive data is essential. DSPM for AI provides comprehensive monitoring of AI activities, enabling organizations to track interactions with AI models and applications.

This solution allows managers and administrators to enforce security policies, identify data security vulnerabilities, and conduct data assessments to evaluate the security posture of AI integrations. With one-click policies and detailed reports, DSPM for AI simplifies the process of protecting data, ensuring compliance with regulatory standards, and mitigating risks associated with AI usage. By leveraging Microsoft Purview DSPM for AI, businesses can innovate with AI while maintaining high standards of data security and regulatory compliance, driving growth and maintaining trust with stakeholders.

Share this post:

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts

Scroll to Top