Summary
Microsoft Purview capabilities don't cover all agent types equally. Certain agents need explicit policy inclusion before any governance applies, and Agent 365 introduces behavioral differences that can silently undermine policies designed for human users.
For any new agent, the workflow starts the same way: find its parent app, check what coverage is available, configure what's missing, and confirm compliance.
In this module, you learned how to:
- Understand how AI agents change data security posture and which Purview capabilities apply to each agent type
- Discover active agents and assess where policy coverage is incomplete
- Decide where existing policies need agent-specific configuration
- Configure data loss prevention (DLP) and sensitivity label settings for agent interactions
- Configure Insider Risk Management and communication compliance for agent detection
- Confirm that compliance governance covers all active agent types
When new agents appear in your environment, run through the same steps: check the coverage matrix, confirm policy inclusion, address behavioral differences, and make sure compliance controls apply.
Resources
- Microsoft Purview data security and compliance protections for generative AI apps
- Use Microsoft Purview to manage data security and compliance for AI agents
- Use Microsoft Purview to manage data security and compliance for Microsoft Agent 365
- Learn about Data Security Posture Management
- Insider Risk Management policy templates
- Configure a communication compliance policy to detect generative AI interactions
- Learn about retention for Copilot and AI apps