Merge pull request #49049 from riswinto/main

dspm for ai module

Author: JamesJBarnett

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/configure-dspm-ai.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-identify-mitigate-ai-risks.configure-dspm-ai
+title: Configure DSPM for AI
+metadata:
+  title: Configure DSPM for AI
+  description: "Configure DSPM for AI."
+  ms.date: 2/6/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 8
+content: |
+  [!include[](includes/configure-dspm-ai.md)]

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/data-assessments.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-identify-mitigate-ai-risks.data-assessments
+title: Use Data assessments (preview) to detect oversharing risks
+metadata:
+  title: Use Data assessments (preview) to detect oversharing risks
+  description: "Use Data assessments (preview) to detect oversharing risks."
+  ms.date: 2/6/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 8
+content: |
+  [!include[](includes/data-assessments.md)]

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/dspm-ai-overview.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-identify-mitigate-ai-risks.dspm-ai-overview
+title: Data Security Posture Management (DSPM) for AI overview
+metadata:
+  title: Data Security Posture Management (DSPM) for AI overview
+  description: "Data Security Posture Management (DSPM) for AI overview."
+  ms.date: 2/6/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 4
+content: |
+  [!include[](includes/dspm-ai-overview.md)]

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/configure-dspm-ai.md

@@ -0,0 +1,80 @@
+Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations secure AI interactions, track AI-generated content, and enforce compliance policies. To use DSPM for AI effectively, organizations need to configure key settings, enable monitoring, and apply security controls.
+
+## Prerequisites
+
+Before configuring DSPM for AI, check that your environment meets these requirements:
+
+- **[Check permissions](/purview/ai-microsoft-purview-permissions?azure-portal=true)**: Your account needs appropriate permissions in Microsoft Entra or Microsoft Purview, such as Compliance Administrator or a related role with compliance management permissions.
+- **[Verify Microsoft Purview Audit is enabled](/purview/audit-log-enable-disable?azure-portal=true#verify-the-auditing-status-for-your-organization)**: Auditing is on by default for new tenants, but it's a good idea to verify.
+- **[Assign Copilot Licenses](/copilot/microsoft-365/microsoft-365-copilot-enable-users?azure-portal=true#assign-licenses)**: Users should be assigned Microsoft 365 Copilot licenses for activity tracking.
+- **[Onboard Devices to Microsoft Purview](/purview/device-onboarding-overview?azure-portal=true)**: Devices need to be onboarded to Microsoft Purview to track AI interactions.
+- **[Install the Microsoft Purview Browser Extension](/purview/insider-risk-management-browser-support#configure-browser-signal-detection-for-microsoft-edge?azure-portal=true)**: The Microsoft Purview browser extension is required to monitor non-Microsoft AI site visits.
+
+## Steps to configure DSPM for AI
+
+After completing the prerequisites, configure DSPM for AI in Microsoft Purview. This process includes enabling built-in policies, running data assessments, and verifying that AI-related security controls are in place.
+
+### Step 1: Set up DSPM for AI
+
+1. Sign in to the [Microsoft Purview portal](https://purview.microsoft.com/?azure-portal=true).
+1. Navigate to **Solutions** > **DSPM for AI**.
+1. From the **Overview** page, go to **Get started** to complete the required setup tasks.
+1. Verify that **Microsoft Purview Audit** is enabled to track AI interactions.
+1. Install the **Microsoft Purview browser extension** to detect AI-related activity.
+1. **Onboard devices to Microsoft Purview** to monitor AI interactions.
+1. Enable **Extend your insights for data discovery** to create policies that detect risky AI usage, track AI site visits, and identify when users paste sensitive data into AI apps.
+
+    :::image type="content" source="../media/dspm-ai-get-started.png" alt-text="Screenshot of the DSPM for AI interface in Microsoft Purview, showing the Get started checklist with required setup steps." lightbox="../media/dspm-ai-get-started.png":::
+
+### Step 2: Review and configure recommendations and policies
+
+Microsoft Purview provides AI security recommendations that help organizations protect sensitive data and monitor AI interactions. These recommendations include preconfigured policies (one-click policies) or suggested actions that require manual review.
+
+#### How to use recommendations
+
+1. Go to **Recommendations** in the Microsoft Purview portal.
+1. Review the available AI security recommendations and their status.
+1. Select a recommendation to:
+
+   - **Create a policy**: Instantly apply a one-click policy with built-in security settings.
+   - **View the recommendation**: Assess and manually take action based on guidance.
+
+   :::image type="content" source="../media/dspm-ai-recommendations.png" alt-text="Screenshot of the Recommendations page in Microsoft Purview, showing a list of AI security recommendations categorized as Not Started, Dismissed, or Completed." lightbox="../media/dspm-ai-recommendations.png":::
+
+   > [!NOTE]
+   > Recommendations that provide one-click policies include a **Create policy** button, while manual recommendations require reviewing and taking action based on the provided guidance.
+
+#### Types of AI security recommendations
+
+Recommendations are grouped into categories such as **Data Security**, **Data Discovery**, or **AI Regulations**. When selecting a recommendation, DSPM for AI provides either:
+
+- A preconfigured policy that can be activated immediately (one-click policy)
+- Guidance on security measures that require manual implementation
+
+**Recommendations in DSPM for AI**:
+
+| Recommendation | Type | Description |
+|-----|-----|-----|
+| Fortify your data security | Data security | Uses Adaptive Protection to apply a block-with-override rule for high-risk users interacting with AI sites. |
+| Control unethical behavior in AI | Insight into communications | Creates a policy to detect unethical behavior in Microsoft 365 Copilot. Alerts are generated in Communication Compliance. |
+| Guided assistance to AI regulations | AI regulations | Provides guidance on regulatory compliance for AI interactions. |
+| Protect sensitive data referenced in Copilot responses | Data security | Runs a data assessment to identify oversharing risks in Copilot interactions. |
+| Discover and govern interactions with ChatGPT Enterprise AI (Preview) | Data discovery |Requires setting up a connector in Purview to track ChatGPT Enterprise interactions. |
+| Protect sensitive data referenced in Microsoft 365 Copilot (Preview) | Data security | Creates a data loss prevention policy to prevent Copilot from processing labeled content. |
+| Protect your data from potential oversharing risks | Data security | Provides insights into oversharing risks based on a weekly scan. |
+| Use Copilot to improve your data security posture (Preview) | Data security | Uses Security Copilot to investigate alerts and analyze security risks. |
+| Information Protection Policy for Sensitivity Labels | Data security | Sets up default sensitivity labels to preserve document access rights and protect Copilot output. |
+
+#### Understand recommendation status
+
+Each recommendation falls into one of three categories:
+
+- **Not Started**: Recommendations that haven't been acted on.
+- **Dismissed**: Recommendations that were reviewed but not applied.
+- **Completed**: Recommendations that have been fully implemented.
+
+#### Policy activation timeline
+
+Policies take up to 24 hours to take effect. Once activated, they track AI interactions based on configured rules, with results appearing in DSPM reports and Activity Explorer after data processing. Deleted policies remain visible with a **PendingDeletion** status until fully removed.
+
+After configuring DSPM for AI, use Microsoft Purview reports and data assessments to evaluate AI interactions and identify potential risks. Reports provide insights into policy enforcement, AI data exposure, and compliance status, while data assessments help detect oversharing risks before they affect security.

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/data-assessments.md

@@ -0,0 +1,72 @@
+AI tools like Microsoft 365 Copilot can unintentionally expose misclassified or over-permissioned content. Data assessments help security teams detect these risks early, apply protections, and maintain compliance.
+
+Microsoft 365 Copilot and other AI tools can surface misclassified, over-permissioned, or outdated content, increasing the likelihood of unintentional data exposure. By running data assessments, organizations can identify these risks early, apply appropriate protections, and ensure compliance with internal policies and regulatory requirements.
+
+## Default data assessments
+
+Microsoft Purview Data Security Posture Management (DSPM) for AI automatically runs a weekly assessment on the top 100 SharePoint sites used by Microsoft 365 Copilot. This built-in assessment helps organizations identify high-risk data exposure without manual configuration.
+
+To review the latest weekly assessment:
+
+1. Navigate to **DSPM for AI** in the [Microsoft Purview portal](https://purview.microsoft.com/?azure-portal=true).
+1. Select **Assessments** from the navigation pane.
+1. Open the **Oversharing Assessment for the week of <month, year>**.
+1. Review key findings, including:
+   - Number of sensitive files accessed
+   - Frequency of access
+   - External sharing risks
+
+   :::image type="content" source="../media/data-assessment-oversharing.png" alt-text="Screenshot of the Oversharing assessments page in Microsoft Purview, showing details on total items, sensitivity labels, and data with sharing links." lightbox="../media/data-assessment-oversharing.png":::
+
+The weekly assessment helps identify trends in data exposure, allowing organizations to detect misconfigured access settings, overly permissive sharing, or files that contain sensitive data but lack proper classification. Reviewing these results regularly ensures that security policies are informed by actual risks rather than assumptions.
+
+For a deeper analysis of specific users, sites, or data sources, security teams can run custom assessments tailored to their needs.
+
+## Run a custom data assessment
+
+Organizations might need to scan beyond the default assessment to evaluate AI security risks in different users, sites, or content types. Custom data assessments allow security teams to define the scope of their analysis.
+
+To create and run a custom assessment:
+
+1. Navigate to **DSPM for AI** > **Data assessments**.
+1. Select **Create assessment**.
+1. On the **Basic details** page:
+   - Enter an **Assessment name**.
+   - Provide an optional **Description** to define the purpose of the assessment.
+1. On the **Add users** page:
+   - Choose whether to Include all users or Include specific users or groups.
+1. On the **Data sources** page, select the SharePoint sites or other data sources you want to scan.
+1. On the **Review and run the data assessment scan**, select **Save and run** to run the custom assessment.
+
+Assessments can take up to 48 hours to complete. After the assessment completes, review the findings in the Protect and Monitor tabs to determine the appropriate security actions.
+
+## Review and act on assessment results
+
+After a data assessment runs, security teams can analyze the results and take action using the **Protect** and **Monitor** tabs. These tabs provide insights into how sensitive data is being accessed and shared, and offer remediation options to reduce oversharing risks.
+
+### Protect tab - Apply security controls
+
+The **Protect** tab helps security teams limit access to high-risk data and enforce compliance measures. Recommended actions include:
+
+- **Restrict access by label**: Use Microsoft Purview Data Loss Prevention (DLP) to prevent Microsoft 365 Copilot from summarizing data that has specific sensitivity labels. For more information about how this works and supported scenarios, see [Learn about the Microsoft 365 Copilot policy location](/purview/dlp-microsoft365-copilot-location-learn-about?azure-portal=true).
+
+- **Restrict all items**: Use [SharePoint Restricted Content Discoverability](/sharepoint/restricted-content-discovery?azure-portal=true) to prevent Microsoft 365 Copilot from indexing specified SharePoint sites.
+
+   :::image type="content" source="../media/data-assessment-dlp-restrict-items.png" alt-text="Screenshot showing the options in the Protect tab in Data assessments to restrict access to sensitive data." lightbox="../media/data-assessment-dlp-restrict-items.png":::
+
+- **Apply auto-labeling policies**: [Automatically apply sensitivity labels](/purview/apply-sensitivity-label-automatically?azure-portal=true#how-to-configure-auto-labeling-policies-for-sharepoint-onedrive-and-exchange) to unlabeled files containing sensitive information.
+
+- **Enforce retention policies**: Use [Microsoft Purview Data Lifecycle Management retention policies](/purview/create-retention-policies?azure-portal=true) to delete content that hasn't been accessed for at least three years.
+
+   :::image type="content" source="../media/data-assessment-apply-label.png" alt-text="Screenshot showing the options in the Protect tab in Data assessments to manage sensitivity labels and policies for a specific SharePoint site." lightbox="../media/data-assessment-apply-label.png":::
+
+### Monitor tab - Review sharing and access risks
+
+The **Monitor** tab provides visibility into how data is shared and accessed across the organization. It includes tools for reviewing and managing access:
+
+- **Run a SharePoint site access review**: Identify and assess sites that are shared broadly or externally. IT administrators can delegate access reviews to site owners.
+- **Run an identity access review**: Review group memberships, enterprise application access, and role assignments in Microsoft Entra ID to ensure only the right users maintain access.
+
+   :::image type="content" source="../media/data-assessment-monitor.png" alt-text="Screenshot showing the options in the Monitor tab in Data assessments to Run a site access review and Run an identity access review." lightbox="../media/data-assessment-monitor.png":::
+
+By regularly reviewing assessment results in both the **Protect** and **Monitor** tabs, organizations can enforce security policies, reduce oversharing risks, and ensure compliance with data protection requirements.

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/dspm-ai-overview.md

@@ -0,0 +1,53 @@
+Managing AI security risks requires tools that provide visibility, enforce policies, and prevent data exposure. **Microsoft Purview Data Security Posture Management (DSPM) for AI** helps organizations secure AI interactions, monitor AI-generated content, and ensure compliance with regulatory requirements.
+
+It provides visibility into AI activity, security policies for AI interactions, and compliance controls to manage AI-related risks.
+
+## Capabilities of Data Security Posture Management (DSPM) for AI
+
+### AI insights and analytics
+
+DSPM for AI provides visibility into how AI tools interact with organizational data. It provides:
+
+- Identify which AI tools are in use, including Microsoft 365 Copilot and non-Microsoft AI services
+- Insights into data exposure risks in AI-generated content
+- Reports to help assess compliance and security posture
+
+### Security policies for AI usage
+
+DSPM for AI includes security policies that help prevent unauthorized data exposure in AI interactions. Policies can:
+
+- Detect when users share sensitive data with AI tools
+- Block or warn users before sharing regulated or confidential data
+- Apply sensitivity labels and data loss prevention policies to AI-generated content
+
+### Data assessments
+
+DSPM for AI runs **weekly data assessments** for the top 100 SharePoint sites used by Copilot. These assessments help identify:
+
+- Data that is frequently accessed or overshared
+- Files containing sensitive information that might be exposed through AI
+- Content missing appropriate labeling or governance controls
+
+Organizations can also create custom assessments to scan specific users or sites for potential data exposure risks.
+
+### Compliance controls
+
+To support regulatory and security requirements, DSPM for AI integrates with other Microsoft Purview solutions, including:
+
+- **[Sensitivity labels](/purview/sensitivity-labels?azure-portal=true)** to classify and protect AI-referenced data
+- **[Data classification](/purview/data-classification-overview?azure-portal=true)** to apply security controls based on content type
+- **[Customer Key](/purview/customer-key-overview?azure-portal=true)** for encryption with customer-managed keys
+- **[Communication compliance](/purview/communication-compliance-solution-overview?azure-portal=true)** to detect risky AI interactions
+- **[Auditing](/purview/audit-solutions-overview?azure-portal=true)** and **[eDiscovery](/purview/ediscovery?azure-portal=true)** for tracking AI activity and managing investigations
+
+## Get started with DSPM for AI
+
+To start using DSPM for AI:
+
+- **Access the Microsoft Purview Portal**: Navigate to DSPM for AI from the Microsoft Purview portal or Microsoft Purview compliance portal.
+- **Review AI activity insights**: Identify AI usage patterns and potential data security risks.
+- **Activate preconfigured security policies**: Enable built-in policies to monitor and control AI interactions.
+- **Run data assessments**: Evaluate AI-related data exposure risks and implement remediation actions.
+- **Monitor compliance reports**: Use AI activity logs, security alerts, and policy reports to track AI risks over time.
+
+DSPM for AI helps organizations manage AI-related security and compliance risks by applying the same security principles to AI-generated content as other enterprise data.

learn-pr/wwl-sci/purview-identify-mitigate-ai-risks/includes/introduction.md

@@ -0,0 +1,19 @@
+AI tools like Microsoft 365 Copilot are changing how organizations work with data, but they also introduce new security and compliance risks. Traditional security controls weren't designed to track AI interactions or protect sensitive data in AI-generated content. Without a way to monitor AI activity and enforce security policies, organizations risk data exposure, compliance violations, and security gaps.
+
+**Microsoft Purview Data Security Posture Management (DSPM) for AI** helps security teams manage these risks by providing insights into AI activity, security policies to protect sensitive data, and compliance controls to enforce governance. With DSPM for AI, organizations can track AI usage, assess security risks, and apply protections to prevent unauthorized data exposure.
+
+## Scenario
+
+Your organization has started using Microsoft 365 Copilot to improve productivity. Security teams don't have a clear way to track how it's used or what data it accesses. Without visibility, they can't tell if AI-generated content includes sensitive information or if users are sharing regulated data with external AI tools.
+
+To solve this, your team needs to use DSPM for AI to monitor AI interactions, detect potential security risks, and apply policies that protect sensitive information.
+
+## Learning objectives
+
+By the end of this module, you'll be able to:
+
+- Identify security risks in AI interactions
+- Monitor AI usage and enforce security policies
+- Protect sensitive data in AI-generated content
+- Run data assessments to detect oversharing risks
+- Use reports to track AI activity and strengthen compliance