AI innovation is impacting every industry, business process, and individual. About 75% of knowledge workers today are currently using some sort of AI in their day to day.¹ At the same time, the regulatory landscape is evolving at an unprecedented pace. Around the world, at least 69 countries have proposed more than 1,000 AI-related policy initiatives and legal frameworks to address public concerns around AI safety and governance.² With the need to adhere to regulations and policy frameworks for AI transformation, a comprehensive solution is needed to address security, governance, and privacy concerns. Additionally, with the convergence of the responsibilities of cybersecurity and data teams, customers are asking for a solution that turns data security and data governance into a team sport to address issues such data discovery, data classification, data loss prevention, and data quality in a unified way. Microsoft Purview delivers a comprehensive set of solutions that address these needs, helping customers seamlessly secure and confidently activate their data in the era of AI.

We are excited to announce new innovations that help security and data teams accelerate their organization’s AI transformation:

1. Enhancing Microsoft Purview Data Loss Prevention (Purview DLP) support for lakehouse in Microsoft Fabric to help prevent sensitive data loss by restricting access.
2. Expanding Purview DLP policy support for additional Fabric items such as KQL databases and Mirrored databases to send users notification through policy tips when they are working with sensitive data.
3. Microsoft Purview integration with Copilot in Fabric, specifically for Power BI.
4. Data Observability within the Microsoft Purview Unified Catalog.

Seamlessly secure data

Microsoft Purview is extending its proven data security value delivered to millions of Microsoft 365 users worldwide, to the Microsoft data platform. This helps users drive consistency across their multicloud and multiplatform data estate and simplify risks related to data leaks, oversharing, and risky user behavior as more users are managing and handling data in the era of AI.

1. Enhancing Microsoft Purview Data Loss Prevention (DLP) support for lakehouse in Fabric to help prevent sensitive data loss by restricting access

Microsoft Purview Data Security capabilities are used by hundreds of thousands of customers for their integration with Microsoft 365 data. Since last year’s Microsoft Fabric Community Conference, Microsoft Purview has extended Microsoft Purview Information Protection and Purview DLP policy tip value across the data estate, including Fabric. Currently, Purview DLP supports the ability to show users notifications for when they are working with sensitive data in lakehouse. We are excited to share that we are enhancing the DLP value in lakehouse to prevent sensitive data leakage to guest users by restricting access. Data Security admins can configure policies and limit access to only internal users or data owners based on the sensitive data found. This control is valuable for when a Fabric tenant includes guest users and domain owners want to limit access to internal proprietary data in their lakehouses. 

Figure 1. DLP policy restricting access for guest users into lakehouse due to personally identifiable information (PII) data discovered 

2. Expanding DLP policy support for additional Fabric items such as KQL databases and Mirrored databases to show users notification through policy tips when they are working with sensitive data

A key part of securing sensitive data is to provide visibility to your users on where and how they are interacting with sensitive data. Purview DLP policies can help notify users when they are working with sensitive data through policy tips in lakehouse in Fabric. We are excited to announce that we are extending policy tips support for additional Fabric items—KQL databases and Mirrored databases in preview. (Mirrored Database sources include Azure Cosmos DB, Azure SQL Database, Azure SQL Managed Instance, Azure Databricks Unity Catalog, and Snowflake, with more sources available soon). KQL databases are the only databases used for real-time analytics so detecting sensitive data that comes through real-time analytics is huge for Fabric customers. Purview DLP for Mirrored databases reduces the security risk of sensitive data leakage when data is transferred in Fabric. We are happy to extend Purview DLP value to more data sources, providing end-to-end protection for customers within their Fabric environments, all to prepare for the safe deployment of AI.

Figure 2. Policy tip triggered by Purview DLP due to PII being discovered in KQL databases.

Figure 3. Policy tip triggered by Purview DLP due to PII being discovered in Mirrored databases.

3. Microsoft Purview for Copilot in Fabric

As organizations adopt AI, implementing data controls and a Zero Trust approach is crucial to mitigate risks like data oversharing and leakage, and potential non-compliant usage in AI. We are excited to announce Microsoft Purview capabilities in preview for Copilot in Fabric, starting with Copilot for Power BI. By combining Microsoft Purview and Copilot for Power BI, users can:

• Discover data risks such as sensitive data in user prompts and responses and receive recommended actions in their Microsoft Purview Data Security Posture Management (DSPM) dashboard to reduce these risks.
• Identify risky AI usage with Microsoft Purview Insider Risk Management to investigate risky AI usage, such as an inadvertent user who has neglected security best practices and shared sensitive data in AI or a departing employee using AI to find sensitive data and exfiltrating the data through a USB device.
• Govern AI usage with Microsoft Purview Audit, Microsoft Purview eDiscovery, retention policies, and non-compliant usage detection.

Figure 4. Purview DSPM for AI provides admins with comprehensive reports on Copilot in Fabric’s user activities, as well as data entered and shared within the copilot.

