Microsoft Purview Enhanced with AI Security and Compliance Hooks

Microsoft Purview, the company's data governance solution, is receiving a handful of upgrades to help enterprises securely manage their growing AI-related data.

First up is Microsoft Purview AI Hub, which will start rolling out in public preview today. The new enhancement will offer organizations insights into how AI applications, including Copilot for Microsoft 365 and third-party AI apps, are being used within their network. With preconfigured policies for data protection, the AI Hub will allow organizations to prioritize critical data risks and implement protection measures.

"To prevent potential oversharing of sensitive data, new insights help organizations identify unlabeled files that Copilot references and prioritize mitigation of oversharing risks," said Vasu Jakkal, corporate vice president of Microsoft Security, Compliance, Identity and Management.

The new AI Hub can be accessed through the Microsoft Purview portal or the Microsoft Purview compliance portal.

[Click on image for larger view.] Figure 1. Microsoft's Purview AI Hub, currently rolling out in public preview.

Microsoft Purview will also enhance information protection for Microsoft Copilot for Microsoft 365 by leveraging existing controls and sensitivity labels. With encryption capabilities and sensitivity label inheritance, Microsoft said organizations can ensure that sensitive data remains protected throughout its AI journey.

To demonstrate the enhanced sensitivity label capability, Microsoft provided the following case study example:

For example, a user selects Draft with Copilot in Word and then Reference a file. Or a user selects Create presentation from file in PowerPoint. The source content has the sensitivity label Confidential\Anyone (unrestricted) applied and that label is configured to apply a footer that displays 'Confidential.' The new content is automatically labeled Confidential\Anyone (unrestricted) with the same footer.

As for unclassified data, Microsoft Purview AI Hub tackles this issue by identifying unlabeled files and SharePoint sites references by Copilot, enabling organizations to prioritize and address critical data risks effectively, thus preventing potential oversharing of sensitive information.

On the governance side, enterprises have the option to use Microsoft Purview Audit to record Copilot interactions, while also having the capability to set up Microsoft Purview Data Lifecycle Management retention or deletion policies for Copilot prompts and responses. Additionally, Microsoft Purview Communication Compliance can detect risky Copilot prompts and responses, such as those involving gift giving or unauthorized disclosure of sensitive information.
These insights are also surfaced in the AI Hub for visibility into possible unethical and non-compliant use of AI. This level of insight enables organizations to enforce compliance policies and prevent potential regulatory breaches.

Finally, Microsoft Purview eDiscovery enhances legal response capabilities by streamlining the preservation and collection of relevant Copilot data. According to Microsoft, this will allow organizations to respond to legal challenges and investigations.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube