Getting Started with Data Security Posture Management for AI
Photo by Danist Soh on Unsplash Microsoft Features: DSPM for AI Estimated Read Time: 5 minutes In my previous blog, I gave an introduction to DSPM for AI. I discussed some key data security concern…
Free Copilot Chat learning sessions - become a Copilot Chat expert in an hour!
With Copilot Chat now available for all M365 users, we invite you to join our Coffee and Copilot learning sessions to unlock the full potential of your new AI assistant.
No matter your role or experience level, in just 90 minutes, our expert-led sessions will transform you from a beginner to a pro in Copilot Chat. We'll guide you through the foundations of AI, the basics of navigating Copilot, and understanding how Copilot handles your most sensitive data.
Here's what you'll learn:
Foundations of AI: Get a solid understanding of AI principles.
Navigating Copilot: Master the basics and explore its capabilities.
Content Creation: Learn how to create compelling content effortlessly.
Research: Discover efficient ways to conduct research using Copilot.
File Upload: Understand how to manage and upload files seamlessly.
Prompt Library: Explore a variety of prompts to enhance your workflows.
Don't miss this opportunity to elevate your productivity! Our sessions are offered every Friday, until June 20th, so choose the date that suits you best and get ready to transform your workflows. Reserve your spot below and take your AI skills to the next level.
See you there! Registration Dates:(Currently, only dates until April 25th are available for registration. More dates will come soon)
DateRegistration Link
March 28th
Coffee and Copilot (March 28)April 4thCoffee and Copilot (April 4)April 11thCoffee and Copilot (April 11)April 18thCoffee and Copilot (April 18)April 25thCoffee and Copilot (April 25)
Microsoft Purview – Data Security Posture Management (DSPM) for AI
Introduction to DSPM for AI
In an age where Artificial Intelligence (AI) is rapidly transforming industries, ensuring the security and compliance of AI integrations is paramount. Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations monitor AI activity, enforce security policies, and prevent unauthorised data exposure.
Microsoft Purview Data Security Posture Management (DSPM) for AI addresses three primary areas: Recommendations, Reports, and Data Assessments. DSPM for AI assists in identifying vulnerabilities associated with unprotected data and enables prompt action to enhance data security posture and mitigate risks effectively.
Getting Started with DSPM for AI
To manage and mitigate AI-related risks, Microsoft Purview provides easy-to-use graphical tools and comprehensive reports. These features allow you to quickly gain insights into AI use within your organization. The one-click policies offered by Microsoft Purview simplify the process of protecting your data and ensuring compliance with regulatory requirements.
Prerequisites for Data Security Posture Management for AI
To use DSPM for AI from the Microsoft Purview portal or the Microsoft Purview compliance portal, you must have the following prerequisites:
You have the right permissions.
Monitoring Copilot interactions requires:
Users are assigned a license for Microsoft 365 Copilot.
o Microsoft Purview auditing enabled. Check instructions for Turn auditing on or off.
Required for monitoring interactions with third-party generative AI sites:
Devices are onboarded to Microsoft Purview, required for:
Gaining visibility into sensitive information that's shared with third-party generative AI sites. (e.g., credit card numbers pasted into ChatGPT).
Applying endpoint DLP policies to warn or block users from sharing sensitive information with third-party generative AI sites. (e.g. a user identified as elevated risk in Adaptive Protection is blocked with the option to override when they paste credit card numbers into ChatGPT)
The Microsoft Purview browser extension is deployed to users and required to discover site visits to third-party generative AI sites.
Things to consider
Recommendations may differ based on M365 licenses and features.
Not all recommendations are relevant for every tenant and can be dismissed.
Any default policies created while Data Security Posture Management for AI was in preview and named Microsoft Purview AI Hub won't be changed. For example, policy names will retain their Microsoft AI Hub -prefix.
In this blog post we are going to focus on Recommendations.
