CTRL + ALT + Data Security #17 - Ignite Special

Ok, so - there has been a lot of Ignite announcements, some name changes, and heaps of new capabilities both GA and in Preview.

I have summarised them as best I can and provided links to full articles on each area, I plan to do some more in depth writing soon - but so you can all get access and view them while they are fresh, here they are!

Product Updates and Announcements

Data Security Posture Management (DSPM) for AI

So, in case you haven't noticed, we kind of really like changing names - AI Hub has been renamed to DSPM and is now generally available!

In short:

Discovering Risks: We're identifying data security, safety, and compliance risks in AI prompts and responses. This includes Microsoft Copilots, custom-built AI apps on Copilot Studio, and third-party AI apps like ChatGPT Enterprise.

Policy Recommendations: We're providing policy recommendations, such as configuring auto-labeling or data loss prevention (DLP) policies to mitigate these risks.

Data Oversharing Assessment: We're running assessments to discover data at risk of oversharing in Microsoft 365 Copilot. This involves scanning for sensitive information types, identifying locations with potential oversharing based on user access patterns, and providing recommendations on protecting sensitive data. This includes configuring auto-labeling policies or default labels for items within over-permissioned sites. Additionally, we offer recommendations on fixing permissions with auto-labeling, Restricted Content Discovery, and Access Review in SharePoint Advanced Management. The oversharing report can be run pre-deployment to identify unlabeled files accessed by users before deploying Copilot or post-deployment to identify sensitive data referenced in Copilot responses.

Full blog post here: https://techcommunity.microsoft.com/blog/microsoftsecurityandcompliance/accelerate-ai-adoption-with-next-gen-security-and-governance-capabilities/4296064

Data Security Posture Management (DSPM)

So, this is slightly different from the AI version above;

Microsoft Purview Data Security Posture Management (DSPM) is now in preview and it's here to improve how we manage data security. It brings together information from Microsoft Purview Information Protection, Insider Risk Management, and Data Loss Prevention (DLP) into one place. This helps us spot potential risks and opportunities to strengthen our data security program.

With DSPM, we can analyse data, users, and activities all in one go. This helps us understand our data environment even before we set up classifications or policies.

DSPM gives us insights into where sensitive data is, risky user activities, and common ways data might be leaked. By centralising this information, DSPM helps us speed up investigations and find hidden data risks that we might miss otherwise. This gives us a complete view of our data security posture and shows us how to improve it.

When we have access to Security Copilot, Data Security Analytics will provide AI-powered insights in natural language and suggest investigation paths. This lets us explore data sets, alerts, users, and activities in more detail. It also helps us build our data security expertise by centralising insights and guiding investigations, making it easier for new team members to get up to speed and boosting efficiency for experienced teams.

Full blog post here: https://techcommunity.microsoft.com/blog/MicrosoftSecurityandCompliance/strengthen-your-data-security-posture-in-the-era-of-ai-with-microsoft-purview/4298277

Information Protection

Admins will soon be able to extend RMS-defined sensitivity labels to Office files and PDFs stored in a SharePoint document library. The protections set by these labels will apply when files are downloaded from SharePoint, helping to prevent sensitive data leakage from SharePoint sites. This feature is currently in preview.

Full blog post here: https://techcommunity.microsoft.com/blog/microsoftsecurityandcompliance/strengthening-data-protection-in-the-modern-workplace-with-microsoft-purview-inf/4297184

Data Loss Prevention

New capabilities in Microsoft Purview Data Loss Prevention (DLP) are here to help us prevent sensitive data loss in the AI era. This includes the introduction of DLP for Microsoft 365 Copilot, currently in preview. This feature ensures that sensitive content isn't summarised or processed by Microsoft 365 Copilot, enabling confident adoption and use within the modern enterprise.

In addition to DLP for Microsoft 365 Copilot, several improvements will help DLP admins investigate incidents, strengthen protections, and refine their overall DLP program. These preview capabilities include:

• Expanded file type coverage for endpoint DLP: Supporting a broader range of file types for consistent coverage and protection across workloads.
• Power Automate integration: Allowing users to set up custom workflows (like alert triage and investigation) as actions for DLP policies.
• Security Copilot-powered DLP policy understanding: Providing admins with policy summarisation in natural language and policy gap analysis based on organisational needs.
• Full file evidence (Microsoft-managed): Enabling users to store and view full files on Windows as evidence for investigations using Microsoft-managed storage.
• Blanket protections for non-supported file types: Enforcing general protections for file types that endpoint DLP doesn't currently scan and monitor.

