Unit 7 Module 11

Author: pablorodMS

learn-pr/wwl/design-responsible-ai-security-governance-risk-management-compliance/includes/7-validate-data-residency-movement-compliance.md

@@ -6,162 +6,98 @@ Solution architects must know where data is stored, how it moves across services
 
 ## Learning Objectives
 
-After completing this unit, learners will be able to:
+- After completing this unit, learners will be able to:
 
-Identify required data residency and sovereignty requirements for AI workloads.
+- Identify required data residency and sovereignty requirements for AI workloads.
 
-Validate how Copilot Studio manages customer data, logs, and model interactions.
+- Validate how Copilot Studio manages customer data, logs, and model interactions.
 
-Assess and restrict data movement across regions for generative AI capabilities.
+- Assess and restrict data movement across regions for generative AI capabilities.
 
-Apply Purview capabilities to strengthen compliance controls for Microsoft 365 Copilot.
+- Apply Purview capabilities to strengthen compliance controls for Microsoft 365 Copilot.
 
-Recommend architectural controls that ensure compliant endtoend data handling.
+- Recommend architectural controls that ensure compliant endtoend data handling.
 
 ## Key Concepts for Data Residency Compliance
 
 ### 1. Understanding Data Residency Boundaries
 
-Data residency defines the physical or geographic location where customer data is stored and processed. AI solutions use multiple services and toolchains, so architects must understand:
+Data residency defines the physical or geographic location where customer data is stored and processed. 
 
-Where user prompts, context, and model inputs are processed.
+#### AI solutions use multiple services and toolchains, so architects must understand:
 
-Which services store logs, conversations, or telemetry.
+- Where user prompts, context, and model inputs are processed.
 
-Whether data used by generative AI stays within the designated region.
+- Which services store logs, conversations, or telemetry.
 
-How multitenant cloud services distribute workloads.
+- Whether data used by generative AI stays within the designated region.
 
-#### Professional Visual - Data Residency Boundary Map (TextBased)
-
-+------------------------------+
-
-|     Data Residency Zones     |
-
-+------------------------------+
-
-|  • Data Input Region         |
-
-|  • AI Processing Region      |
-
-|  • Storage & Logging Region  |
-
-|  • Backup/DR Region          |
-
-+------------------------------+
+- How multitenant cloud services distribute workloads.
 
 ### 2. Copilot Studio Data Residency Behavior
 
-Copilot Studio enforces regional boundaries depending on the environment configuration. Architects should validate:
-
-Where prompt data and agent interactions are processed.
+Copilot Studio enforces regional boundaries depending on the environment configuration. 
 
-Whether unpublished agents and preview features follow different residency rules.
+#### Architects should validate:
 
-How data is stored when agents use connectors or custom plugins.
+- Where prompt data and agent interactions are processed.
 
-Whether crossregion interactions occur during inference or orchestration.
+- Whether unpublished agents and preview features follow different residency rules.
 
-### 3. Data Movement Controls for Generative AI
-
-Generative AI features may require movement of data for model evaluation, orchestration, or enrichment. To validate compliance:
-
-Determine which components may transmit data outside the region.
-
-Confirm whether data movement is necessary or optional.
-
-Review environment settings that allow or restrict crossgeographic model operations.
+- How data is stored when agents use connectors or custom plugins.
 
-Apply configuration policies that block crossregion routing for sensitive workloads.
+- Whether crossregion interactions occur during inference or orchestration.
 
-#### Professional Visual - AI Data Movement Control Flow (TextBased)
-
-User Action → AI Request → Model Processing
+### 3. Data Movement Controls for Generative AI
 
-     |               |           |
+Generative AI features may require movement of data for model evaluation, orchestration, or enrichment. 
 
-     v               |           v
+#### To validate compliance:
 
- Residency Checks <--+--- Region Enforcement
+- Determine which components may transmit data outside the region.
 
-     |
+- Confirm whether data movement is necessary or optional.
 