Recommendations
Let's explore each of the recommendations in detail, which will encompass one-click policy creation, data assessments, step-by-step guidance, and regulations. The data in the reports section will be contingent upon the completion of each recommendation.
Figure 1: Recommendations – DSPM for AI
Control unethical behaviour in AI
Type: One-click policy
Solution: Communication Compliance
Description: This policy identifies sensitive information within prompts and response activities in Microsoft 365 Copilot.
Action:
Create policy to setup a one-click policy.
Conditions: Content matches any of these trainable classifiers: Regulatory Collusion, Stock manipulation, Unauthorized disclosure, Money laundering, Corporate Sabotage, Sexual, Violence, Hate, Self-harm
By default, all users and groups are added.
The customisation of the policy is also available during the one-click policy creation process.
Figure 2: Recommendations – One-click policy
Guided assistance to AI regulations
Type: New AI regulations
Solution: Compliance manager
Description: This recommendation is based on the NIST AI RMF regulations, suggesting actions to help users protect data during interactions with AI systems.
Action:
Monitor AI interaction logs: Go to Audit logs, configure search with workload filter, select copilot and sensitive information type and review search results.
Monitor AI interactions in other AI apps: Navigate to DSPM for AI and review interactions in other AI apps for sensitive content and turn on policies to discover data across AI interactions and other AI apps.
Flag risky communication and content in AI interactions: Create Communication compliance policy to define the necessary conditions and fields and select Microsoft Copilot as location.
Prevent sensitive data from being shared in AI apps: Create Data loss prevention (DLP) policy with sensitive information type as conditions for Teams and Channel messages location.
Manage retention and deletion policies for AI interactions: Create a retention policy for Teams chat and Microsoft 365 Copilot interactions to preserve relevant AI activities for a longer duration while promptly deleting non-relevant user actions.
Protect sensitive data referenced in Copilot responses
Type: Assessment
Solution: Data assessments
Description: Use data assessments to identify potential oversharing risks, including unlabelled files.
Action:
Create Data Assessments, Navigate to DSPM for AI - Data Assessments and Create Assessments.
Enter assessment name and description
Select users and data sources to assets for oversharing data
Conduct the assessment scan and review the results to gain insights into oversharing risks and recommended solutions to restrict access to sensitive data.
Implement the necessary fixes to protect your data.
Discover and govern interactions with ChatGPT Enterprise AI (preview)
Type: ChatGPT Enterprise AI (Data discovery)
Solution: Microsoft Purview Data Map
Description: Register ChatGPT Enterprise workspace to discover and govern interactions with ChatGPT Enterprise AI.
Action:
If you’re organisation is using ChatGPT Enterprise, then enable the Connector
In Microsoft Azure, use Key Vault to manage credentials for third-party connectors: Use Key Vault to create and manage the secret for the ChatGPT Enterprise AI Connector.
In Microsoft Purview, configure the new connector using Data Map: How to manage data sources in the Microsoft Purview Data Map
Create and start a new scan: Create a new scan, select credential, review, and run the scan.
Protect sensitive data referenced in Microsoft 365 Copilot (preview)
Type: Data Security
Solution: Data loss prevention
Description: Content with sensitivity labels will be restricted from Copilot interactions with a data loss prevention policy.
Action:
Create a custom DLP policy and select Microsoft 365 Copilot as the data source.
Create a custom rule
o Condition: content contains sensitivity labels.
o Action: Prevent Copilot from processing content.
Figure 3: Custom DLP policy condition and action
Fortify your data security
Type: Data security
Solution: Data loss prevention
Description: Data security risks can range from accidental oversharing of information outside of the organization to data theft with malicious intent. These policies will protect against the data security risks with AI apps.
Action:
A one-click policy is available to create a data loss prevention (DLP) policy for endpoints (devices), aimed at blocking the transmission of sensitive information to AI sites.
