This includes oversharing assessments for M365 Copilot in Data Security Posture Management (DPSM) for AI, which launched in public preview at Ignite. Accessible in the new Purview portal, the oversharing assessments help highlight data that could present a risk by scanning files for sensitive data and identifying repositories such as SharePoint sites where access permissions are applied too broadly. There are also recommendations for how to mitigate oversharing risk, such as adding sensitivity labels or restricting access from SharePoint.
Microsoft Purview Data Loss Prevention for M365 Copilot, also in public preview, lets data security admins create data loss prevention (DLP) policies to exclude certain documents from processing by Copilot based on a file’s sensitivity label. This applies to files held in SharePoint and OneDrive, but can be configured at other levels, such as group, site, and user, to provide more flexibility around who can access what.
Another tool in Purview, Insider Risk Management, can now be used to detect “risky AI usage.” This includes prompts that contain sensitive information and attempts by users to access unauthorized sensitive information. The feature, also in public preview, covers M365 Copilot, Copilot Studio, and ChatGPT Enterprise.
