Share via

Get started with Microsoft Purview Posture Agent in Data Security Posture Management

This feature is in preview.

The Microsoft Purview Posture Agent in Microsoft Purview Data Security Posture Management uses natural language prompts to help you find sensitive information across your organization. Follow these steps to deploy the Microsoft Purview Posture Agent in Microsoft Purview Data Security Posture Management.

Before you begin

If you're new to Microsoft Security Copilot Agent in Microsoft Purview, read this article.

SKU/subscriptions and licensing

This agent requires both the standard per seat licensing model and the pay-as-you-go billing model. Your organization must be licensed for:

  • Microsoft 365 E5, with security compute units (SCUs) provisioned to use the Microsoft Purview posture agent in Data Security Posture Management.

The agent consumes security compute units (SCUs) as it performs its tasks. You must have SCUs provisioned for the agent to work. The agent consumes SCUs every time it is run based on the complexity of analysis it performs. For more information about SCUs, see Security compute units (SCUs). You can track your SCU consumption in the usage monitoring tool. For more information about onboarding into Microsoft Security Copilot, see Get started with Microsoft Security Copilot.

For information on Security Copilot licensing in E5 see, Learn about Security Copilot in Microsoft 365 E5.

For information on licensing, see

Permissions and Roles

You can enable and deploy the Microsoft Purview Posture Agent in Data Security Posture Management with either an organizational user account or an agent identity.

We recommend that you deploy the agent using an agent identity. The account used to deploy the agent with an agent identity must have the Role Management role. To get started with agent identities, see Governing Agent Identities (preview).

If you enable and deploy the agent with your organizational user account, see Permissions for deploying the Posture Agent.

There are different permissions and roles needed to perform different functions with the agent. For more information, see Permissions in the Microsoft Purview portal, and Roles and role groups in the Microsoft Purview portals.

Permissions for deploying, running and viewing results from the Posture Agent

Use an account that has one role from each group in the table.

One from Group A One from Group B One from Group C One from Group D
Purview Content Analyst - Compliance Admin
- Security reader
- Data Security viewer
- Data Security AI viewer
- Data Security AI admin		 - Data Classification Content viewer
- Data Classification List viewer		 - Security Copilot Contributor
- Owner

Deployment and configuration roadmap

Implementing the Microsoft Purview agents involves several phases:

  1. Infrastructure prerequisites
  2. Enable the agent
  3. Manage the agent configuration
  4. Monitor SCU usage

Infrastructure prerequisites

Enabling the agent

This procedure is for organizations that haven't enabled the Microsoft Purview Posture Agent for Data Security Posture Management or have removed it and want to enable it again. After you enable the agent, it's available in Microsoft Purview. There can be only one instance of each agent in a tenant.

  1. Sign in to the Microsoft Purview portal with an account that has the required permissions.
  2. In the left hand navigation pane, select Agents.
  3. Select Explore agents.
  4. Select the agent to enable, and then select Add. A page opens that shows the requirements to enable the agent.
  5. Select Setup, this opens the Deploy agent global configuration page. You can:
    1. Choose Create and use agent identity (recommended) or Assign and use my identity.
  6. Select Start. You see the Agent is now active message when the agent is successfully deployed.

Managing the agent configuration

After the agent is deployed, make minor changes to the agent configuration as needed.

  1. Sign in to the Microsoft Purview portal with an account that has the required permissions.
  2. In the left hand navigation pane, select Agents.
  3. Select Explore agents.
  4. Select Go to agent for the agent you want to manage. This opens the agent overview page.
  5. Select the elipses (three dots) on the upper right hand corner of the agent overview page, next to the Edit agent button. From here you can Deactivate agent which makes it inactive, but doesn't uninstall it. If you want to uninstall it, select Remove agent.
  6. Select Edit agent to update Agent identity under Deployment configuration.

Deactivate agent

  1. Sign in to the Microsoft Purview portal with an account that has the required permissions.
  2. In the left hand navigation pane, select Agents.
  3. Select Explore agents.
  4. Select View agent for the agent you want to pause. This opens the agent overview page.
  5. In the upper-right corner of the agent overview page, select the ellipsis (three dots) next to the Edit agent button.
  6. Select Deactivate agent. Deactivating the agent stops it from functioning. It doesn't remove the agent.

Remove agent

  1. Sign in to the Microsoft Purview portal with an account that has the required permissions.
  2. In the left hand navigation pane, select Agents.
  3. Select Explore agents.
  4. Select View agent for the agent you want to remove. This opens the agent overview page.
  5. On the far right upper right hand corner of the agent overview page, select the ellipses (three dots) that are located next to the Edit agent button.
  6. Select Remove agent. Removing the agent deletes it from Microsoft Purview. To use it again, follow Enabling the agent.

Monitoring SCU usage

  1. Sign in to the Microsoft Purview portal with an account that has the required permissions.
  2. In the left hand navigation pane, select Agents.
  3. Select Explore agents.
  4. Select View agent for the agent you want to edit. This opens the agent overview page.
  5. Select the Performance tab.
  6. Track your SCU consumption in the usage monitoring tool.

See also

  • Last updated on