Full blog post here: https://techcommunity.microsoft.com/blog/microsoftsecurityandcompliance/simplify--scale-data-protection-in-the-era-of-ai-with-microsoft-purview-data-los/4297106

Insider Risk Management

Microsoft Purview Insider Risk Management (IRM) is rolling out new features to help us detect insider risks in generative AI (GenAI) apps. With the rapid adoption of GenAI, it's essential to have visibility into risky AI usage to understand potential data security risks and prevent misuse. These updates for Microsoft 365 Copilot, Copilot Studio, ChatGPT Enterprise, and Azure OpenAI are now in preview.

We'll be able to spot risky prompts and responses that contain sensitive information. These detections will also contribute to Adaptive Protection insider risk levels. To further understand risky GenAI usage, new Communication Compliance GenAI metrics (like jailbreak and hallucinations) are being added as IRM indicators.

To support SOC teams' investigations, IRM alerts will be integrated into the Microsoft Defender XDR incident page and IRM analytics into Advanced Hunting. This integration provides a more complete picture of the security landscape, improving investigation efficiency by uncovering potential user compromise indicators. This expanded visibility helps reduce false positives and improves incident containment with protective actions aligned with the business value of the data.

Other features include bringing IRM context into Communication Compliance alerts and incorporating Microsoft Entra compromised user context into IRM alerts to better identify compromised user risk.

Full blog post here:

https://techcommunity.microsoft.com/blog/microsoftsecurityandcompliance/insider-risk-management-empowering-risky-ai-usage-visibility-and-security-invest/4298246

Copilot Studio = Purview Integration

Microsoft Purview’s integration with Microsoft Copilot Studio is now in preview, offering data security and compliance features for low-code developers building custom AI apps. You can easily toggle Microsoft Purview integration on without any coding needed and benefit from:

• Discovering Data Risks: Get insights into sensitive data shared with custom-built AI apps through prompts and responses, see the total number of users interacting with the app, their risk levels, and more.
• Governing Data: Audit custom-built AI prompts and responses, preserve, collect, analyse, review, and export these interactions. Apply retention or deletion policies and detect business or code of conduct violations.
• Protecting Sensitive Data: Ensure app-generated responses inherit the sensitivity label of the referenced files, limit access to sensitive data to authorised users only, and reference sensitivity labels for files in responses.

These new features make it easy for low-code developers to integrate security and compliance controls without extensive coding knowledge, helping organisations protect their data while leveraging the power of AI.

Full blog post here: https://techcommunity.microsoft.com/blog/microsoftsecurityandcompliance/accelerate-ai-adoption-with-next-gen-security-and-governance-capabilities/4296064

Security Copilot

Security Copilot is introducing new features to help data security and compliance teams use natural language to uncover hidden data risks, speed up tasks and investigations, and boost team expertise. These features, in preview by the end of the year, include:

• Microsoft Purview Data Security Posture Management (DSPM): Security Copilot in DSPM will provide AI-powered insights in natural language, helping teams dive deeper into potential risks. It offers contextually relevant starting insights and suggested prompts to prioritise efforts and guide investigations. Teams can customise analysis by asking open prompt questions about data based on organisational priorities, enabling them to discover and manage previously unseen risks.
• Data Loss Prevention (DLP) Policy Understanding: Security Copilot will summarise policies in natural language and provide policy gap analysis tailored to the organisation's needs.
• eDiscovery Case Summary: This new feature streamlines case management by providing a comprehensive summary of eDiscovery cases, holds, and searches in natural language, eliminating the need to navigate multiple tabs to assess status, completed actions, pending tasks, and ongoing jobs.
• New DLP Investigation Prompts: Users can expand prompts available in DLP beyond the alert summary, including data/user-specific investigation prompts and filters in Activity Explorer.
• Copilot-powered Knowledge Hub: Product experience guidance will be embedded in the Copilot in Microsoft Purview window, aimed at educating and elevating team members of all skill levels.

Compliance Manager

Compliance Manager has some new enhancements to help organisations stay on top of evolving regulations in the AI space and beyond. You can now use custom templates that include the EU AI Act, NIST 2 AI, ISO 42001, ISO 23894, Digital Operational Resilience Act (DORA), and more international and regional regulations.

Compliance Manager helps organisations assess compliance with regulations and corporate policies, and visualise their compliance posture. Historical records track compliance over time and provide actionable next steps to mitigate risks associated with regulatory requirements.

Here are the new feature enhancements:

• New AI regulations are now generally available, including the EU AI Act, NIST AI Framework, ISO 42001, ISO 23894, DORA, NIST CSF 2.0, Indonesia PDP, and Cloud Computing – Qatar.
• Custom templates allow you to tailor existing regulations to meet specific organisational policies.
• Pre-deployment compliance helps users understand the compliance posture of Azure services before deploying them.
• History reports show trends in compliance scores and the factors contributing to changes.

Full blog post here: https://techcommunity.microsoft.com/blog/microsoftsecurityandcompliance/empowering-compliance-in-a-complex-regulatory-landscape-with-microsoft-purview-c/4303503