Merge pull request #49957 from riswinto/main

update module

Author: v-dirichards

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/dspm-ai-recommendations.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-identify-mitigate-ai-risks.dspm-ai-recommendations
+title: Apply AI security recommendations with DSPM for AI
+metadata:
+  title: Apply AI security recommendations with DSPM for AI
+  description: "Apply AI security recommendations with DSPM for AI."
+  ms.date: 04/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 6
+content: |
+  [!include[](includes/dspm-ai-recommendations.md)]

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/data-assessments.md

@@ -52,7 +52,7 @@ The **Protect** tab helps security teams limit access to high-risk data and enfo
 
 - **Restrict all items**: Use [SharePoint Restricted Content Discoverability](/sharepoint/restricted-content-discovery?azure-portal=true) to prevent Microsoft 365 Copilot from indexing specified SharePoint sites.
 
-   :::image type="content" source="../media/data-assessment-dlp-restrict-items.png" alt-text="Screenshot showing the options in the Protect tab in Data assessments to restrict access to sensitive data." lightbox="../media/data-assessment-dlp-restrict-items.png":::
+   :::image type="content" source="../media/data-assessment-restrict-items.png" alt-text="Screenshot showing the options in the Protect tab in Data assessments to restrict access to sensitive data." lightbox="../media/data-assessment-restrict-items.png":::
 
 - **Apply auto-labeling policies**: [Automatically apply sensitivity labels](/purview/apply-sensitivity-label-automatically?azure-portal=true#how-to-configure-auto-labeling-policies-for-sharepoint-onedrive-and-exchange) to unlabeled files containing sensitive information.
 
@@ -70,3 +70,45 @@ The **Monitor** tab provides visibility into how data is shared and accessed acr
    :::image type="content" source="../media/data-assessment-monitor.png" alt-text="Screenshot showing the options in the Monitor tab in Data assessments to Run a site access review and Run an identity access review." lightbox="../media/data-assessment-monitor.png":::
 
 By regularly reviewing assessment results in both the **Protect** and **Monitor** tabs, organizations can enforce security policies, reduce oversharing risks, and ensure compliance with data protection requirements.
+
+## Respond to assessment findings
+
+After reviewing a data assessment, it's important to act on the insights to reduce risk and strengthen data protection. While tools like the Protect and Monitor tabs help apply controls, some decisions require investigation and follow-up outside the portal.
+
+Consider the following actions based on what you find in your assessment results:
+
+### Investigate frequently accessed or unlabeled sites
+
+If a site shows a high volume of activity or contains a large number of unlabeled files, review the site to determine:
+
+- Whether the data is still needed
+- If it contains sensitive content that should be labeled
+- If access should be limited to fewer users or groups
+
+Sites that receive frequent access but contain no labeled items might require manual classification or a review of auto-labeling coverage.
+
+### Review broad internal sharing
+
+Sites shared with “People in your organization” might still be too permissive. Follow up with site owners to confirm whether that level of access is necessary. If not, adjust permissions or run a SharePoint site access review to delegate cleanup.
+
+### Apply protections to sensitive files
+
+When sensitive data is found with no labels or protections applied, consider:
+
+- Running an auto-labeling policy to apply the appropriate sensitivity level
+- Restricting access to high-risk data using DLP or Restricted Content Discoverability
+- Applying retention policies to remove stale content no longer in use
+
+### Clean up unused or empty data sources
+
+If a site shows no scanned items or access activity, determine whether it's still needed. Inactive sites can be archived or restricted to reduce your organization's overall exposure risk.
+
+### Follow up with content owners
+
+For sites with unclear or outdated access patterns, notify data owners and provide guidance on how to:
+
+- Review and update sharing settings
+- Label content correctly
+- Remove unused files or folders
+
+Creating a process to follow up with site owners can help maintain long-term control over shared and sensitive content.

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/dspm-ai-recommendations.md

@@ -0,0 +1,63 @@
+Microsoft Purview Data Security Posture Management (DSPM) for AI includes a set of AI security recommendations to help reduce the risk of sensitive data exposure and ensure responsible AI use. These recommendations help you apply protections through solutions like data loss prevention (DLP), sensitivity labels, Insider Risk Management, and Communication Compliance.
+
+Some recommendations can be applied automatically using one-click policies, while others require manual configuration across Purview solutions.
+
+## About AI security recommendations
+
+When you enable DSPM for AI, the **Recommendations** page in the Microsoft Purview portal surfaces AI security risks related to interactions with Microsoft 365 Copilot, enterprise AI tools (like ChatGPT Enterprise), and other AI applications. These risks are grouped into categories like:
+
+- **Data security**: Prevent oversharing, apply labels, and enforce protective actions
+
+- **Data discovery**: Detect where sensitive information is used in AI tools
+
+- **AI regulations**: Help align AI usage with regulatory requirements
+
+- **Insight into communications**: Detect inappropriate or risky prompts and responses
+
+Each recommendation includes either:
+
+- A **preconfigured one-click policy** that can be activated immediately
+
+- A **set of guided steps** for manually creating a policy in another Microsoft Purview solution
+
+When a one-click policy is activated, the resulting policy appears in the **Policies** tab of the Microsoft Purview portal.
+
+> [!NOTE]
+> One-click policies currently don't support administrative units. Even if you're scoped to a specific administrative unit, a created policy applies to all users.
+
+## One-click policy recommendations
+
+These recommendations create and configure policies automatically when selected in the Recommendations page:
+
+| Recommendation | Description | Solution area |
+|-----|-----|-----|
+| **Fortify your data security** | Creates a DLP policy using Adaptive Protection. High-risk users are warned before pasting or uploading sensitive data to AI sites. | Data Loss Prevention |
+| **Protect your data with sensitivity labels** | Sets up default sensitivity labels and policies to protect data in prompts and responses. Includes autolabeling and publishing policies. | Information Protection |
+| **Detect risky interactions in AI apps (preview)** | Creates an Insider Risk Management policy to detect prompts or responses that might indicate risky user behavior. | Insider Risk Management |
+| **Control unethical behavior in AI** | Creates a Communication Compliance policy to flag unethical or inappropriate AI-generated content. | Communication Compliance |
+
+Policies created from these recommendations appear in the Policies tab of the Microsoft Purview portal.
+
+## Recommendations that require manual action
+
+These recommendations guide you through configuration steps but don't create policies automatically:
+
+| Recommendation | Description | Solution area |
+|-----|-----|-----|
+| **Protect sensitive data referenced in Microsoft 365 Copilot (preview)** | Provides instructions for creating a custom DLP policy to prevent Copilot from using labeled content. | Data Loss Prevention |
+| **Protect your data from potential oversharing risks** | Opens the default weekly data assessment to help identify unlabeled or overshared content. | DSPM for AI|
+| **Guided assistance to AI regulations** | Offers a checklist of recommended policy configurations across Audit, Communication Compliance, DLP, and retention settings. | Multi-solution (Audit, DLP, Communication Compliance, Data Lifecycle Management) |
+| **Discover and govern interactions with ChatGPT Enterprise AI (preview)** | Requires registering a ChatGPT Enterprise workspace and configuring a data connector in Purview. | Data Map and Scanning |
+| **Use Copilot to improve your data security posture (preview)** | Requires Security Copilot permissions and manual use of prompts to analyze security alerts and behavior. | Security Copilot |
+| **Protect sensitive data referenced in Copilot responses** | Guides you to run a manual data assessment to identify unlabeled or overshared content. | DSPM for AI |
+
+## What to expect after activating a policy
+
+Activated policies begin analyzing activity or applying controls based on the configuration for each solution. For example:
+
+- DLP policies created from DSPM for AI recommendations start in **simulation mode**, where enforcement actions aren't applied, but results are logged for review.
+- Insider Risk Management policies generate alerts based on user behavior signals.
+- Communication Compliance policies flag content for review based on detected policy violations.
+- Data assessments identify oversharing risks and surface them in reports.
+
+You can review policy results in **Activity Explorer**, the **Policies** tab, or directly in the related Microsoft Purview solution area.

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/index.yml

@@ -40,6 +40,7 @@ units:
 - learn.wwl.purview-identify-mitigate-ai-risks.understand-ai-security-risks
 - learn.wwl.purview-identify-mitigate-ai-risks.dspm-ai-overview
 - learn.wwl.purview-identify-mitigate-ai-risks.configure-dspm-ai
+- learn.wwl.purview-identify-mitigate-ai-risks.dspm-ai-recommendations
 - learn.wwl.purview-identify-mitigate-ai-risks.review-ai-security-reports
 - learn.wwl.purview-identify-mitigate-ai-risks.data-assessments
 - learn.wwl.purview-identify-mitigate-ai-risks.knowledge-check