-     v
+- Review environment settings that allow or restrict crossgeographic model operations.
 
- Compliant Output
+- Apply configuration policies that block crossregion routing for sensitive workloads.
 
 ### 4. Purview Controls for Microsoft 365 Copilot
 
-Microsoft Purview provides governance, labeling, and monitoring necessary to validate compliant data handling. Solution architects should:
-
-Apply sensitivity labels that restrict crosstenant or crossregion transmission.
-
-Use data loss prevention (DLP) rules to prevent sensitive data from being used in AI prompts or outputs.
+Microsoft Purview provides governance, labeling, and monitoring necessary to validate compliant data handling. 
 
-Review auditing, policy insights, and compliance documentation for Copilot solutions.
+#### Solution architects should:
 
-Validate that Copilot interaction logs follow organizational residency rules.
+- Apply sensitivity labels that restrict crosstenant or crossregion transmission.
 
-### 5. Designing a Compliant AI Architecture
-
-Strong architectural governance ensures safe and compliant deployment. Recommended practices include:
-
-Selecting tenant regions that align with regulatory frameworks.
-
-Configuring Copilot Studio environments to enforce residency policies.
-
-Ensuring custom connectors do not bypass regional data boundaries.
-
-Documenting all data flows, including logs, telemetry, and inference outputs.
-
-Validating that backup, recovery, and logging systems maintain compliance.
-
-#### Professional Visual - Compliant AI Architecture Diagram (TextBased)
-
-+----------------------+
+- Use data loss prevention (DLP) rules to prevent sensitive data from being used in AI prompts or outputs.
 
-|  User Interaction    |
+- Review auditing, policy insights, and compliance documentation for Copilot solutions.
 
-+----------+-----------+
+- Validate that Copilot interaction logs follow organizational residency rules.
 
-           |
-
-           v
-
-+----------------------+
-
-| AI Processing Layer  |
-
-| • Copilot Studio     |
-
-| • M365 Copilot       |
-
-+----------+-----------+
-
-           |
-
- Residency Enforcement
+### 5. Designing a Compliant AI Architecture
 
-           |
+Strong architectural governance ensures safe and compliant deployment. 
 
-+----------------------+
+#### Recommended practices include:
 
-|  Data Storage Layer  |
+- Selecting tenant regions that align with regulatory frameworks.
 
-| • Logs               |
+- Configuring Copilot Studio environments to enforce residency policies.
 
-| • Content Stores     |
+- Ensuring custom connectors do not bypass regional data boundaries.
 
-| • Purview Policies   |
+- Documenting all data flows, including logs, telemetry, and inference outputs.
 
-+----------------------+
+- Validating that backup, recovery, and logging systems maintain compliance.
 
 ## References
 
-[https://learn.microsoft.com/en-us/training/modules/purview-ai-secure-copilot/](/training/modules/purview-ai-secure-copilot/)
+- [https://learn.microsoft.com/en-us/training/modules/purview-ai-secure-copilot/](/training/modules/purview-ai-secure-copilot/)
 
-[https://learn.microsoft.com/en-us/microsoft-copilot-studio/geo-data-residency](/microsoft-copilot-studio/geo-data-residency)
+- [https://learn.microsoft.com/en-us/microsoft-copilot-studio/geo-data-residency](/microsoft-copilot-studio/geo-data-residency)
 
-[https://learn.microsoft.com/en-us/dynamics365/faqs-copilot-data-security-privacy](/dynamics365/faqs-copilot-data-security-privacy)
+- [https://learn.microsoft.com/en-us/dynamics365/faqs-copilot-data-security-privacy](/dynamics365/faqs-copilot-data-security-privacy)
 
-[https://learn.microsoft.com/en-us/microsoft-copilot-studio/manage-data-movement-outside-us](/microsoft-copilot-studio/manage-data-movement-outside-us)
+- [https://learn.microsoft.com/en-us/microsoft-copilot-studio/manage-data-movement-outside-us](/microsoft-copilot-studio/manage-data-movement-outside-us)