It utilises Adaptive Protection to give a warn-with-override alert to users with elevated risk levels who attempt to paste or upload sensitive information to other AI assistants in browsers such as Edge, Chrome, and Firefox. This policy covers all users and groups in your org in test mode.
Figure 4: Block with override for elevated risk users
Information Protection Policy for Sensitivity Labels
Type: Data security
Solution: Sensitivity Labels
Description: This policy will set up default sensitivity labels to preserve document access rights and protect Microsoft 365 Copilot output.
Action:
Create policies will navigate to Information protection portal to set up sensitivity labels and publishing policy.
Protect your data from potential oversharing risks
Type: Data Security
Solution: Data Assessment
Description: Data assessments provide insights on potential oversharing risks within your organisation for SharePoint Online and OneDrive for Business (roadmap) along with fixes to limit access to sensitive data. This report will include sharing links.
Action:
This is a default oversharing assessment policy.
To see the latest oversharing scan results:
Select View latest results and choose a data source.
Complete fixes to secure your data.
Figure 5: Data assessments – Oversharing assessment data with sharing links report
Use Copilot to improve your data security posture (preview)
Type: Data security posture management
Solution: Data security posture management (DSPM)
Description: Data Security Posture Management (preview) combines deep insights with Security Copilot capabilities to help you identify and address security risks in your org.
Benefits:
Data security recommendations
Gain insights into your data security posture and get recommendations protecting sensitive data and closing security gaps.
Data security trends
Track your org's data security posture over time with reports summarizing sensitive label usage, DLP policy coverage, changes in risky user behaviour, and more.
Security Copilot
Security Copilot helps you investigate alerts, identify risk patterns, and pinpoint the top data security risks in your org.
Mastering Loop Storage Management: A Guide for Administrators and Users
This guide breaks down how Loop Components and Pages are stored, their impact on tenant-wide storage, and what actions administrators can take to manage storage efficiently.
Announcing the Microsoft 365 Copilot and Copilot Agents Management Series
Starting next week, following our popular series “Microsoft 365 Copilot Training Series on Demand,” Microsoft’s Darryl Rowe and Michael Gannotti will begin a new series titled “Microsoft 365 Copilot and Copilot Agents Management Series.” The series will run over 8 recorded podcasts that will be posted to the HLS Blog and be linked in here as well.
Microsoft 365 Copilot and Copilot Agents Management Series:
Introduction to Copilot Chat
Microsoft 365 Copilot and Copilot Chat Administration
Introduction to agents
Agent management controls
Agents built in SharePoint
Agents built in Agent Builder
Agents built in Copilot Studio
Analytics and Monitoring
Be sure to mark this page in your browser favorites and check back each week. The above bullet items will be updated to active links as the podcast sessions are released. Recording begins Monday 3/24/2025 with the first podcast, “Introduction to Copilot Chat,” dropping late Monday afternoon.
In the meantime check out the following resources:
Meet Copilot, Your AI Assistant for Work | Microsoft 365
Microsoft 365 Copilot – Microsoft Adoption
Adoption resources for Microsoft 365 Copilot | Microsoft Learn
Microsoft 365 admin center scenarios that configure Copilot | Microsoft Learn
Extend Microsoft 365 Copilot | Microsoft Learn
Today’s blog is one that I’m very excited about - I’m going to show you all about how to use the brand new Copilot Prompt Gallery, or as they are calling it, “Prompts”, which is rolling out now. It’s a place to store your favorite prompts and share prompts with your teams.
Two things to note: One is that, as of right now, this does require an M365 Copilot license to use as an app in Teams.
Every Small Business MUST Know These E5 Security Features Now!
In this video, we dive into the exciting news that Microsoft has made their E5 Security License available to Microsoft 365 Business Premium users for just $1...
Introducing the Copilot Analytics Advanced Analysis Playbook
For customers looking to run custom analyses to create more tailored, actionable interventions around Microsoft 365 Copilot adoption and impact, we’re now providing a new set of resources in the form of a playbook.
