Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Many large enterprises leverage Microsoft Purview to mitigate and manage the risks associated with AI usage and implement corresponding protection and governance controls.
Below is the list of Purview solutions and features that Purview admins can leverage when it comes to data security and compliance scenarios for Gen AI applications:
Data Security Posture Management (DSPM) for AI: Data Security Posture Management (DSPM) for AI in Microsoft Purview is a comprehensive solution designed to secure and govern AI applications across an enterprise. It addresses security concerns associated with AI usage, such as data leaks, data oversharing, and non-compliance usage. DSPM for AI provides insights and analytics into AI activity, compliance controls, and ready-to-use policies to monitor and protect data in AI prompts. The solution helps organizations build a foundation for data security and compliance by setting up policies, applying optimal data handling and storing practices, and providing visibility into AI interactions. To learn more, see Microsoft Purview data security and compliance protections for generative AI apps.
Data Classification: Microsoft Purview's data classification overview provides a comprehensive framework for identifying, tagging, and managing sensitive data across various Microsoft services, including Office 365, Dynamics 365, and Azure. It emphasizes the importance of classifying data to ensure compliance with data protection regulations and to safeguard against unauthorized access, alteration, or destruction. The framework includes built-in system classifications and the ability to create custom classifications. This helps in optimizing data governance, applying role-based access controls, and ensuring efficient data handling and compliance. Learn more How to use the Microsoft data classification dashboard.
Data Loss Prevention: Microsoft Purview Data Loss Prevention (DLP) is a compliance solution that helps organizations identify, monitor, and protect sensitive information across Microsoft 365 services and endpoints. It uses deep content inspection and contextual analysis to detect potential data leaks and enforce policies that prevent unauthorized sharing of sensitive data such as financial records, health information, or intellectual property. DLP integrates with Microsoft Defender and Microsoft Purview solutions to provide unified policy management and incident response. Built-in privacy controls ensure user data is handled securely, while enabling compliance teams to take informed, policy-driven actions. To learn more, see Learn about data loss prevention.
Insider Risk Management: Microsoft Purview Insider Risk Management is a compliance solution designed to help organizations detect, investigate, and mitigate internal risks such as IP theft, data leakage, and security violations. It leverages machine learning models and various signals from Microsoft 365 and third-party indicators to identify potential malicious or inadvertent insider activities. The solution includes privacy controls like pseudonymization and role-based access, ensuring user-level privacy while enabling risk analysts to take appropriate actions. To learn more Learn about insider risk management.
Communication Compliance Microsoft Purview Communication Compliance provides tools to help organizations detect and manage regulatory compliance and business conduct violations across various communication channels, including email, Microsoft Teams, Microsoft 365 Copilot, and custom built genAI applications. It is designed with privacy by default, pseudonymizing usernames and incorporating role-based access controls. The solution helps identify and remediate inappropriate communications, such as sharing sensitive information, harassment, threats, and adult content. To learn more, see Learn about insider risk management.
Audit: Microsoft Purview Audit solutions, including Audit (Standard) and Audit (Premium), provide comprehensive tools for searching and managing audit records of activities performed across various Microsoft services by users and admins, and help organizations to effectively respond to security events, forensic investigations, internal investigations, and compliance obligations. The audit records are retained for 180 days, allowing for thorough investigation and monitoring of user activities. To learn more, see Learn about auditing solutions in Microsoft Purview.
eDiscovery: Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases. Admins can search AI interactions recorded into user's mailboxes through eDiscovery search and then export the search results for legal requirements. Admins can use Microsoft Purview eDiscovery cases to identify, hold, and export content found in mailboxes and sites. To learnn more, seeMicrosoft Purview eDiscovery solutions.
Data Lifecycle Management: Microsoft Purview Data Lifecycle Management (formerly Microsoft Information Governance) provides tools and capabilities to manage the lifecycle of organizational data by retaining necessary content and deleting unnecessary content. It includes features such as retention policies, retention labels, mailbox archiving, and auto-expanding archiving to ensure compliance with business, legal, and regulatory requirements. Developers can leverage these tools to optimize data governance, automate data retention and deletion processes, and manage inactive mailboxes and PST files. This helps in maintaining data security, compliance, and cost efficiency by minimizing the need for access to aging data. To learn more, see Learn about data lifecycle management.
See Also
Microsoft Purview SDK overview
Understanding Data Security, Compliance, and Governance