MicrosoftDocs
diff --git a/‎learn-pr/wwl-sci/describe-purview-data-solutions/6a-describe-data-security-posture-management.yml‎
Lines changed: 13 additions & 0 deletions b/‎learn-pr/wwl-sci/describe-purview-data-solutions/6a-describe-data-security-posture-management.yml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎learn-pr/wwl-sci/describe-purview-data-solutions/7-knowledge-check.yml‎
Lines changed: 12 additions & 12 deletions b/‎learn-pr/wwl-sci/describe-purview-data-solutions/7-knowledge-check.yml‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎learn-pr/wwl-sci/describe-purview-data-solutions/includes/1-introduction.md‎
Lines changed: 2 additions & 1 deletion b/‎learn-pr/wwl-sci/describe-purview-data-solutions/includes/1-introduction.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎learn-pr/wwl-sci/describe-purview-data-solutions/includes/2-identify-sensitive-data.md‎
Lines changed: 6 additions & 0 deletions b/‎learn-pr/wwl-sci/describe-purview-data-solutions/includes/2-identify-sensitive-data.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎learn-pr/wwl-sci/describe-purview-data-solutions/includes/4-describe-data-loss-prevention.md‎
Lines changed: 6 additions & 0 deletions b/‎learn-pr/wwl-sci/describe-purview-data-solutions/includes/4-describe-data-loss-prevention.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎learn-pr/wwl-sci/describe-purview-data-solutions/includes/5-describe-insider-risk-management.md‎
Lines changed: 4 additions & 0 deletions b/‎learn-pr/wwl-sci/describe-purview-data-solutions/includes/5-describe-insider-risk-management.md‎
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit### YamlMime:ModuleUnit
+uid: learn.describe-purview-data-solutions.describe-data-security-posture-management
+title: Describe Data Security Posture Management
+metadata:
+  title: Describe Data Security Posture Management
+  description: "Describe Data Security Posture Management in Microsoft Purview."
+  ms.date: 04/01/2026
+  author: wwlpublish
+  ms.author: ceperezb
+  ms.topic: unit
+durationInMinutes: 10
+content: |
+  [!include[](includes/6a-describe-data-security-posture-management.md)]
@@ -51,18 +51,6 @@ quiz:
       isCorrect: false
       explanation: "Incorrect. Device availability and reliability are infrastructure concerns handled outside of insider risk management. Insider risk management focuses on detecting and responding to risky or malicious activities by people within the organization."
 
-  - content: "An organization has a DLP policy that detects sensitive financial information. A user attempts to share a sensitive spreadsheet via Microsoft Teams. What action can the DLP policy take?"
-    choices:
-    - content: "Automatically delete the file from the user's OneDrive."
-      isCorrect: false
-      explanation: "Incorrect. DLP doesn't automatically delete files. Instead, DLP can block the sharing, show the user a policy tip explaining why the action was prevented, and optionally allow the user to override the block with a justification."
-    - content: "Show the user a policy tip and block the sharing."
-      isCorrect: true
-      explanation: "Correct. DLP policies can display a policy tip that warns the user their action may violate policy, and can block the sharing of the sensitive item in Teams."
-    - content: "Move the file to a quarantine location and notify the user's manager."
-      isCorrect: false
-      explanation: "Incorrect. Moving content to a quarantine location is a protective action that applies to data at rest, not to active sharing in Teams chat. For Teams chat, DLP can block the sharing and show a policy tip to the user."
-
   - content: "An organization wants its DLP controls to automatically tighten for users identified as high-risk by Insider Risk Management, without requiring admins to manually update policies. Which capability should the organization configure?"
     choices:
     - content: "Sensitivity label policies."
@@ -74,3 +62,15 @@ quiz:
     - content: "Trainable classifiers."
       isCorrect: false
       explanation: "Incorrect. Trainable classifiers are used to identify types of content for classification. They don't adjust DLP controls based on insider risk. Adaptive protection is the feature that connects insider risk levels to DLP and other protective controls."
+
+  - content: "An organization needs a unified view of its sensitive data risks across Microsoft 365, Azure, and third-party platforms like Google Cloud Platform. The organization also wants to monitor how AI apps interact with sensitive data. Which Microsoft Purview solution provides this capability?"
+    choices:
+    - content: "Content explorer."
+      isCorrect: false
+      explanation: "Incorrect. Content explorer provides a snapshot of classified items in your organization, but it doesn't provide unified posture management across Microsoft and non-Microsoft environments or AI observability. Data Security Posture Management provides those capabilities."
+    - content: "Data Security Posture Management."
+      isCorrect: true
+      explanation: "Correct. Data Security Posture Management provides unified visibility into data risks across Microsoft 365, Azure, Fabric, and third-party SaaS platforms. It includes AI observability dashboards that monitor how AI apps and agents interact with sensitive data."
+    - content: "Insider Risk Management."
+      isCorrect: false
+      explanation: "Incorrect. Insider Risk Management focuses on detecting, investigating, and acting on risky activities by users within the organization. Data Security Posture Management is the solution that provides a unified view of data risks across your entire digital estate, including AI interactions."
@@ -1,6 +1,6 @@
 Microsoft Purview is a comprehensive set of integrated data security, data governance, and data compliance solutions that help organizations secure and govern their entire data estate while meeting compliance requirements. This module focuses on Microsoft Purview data security solutions.
 
