Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
This documentation is for the preview version of Data Security Posture Management that's now rolling out. We invite you to try this preview that introduces guided workflows for proactive risk management and streamlines data security operations so you can more confidently adopt AI across your digital estate.
Most new features will be added to this version only but you can still access the previous versions and their documentation:
Microsoft Purview Data Security Posture Management (DSPM) helps organizations discover, protect, and investigate sensitive data risks across their digital estate. This solution provides unified visibility and control for both traditional applications and AI apps and agents, supporting data governance across Microsoft 365, Azure, Fabric, and integrated third-party SaaS platforms. Monitor, assess, and remediate data risks, regardless of where sensitive data resides.
Instead of focusing on infrastructure or endpoints, Data Security Posture Management centers on the data itself—identifying where it resides, who can access it, how it's used, and whether it’s adequately protected. This is especially important as data becomes more distributed and exposed in today's AI-driven workplaces where data is constantly moving and changing, making it harder to keep track of and control.
Data Security Posture Management continuously scans your environment to identify sensitive data, assess risk, and recommend actions to reduce exposure. It consolidates insights from the Microsoft Purview solutions data loss prevention (DLP), Insider Risk Management, information protection with sensitivity labels, and Data Security Investigations. These insights provide a single view for monitoring data risks, policy coverage, and posture trends.
Dedicated dashboards and metrics monitor risks associated with AI apps and agents. Agent risk observability enables you to track agent-specific activities, such as oversharing, exfiltration, and unusual access patterns, across both Microsoft and third-party environments. Enhanced reporting provides advanced filtering and customizable views, supporting granular analysis of sensitive data usage, DLP activity, and posture trends. The dashboards and reports can be tailored to align with your organization’s compliance requirements and operational priorities. Audit logs and activity explorer features help track interactions with AI apps and agents, supporting compliance investigations and incident response. Integrated investigation and forensics tools support rapid incident response and root cause analysis for data security events.
These insights help uncover shadow data, classify sensitive information, analyze access patterns, and highlight risks. The unified approach replaces the need for multiple solutions and manual audits, answering the four practical questions:
- What data do we have?
- Where is it stored?
- Who can access it?
- How is it protected?
When these questions are addressed, Data Security Posture Management can automate remediation steps, such as removing public sharing links or applying data loss prevention policies, to help prevent incidents before they happen. Investigation, alerting, analytics, and reporting are all integrated, supporting a layered security approach. Key metrics are tracked over time, supporting continuous improvement of your organization’s data security posture.
Data security objectives
New in this version of Data Security Posture Management, after the initial setup tasks, you see Data security objectives displayed as prominent, selectable cards or modules. They're also available in context from the initial Posture page. Each security objective represents a specific security goal, such as Prevent data exposure in Microsoft 365 Copilot and Microsoft Copilot interactions, Prevent oversharing of sensitive data, Prevent exfiltration to risky locations, and Discover sensitive data in your organization.
Selecting each one guides you through an end-to-end workflow by grouping together the most relevant Microsoft Purview solutions, such as information protection, data loss prevention (DLP), Insider Risk Management, and eDiscovery. As a result, you can focus on achieving specific data security outcomes rather than navigating separate solutions. Each Outcome card displays key metrics, such as the percentage of data covered by policies, number of risky sharing incidents, or improvements over time. This information lets you quickly see your current security posture and track progress as you remediate risks.
Within each outcome, you see suggested prioritized actions, such as applying sensitivity labels, configuring DLP policies, or investigating alerts, all tailored to your organzation's data. You can take action directly from the workflow, such as remediating oversharing, configuring one-click policies, or launching investigations into suspicious activity. Reporting and analytics are also organized by outcome, making it easier to identify and report improvements, compliance, and risk reduction.
Operational insights are surfaced throughout Data Security Posture Management, including:
- Impact prediction visuals and progress tracking for remediation steps
- Role-based access controls to provide granular access to features and AI content for delegated administration and compliance
How AI helps achieve data security outcomes
This version of Data Security Posture Management not only secures and governs AI apps and agents, but also uses Microsoft Security Copilot and AI agents to help secure and govern your data. This AI integration helps you more quickly identify, protect, and investigate data that resides across cloud, SaaS, on-premises, and AI environments. Data security becomes more adaptive and less reliant on manual intervention. AI analyzes access patterns, sharing behaviors, and policy gaps to surface actionable risks. It can also detect unusual activity, such as excessive sharing or suspicious downloads, and prioritize incidents that seem to need immediate attention.
