You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/design-solutions-secure-microsoft-365/includes/5-evaluate-data-security-compliance-copilot.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,11 +6,11 @@ Microsoft 365 Copilot operates within the user's identity and tenant context. It
6
6
7
7
This permission-based model means your existing access control weaknesses become Copilot's weaknesses. If SharePoint sites have overly broad sharing settings or if sensitivity labels aren't applied consistently, Copilot can surface that content in responses. Evaluating your data access posture before or alongside Copilot deployment is essential.
8
8
9
-
[Microsoft Purview Data Security Posture Management (DSPM) for AI](/purview/dspm-for-ai) serves as the central hub for assessing and managing data risks related to Copilot. DSPM for AI automatically runs weekly data risk assessments across the top 100 SharePoint sites used in your organization, identifying potential oversharing issues. Key capabilities include:
9
+
[Microsoft Purview Data Security Posture Management (DSPM)](/purview/data-security-posture-management-learn-about) serves as the central hub for assessing and managing data risks related to Copilot. DSPM includes a dedicated objective to **Prevent data exposure in Microsoft 365 Copilot and agent interactions**, with guided remediation workflows. Key capabilities include:
10
10
11
-
-**Data risk assessments** that identify sites where sensitive data is exposed through Copilot interactions, with recommendations to remediate oversharing.
11
+
-**Data risk assessments** that identify SharePoint sites where sensitive data is exposed through Copilot interactions, with recommendations to remediate oversharing.
12
12
-**One-click policies** that create preconfigured Purview policies for sensitivity labels, risky AI usage detection, and DLP enforcement specific to Copilot.
13
-
-**Activity reports** that show total interactions, sensitive interactions per AI app, top sensitivity labels referenced in Copilot responses, and insider risk severity metrics.
13
+
-**AI observability** that provides an inventory of all AI apps and agents with activity trends, sensitive interaction counts, and policies governing each agent.
14
14
15
15
## Evaluate data protection controls
16
16
@@ -47,11 +47,11 @@ Beyond data protection, security architects must evaluate controls for auditabil
47
47
48
48
### Auditing
49
49
50
-
[Microsoft Purview Audit](/purview/audit-copilot) captures Copilot interaction metadata in the unified audit log, including the user, timestamp, the Microsoft 365 app where the interaction occurred, referenced files with their sensitivity labels, and a record of each prompt-response exchange. The actual content of prompts and responses is available through eDiscovery. These audit events flow into DSPM for AI activity explorer, where compliance administrators can review interaction patterns.
50
+
[Microsoft Purview Audit](/purview/audit-copilot) captures Copilot interaction metadata in the unified audit log, including the user, timestamp, the Microsoft 365 app where the interaction occurred, referenced files with their sensitivity labels, and a record of each prompt-response exchange. The actual content of prompts and responses is available through eDiscovery. These audit events flow into the DSPM activity explorer, where compliance administrators can review interaction patterns.
51
51
52
52
### eDiscovery
53
53
54
-
Because Copilot stores prompt and response data in the user's mailbox, [Microsoft Purview eDiscovery](/purview/edisc) can identify, preserve, and export these interactions. You can use the query condition **Type** > **Contains any of** > **Copilot activity** to search for all Copilot interactions across user mailboxes. This capability supports legal hold, investigation, and regulatory response scenarios.
54
+
Because Copilot stores prompt and response data in the user's mailbox, [Microsoft Purview eDiscovery](/purview/edisc) can identify, preserve, and export these interactions. You can use the query condition **Item class** > **Contains any of** > **Copilot activity** to search for all Copilot interactions across user mailboxes. This capability supports legal hold, investigation, and regulatory response scenarios.
55
55
56
56
### Data Lifecycle Management
57
57
@@ -63,17 +63,17 @@ Because Copilot stores prompt and response data in the user's mailbox, [Microsof
63
63
64
64
### Compliance Manager
65
65
66
-
[Microsoft Purview Compliance Manager](/purview/compliance-manager) provides regulatory templates specifically for AI use cases, helping you assess, implement, and track compliance controls for generative AI applications against frameworks such as the EU AI Act and NIST AI Risk Management Framework (AI RMF). The DSPM for AI recommendation **Get guided assistance to AI regulations** connects directly to these templates.
66
+
[Microsoft Purview Compliance Manager](/purview/compliance-manager) provides regulatory templates specifically for AI use cases, helping you assess, implement, and track compliance controls for generative AI applications against frameworks such as the EU AI Act and NIST AI Risk Management Framework (AI RMF). The DSPM recommendation **Get guided assistance to AI regulations** connects directly to these templates.
67
67
68
68
## Design considerations for security architects
69
69
70
70
When you evaluate data security and compliance controls for Microsoft 365 Copilot, consider the following approaches:
71
71
72
-
-**Assess oversharing before deployment.** Use DSPM for AI data risk assessments and SharePoint Advanced Management data access governance reports to identify sites with overly broad permissions. Remediate critical oversharing issues before enabling Copilot for affected user groups.
72
+
-**Assess oversharing before deployment.** Use DSPM data risk assessments and SharePoint Advanced Management data access governance reports to identify sites with overly broad permissions. Remediate critical oversharing issues before enabling Copilot for affected user groups.
73
73
-**Implement sensitivity labels with EXTRACT controls.** Ensure your most sensitive content has labels that require the EXTRACT usage right. This prevents Copilot from processing highly confidential data even when users have view access.
74
74
-**Layer DLP policies for Copilot.** Create separate DLP rules for blocking sensitive information types in prompts and for excluding files with specific sensitivity labels from Copilot processing. These conditions can't be combined in a single rule but can coexist in the same policy.
75
75
-**Enable Insider Risk Management for AI.** Activate the risky AI usage template to detect anomalous Copilot behavior. Pair it with Adaptive Protection to dynamically restrict high-risk users from accessing sensitive content through Copilot.
76
76
-**Establish retention and audit policies early.** Configure retention policies for Copilot interactions and confirm that auditing is enabled before deployment. This ensures you have a complete record of AI interactions from the start for compliance and incident response.
77
-
-**Use DSPM for AI as your central dashboard.** Consolidate your monitoring through the DSPM for AI Microsoft 365 Copilot view, which provides a single pane for oversharing assessments, policy recommendations, and activity reporting.
77
+
-**Use DSPM as your central dashboard.** Consolidate your monitoring through the DSPM posture dashboard and AI observability page, which provide a single pane for oversharing assessments, policy recommendations, and activity reporting.
0 commit comments