Data Security Posture Management for AI

What is it, and what benefits it can bring to your organization?

Now in General Availability (GA), you can use Microsoft Purview Data Security Posture Management (DSPM) for managing and mitigating risks associated with AI usage, as well as implement related protection and governance control. It provides easy-to-use graphical tools and reposts to share insights into AI use within your organization. You can enable policies only with a few clicks to protect your data and comply with regulatory requirements.

You can use the DSPM solution for AI side-by-side with other Purview solutions to strengthen your data security and compliance, including Microsoft M365 copilot, copilot agents, other copilots as well as non-Microsoft generative AI apps.

What features are the most important within the DSPM?

Overview dashboard

From the security management perspective, the most commonly looked-up things in the solution are Data Security recommendations and data security analytic trends and reports. Additionally, the DSPM for AI brings data from AI applications to broaden the security posture even further.

Näyttökuva 2025 04 25 kello 8.39.42 — *Picture 1. From the dashboard, you can see an overview of current AI usage, and how many sensitive interactions there have been in your environment.*

From the main dashboard, you can see reports from all kinds of AI apps in your environment. When all the connectors have been configured, you can see report data from Copilot activities, Enterprise AI app activities as well as third-party AI app activities (such as Google Gemini, ChatGPT and Copilot for Bing).

Recommendations

From recommendations blade, you can see the current Data Security AI recommendations, with their status. The status of the recommendation can be not started, dismissed or completed. Just keep in mind, that some of the recommendations might include features that are still in preview.

Näyttökuva 2025 04 25 kello 8.45.50 — *Picture 2. View your recommendations in the recommendations blade, with their current statuses.*

You can start the improvement activities right away when you click the additional information per recommendation. From there, you can see the description of the recommendation and Purview’s recommendation for remediation.

Näyttökuva 2025 04 25 kello 8.47.22 — *Picture 3. You can start creating policies just by accepting Purview’s suggestion for remediation.*

Reports

Reports section includes the view of the results of the default policies you have created. You can see the reports categorized into specific types, such as Microsoft Copilot Experiences and Enterprise AI apps. The view is similar, that you can see in the main Overview page and uses the same data for it.

Policies

In the Policies page, you can see the status of the default one-click policies you have created and also other AI-related policies from other Purview solutions. To edit the policies, use the corresponding management solution in the Purview portal. For example, for DSPM for AI - Unethical behavior in Copilot, you can review and remediate the matches from the Communication Compliance solution.

Activity explorer

In Activity explorer blade, you can see the details of the data collected from your policies. This includes activity type and user, date and time, AI app category and app, any sensitive information types, files referenced, and sensitive files referenced. This includes also a bar chart from specified timeline, divided into two colors: Light purple for sensitive info type and dark purple for AI interaction.

Näyttökuva 2025 04 25 kello 12.50.39 1 — *Picture 5. Example view from the Activity explorer blade with the filters visible.*

Data risk assessments (Preview)

In data assessments blade, you can identify potential oversharing risks in your organization. They also provide fixes to limit access to sensitive data. Default assessment automatically runs weekly for the top 100 SharePoint sites based on usage in your organisation, no matter if you might have already run a custom assessment as one of the recommendations.

Näyttökuva 2025 04 25 kello 12.59.39 1 — *Picture 6. Default data risk assessment details described.*

Please note, that the Data risk assessment section is still in preview, and subject to change.

Conclusion

Microsoft Purview Data Security Posture Management (DSPM) for AI is a solution for organizations, who wants to unleash the full potential of AI services while ensuring data security and compliance. When AI technologies are integrated into business operations, safeguarding sensitive data is essential. DSPM for AI provides comprehensive monitoring of AI activities, enabling organizations to track interactions with AI models and applications.

This solution allows managers and administrators to enforce security policies, identify data security vulnerabilities, and conduct data assessments to evaluate the security posture of AI integrations. With one-click policies and detailed reports, DSPM for AI simplifies the process of protecting data, ensuring compliance with regulatory standards, and mitigating risks associated with AI usage. By leveraging Microsoft Purview DSPM for AI, businesses can innovate with AI while maintaining high standards of data security and regulatory compliance, driving growth and maintaining trust with stakeholders.

Do you want to implement Purview DSPM for AI?

We suggest starting with a workshop with us and including relevant stakeholders from your company. This workshop should map out responsibilities, define how you should identify your data, and start the relevant governance and data security actions. This workshop includes clear and precise guidance for enabling relevant DSPM functionalities of Microsoft Purview tailored especially for your organization. The workshop outlines the steps to get started with implementing Microsoft Purview and protecting your organization against data security risks.