MC937924 - Microsoft Purview: Data Security Posture Management with Copilot (preview)

Coming soon for Microsoft Purview: Data Security Posture Management (DSPM) identifies vulnerable configurations across your critical data assets and allows for quick corrective actions. It combines insights from user and data risk in Purview solutions, offering a comprehensive view of insufficient controls to protect your data. Also, data security and compliance admins can use Microsoft Security Copilot's summarization and natural language features embedded in DSPM. These capabilities expedite action and help analysts at all levels identify and address data security gaps efficiently.

This message is associated with Microsoft 365 Roadmap ID 420941.

When this will happen:

Public Preview: We will begin rolling out late November 2024 and expect to complete by late December 2025.

We will update this message later to add the plan for General Availability.

How this will affect your organization:

After you enable DSPM, it will automate a data security risk assessment of your tenant. The dashboard will be populated with a detailed report on your unprotected sensitive information, including its location and top-line insights into activities involving the data. Also, to help you mitigate the top data security risks in your tenant, we provide policy recommendations for implementing protective controls:

Data security administrators can leverage Security Copilot in DSPM to delve deeper into dashboard insights and conduct critical data security investigations. With Copilot, you can quickly uncover insights across various dimensions such as activities, files, devices, users, departments or regions, enabling you to manage your data security posture more effectively:

What you need to do to prepare:

Prerequisites to access Data Security Posture Management (DSPM)

• A Microsoft 365 E5 or Microsoft 365 E5 Compliance license.
• Opt in to DSPM in the Purview portal > Data Security Posture Management (preview). Alternatively, you can 1) enable DLP analytics at the Microsoft Purview portal > Data Loss Prevention > Settings > Data Loss Prevention settings > Analytics and 2) enable IRM analytics in the Purview portal > Insider Risk Management > Settings > Insider Risk Management settings > Analytics, which will then automatically enable DSPM.
  • Enable DLP analytics: Get started with data loss prevention analytics | Microsoft Learn
  • Enable IRM analytics: Enable analytics in insider risk management | Microsoft Learn
• Roles required: Access the DSPM dashboard with one of these roles: Entra compliance admin, Insider Risk Management admin, or Data security viewer.
  • Data security viewer is a view only role. If the DSPM dashboard is opted in, this role has the permission to view all insights.
  • Currently, any user that is configured to a Purview admin unit is not allowed to access the DSPM dashboard.
• To access Security Copilot on DSPM, you must first be onboarded to Security Copilot and have the data security viewer role. Learn more: Get started with Microsoft Copilot for Security | Microsoft Learn
• Enable the Purview plugin in Security Copilot. Learn more: Manage plugins in Security Copilot | Microsoft Learn
• Optional Opt in to sharing the prompts with Microsoft to improve this experience. Learn more: Privacy and data security in Microsoft Copilot for Security | Microsoft Learn

DSPM will be available by default to admins who meet the prerequisites.

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users about this change and update any relevant documentation.