dspm for ai module

Author: riswinto

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/configure-dspm-ai.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-identify-mitigate-ai-risks.configure-dspm-ai
+title: Configure DSPM for AI
+metadata:
+  title: Configure DSPM for AI
+  description: "Configure DSPM for AI."
+  ms.date: 2/6/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 4
+content: |
+  [!include[](includes/configure-dspm-ai.md)]

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/dspm-ai-overview.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-identify-mitigate-ai-risks.dspm-ai-overview
+title: Data Security Posture Management (DSPM) for AI overview
+metadata:
+  title: Data Security Posture Management (DSPM) for AI overview
+  description: "Data Security Posture Management (DSPM) for AI overview."
+  ms.date: 2/6/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 4
+content: |
+  [!include[](includes/dspm-ai-overview.md)]

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/configure-dspm-ai.md

@@ -0,0 +1,44 @@
+Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations secure AI interactions, track AI-generated content, and enforce compliance policies. To use DSPM for AI effectively, organizations need to configure key settings, enable monitoring, and apply security controls.
+
+## Prerequisites
+
+Before configuring DSPM for AI, check that your environment meets these requirements:
+
+- **[Check permissions](/purview/ai-microsoft-purview-permissions)**: Your account needs appropriate permissions in Microsoft Entra or Microsoft Purview, such as Compliance Administrator or a related role with compliance management permissions.
+- **[Verify Microsoft Purview Audit is enabled](/purview/audit-log-enable-disable?tabs=microsoft-purview-portal#verify-the-auditing-status-for-your-organization)**: Auditing is on by default for new tenants, but it's a good idea to verify.
+- **[Assign Copilot Licenses](/copilot/microsoft-365/microsoft-365-copilot-enable-users#assign-licenses)**: Users should be assigned Microsoft 365 Copilot licenses for activity tracking.
+- **[Onboard Devices to Microsoft Purview](/purview/device-onboarding-overview)**: Devices need to be onboarded to Microsoft Purview to track AI interactions.
+- **[Install the Microsoft Purview Browser Extension](/purview/insider-risk-management-browser-support#configure-browser-signal-detection-for-microsoft-edge)**: The Microsoft Purview browser extension is required to monitor third-party AI site visits.
+
+## Steps to configure DSPM for AI
+
+After completing the prerequisites, configure DSPM for AI in Microsoft Purview. This process includes enabling built-in policies, running data assessments, and verifying that AI-related security controls are in place.
+
+1. Access DSPM for AI
+
+   - Sign in to the Microsoft Purview portal.
+   - Navigate to Solutions > DSPM for AI.
+
+1. Review the Get Started Section
+
+   - From the Overview page, review Get Started for initial actions.
+   - Confirm that Audit Logging is enabled.
+   - Enable Extend Insights for Data Discovery to track AI-generated content.
+   - Activate One-Click Policies to apply built-in security controls.
+1. Activate Preconfigured Policies
+
+   - Go to Policies in the Microsoft Purview portal.
+   - Review available AI security policies.
+   - Enable recommended policies to detect sensitive data exposure and AI activity.
+   - If needed, edit the policy scope before activation to apply policies only to specific users or groups instead of the entire organization.
+   - Allow up to 24 hours for policies to take effect.
+
+   Once activated, policies begin tracking AI interactions based on configured rules. Results appear in DSPM reports and Activity Explorer after data processing. If a policy is deleted, it remains visible with a PendingDeletion status until fully removed.
+
+1. Run Data Assessments
+
+   - DSPM for AI automatically runs weekly assessments on the top 100 SharePoint sites used by Copilot.
+   - To create a custom assessment:
+      - Go to Data Assessments (Preview) in Microsoft Purview.
+      - Select Create Assessment and choose users and data sources to scan.
+      - Run the assessment and allow up to 48 hours for results to appear.