You're always in control of your data and under your guidance, AI agents can take direct action on detected risks, such as removing public sharing links, applying DLP policies, or revoking permissions. To streamline investigations, AI-driven triage agents review alerts from the DLP and insider risk management solutions, filtering out noise and highlighting the most critical threats. You review, approve, or customize automated actions taken by AI agents, and these actions are always audited. Use the View agent activity options throughout the data security objectives for easy access to the agents' activity.
These AI capabilities from Data Security Posture Management help ensure that sensitive data is governed, labeled, and monitored, with streamlined management. For more information:
- How AI is used within Data Security Posture Management, see Responsible AI FAQ for Data Security Posture Management
- For the best experience using Security Copilot prompts, see Tips for custom Security Copilot prompts in Data Security Posture Management
How to use Data Security Posture Management
To get started with Data Security Posture Management, use the Microsoft Purview portal. You need an account that has appropriate permissions for security and compliance management, such as an account that's a member of the Entra Compliance Administrator role, or the Microsoft Purview Compliance Administrator role group. Some Data Security Posture Management activities need additional permissions, such as the Data Security Viewer role to use Security Copilot. For more information, see Permissions for Data Security Posture Management.
If you're new to Data Security Posture Management, the following steps provide a recommended walkthrough.
Sign in to the Microsoft Purview portal > Solutions > DSPM (preview).
Don't confuse this with the previous versions, that are now named Data Security Posture Management (classic) and DSPM for AI (classic).
With the first-time use of DSPM, you're prompted to accept some initial setup tasks if they're not already turned on for your tenant. Allow a day or so before you start to see data from your tenant that you can take action on.
In the meantime, watch the Microsoft Mechanics video, New Data Security Posture Management for an overview introduction with same sample data to see how you might use the following key pages from DSPM to discover, protect, and investigate sensitive data:
Posture: The dashboard that lets you immediate interact with Security Copilot with suggested prompts, or work your way down the key posture metrics, top objectives to address based on risk, a snapshot of data use across your data estate, and a 30-day trending graph for your organization's data security posture.
Objectives: Data security objectives to help you address data security risks that have been identified for your organization, each with a remediation plan that includes one-click policies and recommended actions.
AI observability: An inventory of all active and inactive AI apps and agents that include the recently released Microsoft Agent 365, how many are high risk and the total with sensitive interactions, with a breakdown of individual agents and policies to govern them.
- Reports: To help you track sensitive data usage and labeling, policy usage, and risky behavior of users and AI agents.
- Setup tasks: To identify and complete configuration steps independently from the security objectives.
Explore the following DSPM pages that aren't directly covered in the video:
Discover > Apps and agents: To view a dashboard of AI apps and their agents that have been used across your organization, although it doesn't include Agent 365 (use the AI observability page, instead). For the top 20 most recently used agents, view details about sensitive data that they accessed and how they're protected by policies from Microsoft Purview.
Discover > Activity explorer: To understand activity related to content that contains sensitive information or has sensitivity labels applied. Use the AI activities tab to see data specific to AI interactions, such as when a user browsed to a generative AI site, the prompts and responses and if they contained sensitive information, and when a data loss prevention rule was matched during one of these interactions. For more information about these events, see Activity explorer events in Data Security Posture Management.
Discover > Data risk assessments: To help prevent oversharing of sensitive data in your organization with the default or custom assessments that identify and fix potential data oversharing risks. For more information, see Prevent oversharing with data risk assessments from Data Security Posture Management.
Tasks and actions > Remediation actions: To identify and create automatic policies independently from the initial setup tasks and security objectives. Most of these policies originate from the previous version, DSPM for AI. For more information about them, see:
If you're familiar with the previous versions that are now named DSPM for AI (classic) and DSPM (classic), you might find it helpful to refer to Find familiar tasks that you did in DSPM for AI or in DSPM.
Next steps
Read the blog post announcements for this new release of Data Security Posture Management:
- Empowering organizations with integrated data security: What’s new in Microsoft Purview
- Beyond Visibility: The new Microsoft Purview Data Security Posture Management (DSPM) experience
Learn how Microsoft Purview secures and governs AI apps and agents: Microsoft Purview data security and compliance protections for generative AI apps
Learn about Security Copilot and agents in Microsoft Purview: