Microsoft Purview compliance portal: Insider Risk Management - Risky AI usage

🚨 The Signal: Purview Insider Risk Management now detects risky AI usage across Microsoft Copilots and third-party generative AI apps. This helps identify sensitive data exposure via prompts or responses, enhancing data loss prevention and contributing to Adaptive Protection.

The Impact

Security teams and data owners are affected by new capabilities to detect and mitigate data leakage risks from generative AI usage.

• Security teams gain visibility into AI-related data exfiltration risks.
• Data owners can better protect sensitive information used with AI.
• Compliance officers can enforce data handling policies for AI interactions.
• Users face increased monitoring for risky AI prompts and responses.

The Action

1. Review existing Insider Risk Management policies for AI-related scope: https://compliance.microsoft.com/insiderrisk
2. Create new Insider Risk Management policies to specifically target risky AI usage: https://compliance.microsoft.com/insiderrisk/policies
3. Configure Adaptive Protection to leverage AI risk signals for dynamic policy enforcement: https://compliance.microsoft.com/adaptiveprotection
4. Educate users on acceptable use policies for generative AI, especially regarding sensitive data.

Domain: Purview · Impact: high · Workload: Microsoft Purview