-Microsoft Purview helps organizations protect sensitive data through information protection, data loss prevention, and insider risk management—working together to secure data across its lifecycle, wherever it lives. Adaptive protection brings these solutions together by automatically applying the right level of controls based on each user's current risk level.
+Microsoft Purview helps organizations protect sensitive data through information protection, data loss prevention, and insider risk management—working together to secure data across its lifecycle, wherever it lives. Adaptive protection brings these solutions together by automatically applying the right level of controls based on each user's current risk level. Data Security Posture Management provides a unified view of your organization's data security landscape across Microsoft and non-Microsoft environments, including visibility into AI interactions.
 
 After completing this module, you're able to:
 
@@ -9,3 +9,4 @@ After completing this module, you're able to:
 - Describe how Microsoft Purview Data Loss Prevention helps organizations prevent the inappropriate sharing of sensitive data.
 - Describe how Microsoft Purview Insider Risk Management helps minimize internal risks.
 - Describe how adaptive protection in Microsoft Purview dynamically applies data protection controls based on insider risk levels.
+- Describe how Data Security Posture Management in Microsoft Purview provides unified visibility into data risks across Microsoft and non-Microsoft environments.
@@ -44,6 +44,12 @@ Trainable classifiers can be used as conditions for auto-labeling with sensitivi
 > [!NOTE]
 > Classifiers only work with items that aren't encrypted.
 
+## Data classification and AI interactions
+
+Data classification plays an important role in securing AI interactions. Sensitive information types and trainable classifiers can identify sensitive data in user prompts and responses when users interact with AI apps like Microsoft 365 Copilot. For example, if a user pastes credit card numbers or health records into an AI prompt, the same SITs that protect those items in email and documents can detect them in the AI interaction.
+
+The resulting classification information surfaces in Microsoft Purview reports and in Activity explorer within Data Security Posture Management (DSPM), where admins can review AI-related activities alongside traditional data classification insights. This visibility helps organizations understand how sensitive data flows through AI interactions and whether additional protection policies are needed.
+
 ## Understand and explore the data
 
 Data classification can involve large numbers of documents and emails. To help administrators derive insights and understanding, the **Explorers** section under Information Protection in the Microsoft Purview portal provides two tools for reviewing classified content at a glance.
 
@@ -67,6 +67,12 @@ The user can then find out more about why their message was blocked by selecting
 
 DLP policies applied to Microsoft 365 services, including Microsoft Teams, can help users across organizations to collaborate securely and in a way that's in line with compliance requirements.
 
+### Data loss prevention and AI interactions
+
+DLP capabilities extend to AI interactions to help prevent sensitive data from being shared through generative AI apps. Windows devices onboarded to Microsoft Purview can be configured with endpoint DLP policies that warn or block users from sharing sensitive information with third-party generative AI sites accessed through a browser. For example, a DLP policy can prevent a user from pasting credit card numbers into ChatGPT, or display a warning that the user can override with a justification.
+
+This protection helps organizations adopt AI tools while maintaining control over sensitive data. DLP policies for AI interactions work alongside the existing DLP capabilities for email, documents, and chat—providing a consistent layer of data protection across all the ways users work with sensitive information.
+
 ## Integration with Microsoft Security Copilot
 
 Microsoft Purview Data Loss Prevention supports integration with Microsoft Security Copilot, through the standalone and embedded experiences.
 
@@ -49,6 +49,10 @@ Insider risk management addresses these common scenarios:
 - **Risky user behavior**: Employment stressor events—such as poor performance reviews or demotions—can trigger risky behavior. Policies use HR data connectors to bring affected users into scope and score related risk indicators.
 - **Forensic evidence**: Insider risk management supports visual evidence capturing for online and offline devices, giving investigators screen captures to better assess and respond to potentially risky activities.
 
+### Insider risk management and AI interactions
+
+As AI tools become part of everyday work, new risks emerge from inappropriate or unauthorized AI usage. Insider Risk Management includes a **Risky AI usage** policy template that detects activities such as prompt injection attacks, accessing protected materials, and sending sensitive data to AI services outside organizational controls. Insights from these signals are integrated into Microsoft Defender XDR, providing a comprehensive view of AI-related risks alongside other insider threats.
+
 ### Integration with Microsoft Security Copilot
 
 Microsoft Purview Insider Risk Management supports integration with Microsoft Security Copilot, through the standalone and embedded experiences.