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/dspm-ai-overview.md

@@ -0,0 +1,53 @@
+Managing AI security risks requires tools that provide visibility, enforce policies, and prevent data exposure. **Microsoft Purview Data Security Posture Management (DSPM) for AI** helps organizations secure AI interactions, monitor AI-generated content, and ensure compliance with regulatory requirements.
+
+It provides visibility into AI activity, security policies for AI interactions, and compliance controls to manage AI-related risks.
+
+## Capabilities of Data Security Posture Management (DSPM) for AI
+
+### AI insights and analytics
+
+DSPM for AI provides visibility into how AI tools interact with organizational data. It provides:
+
+- Identify which AI tools are in use, including Microsoft 365 Copilot and non-Microsoft AI services
+- Insights into data exposure risks in AI-generated content
+- Reports to help assess compliance and security posture
+
+### Security policies for AI usage
+
+DSPM for AI includes security policies that help prevent unauthorized data exposure in AI interactions. Policies can:
+
+- Detect when users share sensitive data with AI tools
+- Block or warn users before sharing regulated or confidential data
+- Apply sensitivity labels and data loss prevention policies to AI-generated content
+
+### Data assessments
+
+DSPM for AI runs **weekly data assessments** for the top 100 SharePoint sites used by Copilot. These assessments help identify:
+
+- Data that is frequently accessed or overshared
+- Files containing sensitive information that might be exposed through AI
+- Content missing appropriate labeling or governance controls
+
+Organizations can also create custom assessments to scan specific users or sites for potential data exposure risks.
+
+### Compliance controls
+
+To support regulatory and security requirements, DSPM for AI integrates with other Microsoft Purview solutions, including:
+
+- **[Sensitivity labels](/purview/sensitivity-labels)** to classify and protect AI-referenced data
+- **[Data classification](/purview/data-classification-overview)** to apply security controls based on content type
+- **[Customer Key](/purview/customer-key-overview)** for encryption with customer-managed keys
+- **[Communication compliance](/purview/communication-compliance-solution-overview)** to detect risky AI interactions
+- **[Auditing](/purview/audit-solutions-overview)** and **[eDiscovery](/purview/ediscovery)** for tracking AI activity and managing investigations
+
+## Get started with DSPM for AI
+
+To start using DSPM for AI:
+
+- **Access the Microsoft Purview Portal**: Navigate to DSPM for AI from the Microsoft Purview portal or Microsoft Purview compliance portal.
+- **Review AI activity insights**: Identify AI usage patterns and potential data security risks.
+- **Activate preconfigured security policies**: Enable built-in policies to monitor and control AI interactions.
+- **Run data assessments**: Evaluate AI-related data exposure risks and implement remediation actions.
+- **Monitor compliance reports**: Use AI activity logs, security alerts, and policy reports to track AI risks over time.
+
+DSPM for AI helps organizations manage AI-related security and compliance risks by applying the same security principles to AI-generated content as other enterprise data.

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/introduction.md

@@ -0,0 +1,59 @@
+AI tools are changing how organizations work with data, but they also introduce security and compliance challenges. Traditional security controls weren't built to track how AI is used or what data it accesses. Without a way to see AI activity and apply security policies, organizations risk data exposure, compliance violations, and security gaps.
+
+Managing AI-related security risks requires visibility into AI activity, protections for sensitive data, and policies to prevent unauthorized access or sharing. Key risks include data exposure, compliance challenges, and security vulnerabilities in AI interactions.
+
+## Key AI security risks
+
+AI interactions introduce security risks that require targeted protections. Visibility, data security, and compliance controls are critical to reducing these risks.
+
+### Limited visibility into AI usage
+
+Many organizations don't have a clear view of who is using AI tools, what data is being shared, or how AI-generated content is used. Without visibility, security teams can't:
+
+- Identify which AI tools are being used (for example, Microsoft 365 Copilot, ChatGPT, Gemini)
+- Track what kind of data is being shared with AI models
+- Determine whether AI-generated content includes sensitive information
+
+Without this information, it's difficult to assess security risks or apply the right protections.
+
+### Data exposure in AI interactions
+
+AI tools process user inputs and organizational data to generate responses. This creates risks such as:
+
+- Sensitive data being entered into AI prompts without security controls
+- AI-generated responses containing confidential information
+- AI referencing or summarizing data that shouldn't be widely accessible
+
+Organizations need security policies that apply to AI interactions to prevent unintentional data exposure.
+
+### Compliance and regulatory risks
+
+Many organizations must follow data protection laws and industry regulations, but AI interactions aren't always covered by existing security policies. Risks include:
+
+- AI-generated content including regulated data
+- Employees sharing sensitive information with external AI tools
+- Lack of audit logs for AI activity, making compliance reporting difficult
+
+Security teams need to ensure AI interactions follow the same compliance policies as email, file sharing, and other communication tools.
+
+### AI-generated content security risks
+
+AI doesn't just process data. It creates new content. That content can introduce security risks, including:
+
+- Confidential information being included in AI-generated text
+- Inappropriate or noncompliant content being created and shared
+- AI-generated files being saved without tracking or security controls
+
+Organizations need a way to monitor, apply policies to, and restrict AI-generated content when necessary.
+
+## Addressing security gaps in AI usage
+
+AI interactions introduce unique security risks that existing policies might not fully cover. Organizations need a way to:
+
+- Identify when and how AI tools are used within their environment
+- Track and protect sensitive data in AI-generated content
+- Apply security policies to prevent unauthorized data exposure
+
+Since AI tools process both user-provided inputs and existing organizational data, security teams need visibility into AI interactions and the ability to apply protections where needed.
+
+Now that AI security risks are identified, it's important to understand how **Data Security Posture Management for AI** provides insights, policies, and controls to manage them.

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/understand-ai-security-risks.md

@@ -0,0 +1,48 @@
+### YamlMime:Module
+uid: learn.wwl.purview-identify-mitigate-ai-risks
+metadata:
+  title: Identify and mitigate AI data security risks
+  description: "Identify and mitigate AI data security risks."
+  ms.date: 01/24/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: module
+  ms.service: purview
+  hidden: false
+title: Use Microsoft Priva Tracker Scanning for web tracking complianceIdentify and mitigate AI data security risks
+summary: Microsoft Priva Tracker Scanning helps organizations identify, categorize, and manage web tracking technologies to ensure compliance and transparency. Learn how to configure Tracker Scanning, create and manage tracker categories, run scans to detect tracking technologies, and support responsible data practices aligned with user expectations.
+abstract: |
+  After completing this module, you'll be able to:
+  - Explain the purpose and benefits of Microsoft Priva Tracker Scanning.
+  - Set up and configure Tracker Scanning to meet your organization's needs.
+  - Create and manage tracker categories and assign trackers effectively.
+  - Configure and run scans to detect tracking technologies and compliance objects.
+  - Analyze scan results to address compliance issues and improve tracking practices.
+prerequisites: |
+  - Familiarity with Microsoft 365 services.
+  - Basic understanding of web trackers, cookies, and privacy compliance practices.
+iconUrl: /training/achievements/generic-badge.svg
+levels:
+- intermediate
+roles:
+- auditor
+- administrator
+- privacy-manager
+products:
+- microsoft-purview
+- m365
+subjects:
+- information-protection-governance
+- security
+units:
+- learn.wwl.purview-identify-mitigate-ai-risks.introduction
+- learn.wwl.purview-identify-mitigate-ai-risks.tracker-scanning-overview
+- learn.wwl.purview-identify-mitigate-ai-risks.configure-tracker-scanning
+- learn.wwl.purview-identify-mitigate-ai-risks.create-manage-trackers
+- learn.wwl.purview-identify-mitigate-ai-risks.run-a-scan
+- learn.wwl.purview-identify-mitigate-ai-risks.view-scan-results.md
+- learn.wwl.purview-identify-mitigate-ai-risks.knowledge-check
+- learn.wwl.purview-identify-mitigate-ai-risks.summary
+
+badge:
+  uid: learn.wwl.purview-identify-mitigate-ai-risks.badge

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/index.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-identify-mitigate-ai-risks.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction"
+  ms.date: 2/6/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 1
+content: |
+  [!include[](includes/introduction.md)]

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/introduction.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-identify-mitigate-ai-risks.understand-ai-security-risks
+title: Understand AI security risks
+metadata:
+  title: Understand AI security risks
+  description: "Understand AI security risks."
+  ms.date: 2/6/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 4
+content: |
+  [!include[](includes/understand-ai-security-risks.md)]