Microsoft Purview provides a comprehensive suite of data security and compliance protections designed for the rapid adoption of generative artificial intelligence solutions, such as Copilots and other enterprise artificial intelligence apps. Organizations can leverage Purview´s Data Security Posture Management (DSPM) for artificial intelligence as the centralized interface to discover, secure, and enforce compliance controls across artificial intelligence-powered services. This approach streamlines the management of risks associated with artificial intelligence by integrating existing information protection, compliance, and reporting tools, while offering graphical dashboards and actionable policy recommendations.
Purview´s layered protection framework extends across Copilot experiences, enterprise artificial intelligence apps, and third-party generative artificial intelligence tools. Central to its capabilities are sensitivity labels, encryption mechanisms, and data loss prevention (DLP) policies that ensure access and usage rights are consistently enforced—even as artificial intelligence apps surface or process sensitive data. For example, files and communications tagged with sensitivity labels require specific rights before artificial intelligence agents can return data to users. Endpoint-level DLP further restricts employees from inadvertently leaking sensitive information through browser-based interactions with external artificial intelligence tools, with tailored warning and blocking actions. Organizations can also define DLP policies preventing artificial intelligence applications from summarizing or sharing highly confidential content while maintaining user access to underlying documents with proper permissions.
Complementing its proactive security controls, Microsoft Purview empowers compliance and risk management through unified auditing, eDiscovery, retention, and communication oversight capabilities. User interactions, including prompts and responses in supported artificial intelligence apps, are systematically logged, classified, and made searchable for incident investigations and regulatory obligations. Communication compliance tools detect business conduct or regulatory violations within artificial intelligence-generated conversations, while insider risk management leverages machine learning to spotlight unusual or high-risk artificial intelligence usage behaviors. Retention policies and holds ensure organizations can systematically retain and dispose of artificial intelligence data, fully honoring legal and business requirements. By converging information protection, access management, and incident response, Purview delivers end-to-end security and compliance for enterprises accelerating their integration of generative artificial intelligence.