This playbook is designed to be used like an analysis recipe book, to help an analyst put together an analysis plan based on the most pressing questions and context of their particular organization.
It's designed for our technically savvy customers, specifically analytics leaders and analysts who have already been utilizing the Copilot Dashboard and Power BI reports and are eager to take their analysis to the next level.
What is it?
This playbook is intended for analytics leaders or analysts who have used available resources to assess Copilot adoption and impact, and seek further guidance for an in-depth analysis plan. This playbook provides analysis and visualization examples to measure the progress and impact of Copilot adoption. It also helps analysts identify opportunities to accelerate cultural transformation around AI.
What’s inside?
The playbook covers 15 different analysis and visualization views focused on assessing Copilot adoption and impact. Each analysis is focused on a business question and includes business implications and code examples. Some of the analyses featured in the playbook include:
Usage segmentation
Ranked exploration of groups on Copilot usage
Profiling adoption and readiness sentiment with Pulse
Assessing equality of usage with the Gini coefficient
You can access this playbook here.
In today’s digital age, data security isn’t just a necessity—it’s a strategic priority. As businesses increasingly rely on AI and other new technologies, they face unique challenges like protecting sensitive information, staying compliant with regulations, and managing risks effectively.
Introducing the new Microsoft Teams chat and channels experience
Our customers are our greatest source of inspiration, and over the years we have evolved Teams with the goal of helping them achieve more. Today we are...
3 simple techniques to use Microsoft Loop for project journals
Let project team members know what you have been working on by adding to a project journal. Try these three methods to find out what works for you and your t...
Master Microsoft Forms: Your Ultimate Guide to Surveys, Quizzes, and Polls
Microsoft Forms is a versatile tool that makes creating surveys, quizzes, and polls a breeze. Whether you're collecting feedback, organizing an event, or conducting a quiz, Microsoft Forms can help you gather and analyze data with ease. In this guide, we'll walk you through how to use Microsoft Forms effectively.There are two ways you can access Microsoft Forms.
Option 1:
Sign into office.com with your credentials.
In the top left corner click the app launcher (9 dotted square) to expand the application menu bar.
If you don’t see Forms in the Apps menu, select “All apps” icon and find Forms there.
Option 2:
Navigate to forms.office.com
How to Navigate the Forms Dashboard
Navigating the Forms Dashboard is straightforward and user-friendly. Here’s how you can make the most of it:
Getting Started: When you open Microsoft Forms, you'll have several options right at your fingertips:
New Form: Start a fresh survey, questionnaire, or feedback form
New Quiz: Craft a quiz for educational or training purposes.
Quick import: Quickly generate a form or quiz from an existing file.
Navigation Options: The navigator options in Microsoft Forms serve to enhance user experience and streamline form management. Each option has a specific purpose:
Recent Tab: Quickly access forms and quizzes you've recently worked on, saving you time searching for them.
My Forms Tab: View all the forms and quizzes you’ve created, providing an organized list of your own work.
Filled Forms Tab: Keep track of forms or quizzes that you have completed or submitted, helping you review your past responses.
Shared with Me Tab: Access forms or quizzes that others have shared with you, facilitating collaboration and teamwork.
Favorites Tab: Easily find and access forms or quizzes you've marked as favorites, ensuring that frequently used or important forms are always at your fingertips
Groups: At the bottom of the dashboard, you'll find a list of your groups. Here, you can create forms and share them with your team, ensuring smooth and effective collaboration.
Now that we've mastered the Dashboard, let's dive into creating our first form!
Click on the New Form button to get started.
In the “Let’s get started! What’s your form about?” box, give your form a title and a brief description of what it’s about.
Next, click on Quick Start to choose the type of question you’d like to begin with. Here’s a quick look at the options available:
Choice: Create multiple-choice questions where respondents can select one or more answers.
Text: Allow respondents to provide open-ended text responses for more detailed feedback.
Date: Let respondents pick specific dates using a calendar.
Ranking: Enable respondents to rank items in order of preference.
Likert: Use a scale to measure attitudes or opinions, ranging from strong agreement to strong disagreement.
Rating: Ask respondents to rate items using a star or numerical scale.
Upload File: Let respondents upload files, such as documents or images, as part of their responses.
Net Promoter Score: Measure customer loyalty by asking how likely respondents are to recommend your product or service.
Section: Organize your form into sections, which is especially useful for creating multi-page forms or grouping related questions
You can also make questions required or optional by toggling the required button. For more customization, click the three dots to add subtitles, labels, or even apply branching to your questions.
How to customize your form
After creating the content for your form, in the upper right corner select Style. Here you can choose a background image and theme for your form, or by selecting the suggested or customized tab.
How to send off your form and collect responses
Once you've customized your form, click on the Preview tab at the top to see how it looks on both mobile and desktop. If needed, you can go back and make any adjustments or edits.
To share your form, you can either copy the provided URL under Collect Responses and send it as a link, or simply enter the name, group, or email address in the box below and hit the green button to send it directly.
Below the box, you also have the option to send the form as an invite, generate a QR code, or have your web designer embed it on your website with the provided code. You also have the option to send via Outlook or a Teams (message only) at the bottom of the box.
As responses start coming in, head over to the View Responses tab to view all the data. You’ll be able to see the results displayed in both graphs and detailed data, giving you a clear overview of the responses.
Now that we've covered how you can use Forms to turn your data into actionable insights, we encourage you to dive in and get started right away by signing in to Microsoft Forms with your M365 account.For additional tips and resources, be sure to follow our Nonprofit Community | Microsoft Community Hub for blogs, updates, and expert advice on maximizing your nonprofit tools.
Testing sensitive information types in Microsoft Purview
To test a file for a sensitivity type navigate to the Microsoft Purview portal. From the solutions icon on the left hand side select Data Lifecycle Management. Expand the Classifiers option from th…
Get Started with Power Automate Desktop: Tutorial for Beginners (2025)
In this video tutorial, you’ll learn how to get started with Power Automate Desktop using simple, step-by-step instructions. Whether you're new to RPA (Robot...
Applying Sensitivity Labels to Content in Microsoft 365
Microsoft Features: Microsoft Purview Information Protection Estimated Read Times: 6 minutes In my previous two blogs, I wrote about How Purview Sensitivity Labels Help Protect Your Data and How to…
MS eDiscovery in Focus Introductions & New UI/UX Reveal
Title: MS eDiscovery in Focus - Episode 1: Introduction & New UI/UX RevealDescription: Welcome to the very first episode of MS eDiscovery in Focus! 🎉In this...
TL;DRUse Copilot chat in Loop to learn who made what changes and when. Due late January to late February 2025. DetailsIf you collaborate on a busy loop page, you can now ask Copilot chat to help you get caught up with changes. Microsoft suggests the following prompts to get you started: What changes did [name] make to
Trackable newsletters are coming to new Outlook and web
TL;DRNewsletters in new Outlook for Windows and Outlook for the web will allow you to create, distribute, and track internal email newsletters. Due early August to early September 2025. DetailsIf you use new Outlook for Windows or Outlook for the Web you will soon be able to create “professional and engaging email newsletters with a
As a Senior Data Security Technical Specialist at Microsoft, I have the privilege of working closely with strategic manufacturing customers, including both C-Level Executives and highly technical staff. My role involves presenting a compelling vision of how Microsoft 365 Purview as a platform can ad
IntroductionMicrosoft Purview is a comprehensive data governance and compliance solution that helps organisations manage sensitive data across various platforms. As the data stored within Microsoft Purview is highly sensitive, it’s important that only authorised individuals have access to it. Simply having the Compliance Admin, or even the Global Admin role may not be sufficient for accessing highly confidential data. To ensure that only the right people can access certain data, Role-Based Acces