Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
This documentation is for the preview version of Data Security Posture Management that's now rolling out. We invite you to try this preview that introduces guided workflows for proactive risk management and streamlines data security operations so you can more confidently adopt AI across your digital estate.
Most new features will be added to this version only but you can still access the previous versions and their documentation:
For the most part, Microsoft Purview Data Security Posture Management is easy to use and self-explanatory, guiding you through setup and configuration tasks to help secure and govern your data. Use this section to complement that information and provide additional details that you might need.
Prerequisites for Data Security Posture Management
Use this section to identify prerequisites that aren't included in setup tasks.
You have a supporting license for this Microsoft Purview solution. For more information, see the announcement blog post Beyond Visibility: The new Microsoft Purview Data Security Posture Management (DSPM) experience.
You have the right permissions.
For Microsoft 365 Copilot and agents, users are assigned a license for Microsoft 365 Copilot.
- For Copilot in Fabric and Security Copilot:
- The enterprise version of Microsoft Purview data governance, to support the required APIs.
- A collection policy, such as the one created from the setup task Secure interactions in Microsoft Copilot experiences.
- For Copilot in Fabric and Security Copilot:
For monitoring interactions and applying DLP policies to other AI apps in Edge:
- An Edge configuration policy is required to activate the Microsoft Purview integration in Edge. For configuration information, see Activate your DLP policy in Microsoft Edge.
For Fabric data risk assessments, shared with DSPM for AI (classic): Configuration in both Entra and the Fabric admin portal.
For Microsoft 365 custom data risk assessments and item-level scanning, shared with DSPM for AI (classic): Configuration in the Entra admin portal.
For Entra-registered AI apps, they are integrated with the Microsoft Purview SDK to support all the Microsoft Purview capabilities.
For Security Copilot promptbooks and agents that support data discovery and remediation for sensitive data, Enable Security Copilot for Purview Audit and DSPM Solutions.
Activity explorer events in Data Security Posture Management
Use the following information to help you understand the events you might see in the activity explorer from Data Security Posture Management and the AI activities tab. References to a generative AI site can include Microsoft 365 Copilot, Microsoft 365 Copilot Chat, agents, other Microsoft copilots, and third-party AI sites.
| Event | Description |
|---|---|
| AI interaction | User interacted with a generative AI site. Details include the prompts and responses, except for unmanaged AI apps in Edge where text prompts only are included. For Microsoft 365 Copilot and Microsoft 365 Copilot Chat, this event requires auditing to be turned on. For Copilot in Fabric and Security Copilot, and for non-Copilot AI apps, prompts and responses require a collection policy with content capture selected to capture these interactions. |
| AI website visit | User browsed to a generative AI site. |
| DLP rule match | A data loss prevention rule was matched when a user interacted with a generative AI site. Includes DLP for Microsoft 365 Copilot. |
| Sensitive info types | Sensitive information types were found while a user interacted with a generative AI site. For Microsoft 365 Copilot and Microsoft 365 Copilot Chat, this event requires auditing to be turned on but doesn't require any active policies. |
The AI interaction event doesn't always display text for the prompt and response. Sometimes, the prompt and response spans consecutive entries. Other scenarios can include:
- Microsoft Facilitator AI-generated notes, no prompt or response is displayed
- When a user doesn't have a mailbox hosted in Exchange Online, no prompt or response is displayed
The Sensitive info types detected event doesn't display the user risk level.
For Microsoft Facilitator AI-generated notes, AI interaction events can't be linked to Sensitive info types detected events.
For collection policies, no prompt or response is displayed if the option to capture content isn't selected in the policy. For example, the one-click policy DSPM for AI - Detect sensitive info shared with AI via network doesn't select this option when the policy is automatically created, but you can manually edit the policy and select this option after the policy is created.
Tips for custom Security Copilot prompts in Data Security Posture Management
For an enhanced experience with Security Copilot in Data Security Posture Management, use the following tips for higher accuracy for your Copilot responses:
- Always include the user's UPN for questions involving a specific user.
- Always specify the complete name for the sensitive info type or label for questions that involve a specific type of sensitive info type or label.
- Clearly list the sorting criteria for questions for top users, activities, and alerts.
- Always specify the date period for questions for data in a specific date period. If you don't specify a date period, only data from the last 10 days from current date is included. The maximum lookback is 30 days from the current date.
- Put all items (classifiers or labels) in single quotes in your prompt.
- Use "/" as a separator for any path (for example, a file path) in a user prompt.
- Scope the prompt to a single intent for higher accuracy of responses. Break complex prompts into single intent questions and enter the prompts one by one.
- Make questions self-contained. Avoid referring to previous questions or responses.
- Avoid using generic terms.
- Support prompts for data security across Information Protection, DLP, Insider Risk Management, or from public documentation.
For more information about creating Security Copilot prompts, see Create effective prompts.