As the adoption of AI is making leaps, it becomes more and more important for organizations to hva insights into how users utilize AI, and making sure it is being used in alignment of the company policy. When working with customers I try to help them getting started with the Data Security Posture Management for AI Apps (DSPM) in Purview in order to get the most basic overview.
DSPM for Agents is coming:
With the introduction of agents, Microsoft is also releasing a separate blade for DSPM for agents under the Purview for AI section. With DSPM for AI apps and agents, administrators will gain detailed insights into sensitive data accessed by specific AI agents. This feature will show how these agents are protected by Microsoft Purview data security policies. The detailed agent view will indicate which policies are applied to each agent and provide options for administrators to create new policies directly from this view to address any coverage gaps.
This addition is set to roll out later this month. You can track it's status on the roadmap
ID 489492.
A short description of DSPM:
Microsoft Purview DSPM for AI is designed to help organizations monitor AI activity, enforce security policies, and prevent unauthorized data exposure. It addresses three primary areas: Recommendations, Reports, and Data Assessments.
- The Recommendations section provides one-click policy creation, data assessments, and step-by-step guidance to enhance data security posture. It helps identify vulnerabilities associated with unprotected data and enables prompt action to mitigate risks effectively.
- Reports offer comprehensive insights into AI use within your organization. These reports help administrators understand how AI agents interact with sensitive data and ensure compliance with regulatory requirements. The detailed information provided in these reports is crucial for maintaining a secure and compliant environment.
- Data Assessments assist in evaluating the security of data accessed by AI agents. This feature provides detailed assessments to identify any potential risks and suggests actions to improve data security. By regularly assessing data security, organizations can proactively address any issues and ensure that their AI applications are operating within safe parameters.
The tool itself can easily be set up for basic Copilot reporting, but I would strongly recommend organizations to familiar themselves with how policies works, so admins can get the information that is important to the organization. Some of the policies requires deployment of software through Intune as well. Here is an article describing DSPM and what to configure.
Licensing:
Microsoft E5/F5/G5/A5 licenses are generally required when you want to use these audit features within Purview, but here is an interesting exception. If the organization is using the E3/F3/A3/G3 licenses + Copilot licenses, organizations are allowed to use the audit features for Copilot interactions. For details on the licensing, please read this
learn article.
If you found this post helpful, please consider subscribing to my blog for more updates and insights on Microsoft 365 services. You can also follow me on LinkedIn.