A compliance administrator enables Data Security Posture Management (DSPM) AI observability and discovers three active agents:
- An Agent 365 instance with high oversharing risk and no existing policy coverage
- A Copilot Studio agent generating sensitive responses in Teams
- A Security Copilot agent flagged for potential data exfiltration
The organization's data loss prevention (DLP) policies currently scope to specific user groups. Sensitivity labels with encryption use "Add all users and groups in your organization" for permissions. Determine the best course of action for each situation.