Microsoft Purview compliance portal: Data Lifecycle Management - Separate Retention policies for Copilots and AI Apps

🚨 The Signal: Admins can now set specific data retention policies for Copilot and other AI applications within Microsoft Purview. This enables granular control over AI-generated and AI-processed data lifecycle, crucial for compliance and data minimisation.

The Impact

Security and compliance teams are affected by new data retention capabilities for AI, reducing data sprawl risk.

• Security Teams: New controls reduce risk of AI data over-retention.
• Compliance Teams: Enhanced ability to meet regulatory data lifecycle requirements.
• AI Governance Teams: Direct control over AI-generated content retention.
• Legal Teams: Improved defensibility for data disposal related to AI.

The Action

1. Navigate to Microsoft Purview compliance portal > Data Lifecycle Management > Retention policies.
2. Create a new retention policy specifically targeting 'Copilots and AI Apps' workloads.
3. Define retention periods and actions (e.g., retain, delete) based on organisational policy.
4. Apply the policy to relevant Copilot and AI app data locations.
5. Regularly review and audit AI app retention policies for compliance.

Domain: Purview · Impact: medium · Workload: Microsoft Purview