Confidently activate data

4. Data observability, now in preview, within Microsoft Purview Unified Catalog

Within the Unified Catalog in Microsoft Purview, users can easily identify the root cause of data quality issues by visually investigating the relationship between governance domains, data products, glossary terms, and data assets associated with them through its lineage. Data assets and their respective data quality are visible across your multicloud, hybrid data estate. Maintaining high data quality is core to driving trustworthy AI innovation forward, and with the new data observability capabilities in Microsoft Purview, users can now improve how fast they can investigate and resolve root cause issues to improve data quality and respond to regulatory reporting requirements.

Figure 5. Lineage view of data assets that showcases data quality within a Data Product.

Microsoft Purview and Microsoft Fabric can help secure and activate data

As your organization continues to implement AI, Microsoft Fabric and Microsoft Purview will serve as key solutions to safely activate your data for AI. Stay tuned for even more exciting innovations to come and check out the Fabric blog to read more about the innovations in Fabric.

Learn more

Explore these resources to stay updated on our product innovations in security and governance for your data:

• Learn how to secure and govern your entire data estate with Microsoft Purview.
• Learn more about Microsoft Purview Data Governance.
• Get started with Microsoft Fabric.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1Work Trends Index

2AI Regulations around the World – 2025

The post New innovations in Microsoft Purview for protected, AI-ready data appeared first on Microsoft Security Blog.

I’m often asked how long it takes to deploy Microsoft Purview. The answer depends on the specifics of the organization and what they want to achieve. Microsoft Purview should enable a comprehensive data governance program but it can provide risk mitigation for generative AI in the short term while the program is underway.

Microsoft Purview

Secure and govern your entire data estate.

Explore solutions

Organizations need AI solutions to add value for their customers and to stay competitive. They can’t wait for years to secure and govern these systems.

For the organizations deploying generative AI, “how long does it take to deploy Microsoft Purview?” isn’t the right question.

The risk mitigation Microsoft Purview provides for AI can begin on day one. This includes Microsoft AI, like Microsoft 365 Copilot, AI that an organization builds in-house, and AI from third parties like Google Gemini or ChatGPT.

This post will discuss ways we can secure and govern data used or generated by AI quickly, with minimal user impact, change management, and resources required.

These Microsoft Purview solutions are:

• Microsoft Purview Data Security Posture Management for AI
• Microsoft Purview Information Protection
• Microsoft Purview Data Loss Prevention
• Microsoft Purview Communications Compliance
• Microsoft Purview Insider Risk Management
• Microsoft Purview Data Lifecycle Management
• Microsoft Purview Audit and Microsoft Purview eDiscovery
• Microsoft Purview Compliance Manager

Here are short term steps you can take while the comprehensive data governance program is underway.

Microsoft Purview Data Security Posture Management for AI

Microsoft Purview Data Security Posture Management for AI (DSPM for AI) provides visibility into data security risks. It reports on:

• User’s interactions with AI.
• Sensitive information in the prompts users share with the AI.
• Whether the sensitive information users share is labeled and thus is protected by durable security policy controls.
• Whether and how user interactions may be violating company policy including codes of conduct and attempts at jailbreak, where users manipulate the system to circumvent protections.
• The risk level of users interacting with the system, such as inadvertent or malicious activities they may be involved in that put the organization at risk.

DSPM for AI reports on this for each AI application and can drill down from the reports to the individual user activities. DSPM for AI collects and surfaces insights from the other Microsoft Purview solutions around generative AI risks in a single screen.

Custom sensitive information types, sensitivity labels, and information protection rules are reasoned over by DSPM for AI, but if these are not available, more than 300 out-of-the-box sensitive information types are available from day one.  

DSPM for AI will use these to report on risk for the organization without additional configuration. The organization’s administrators can configure policy to mitigate these risks directly from the DSPM for AI tool.

Figure 1. DSPM for AI shows interactions with Microsoft 365 Copilot, enterprise generative AI from other providers, and AI developed in-house.

Figure 2. DSPM for AI Reports on generative AI user interactions with sensitive data.

A big concern that organizations have in widely deploying generative AI is that it will return results that contain sensitive information that the user should not have access to. SharePoint sites have been created over the years, are unlabeled, and may be accessible to the entire organization through the AI. The “security by obscurity” that may have prevented the sensitive information from being inappropriately shared is now negated by the AI that reasons over and returns the data.

Data assessments, part of DSPM for AI, and currently in preview, identifies potential oversharing risks and allows the administrator to apply a sensitivity label to the SharePoint sites, the sensitive data, or initiate an Microsoft Entra ID user access review to manage group memberships.

The administrator can engage the business stakeholder who has knowledge of the risk posed by the data and invite them to mitigate the risk or apply the policy at scale from the Microsoft Purview administration portal.

Figure 3. Data assessment—visualize risk, review access, and deploy policy.

Microsoft Purview Information Protection

The document access controls of Microsoft Purview Information Protection, including sensitivity labels, are enforced when the data is reasoned over by AI. The user is given visibility in context that they are working with sensitive information. This awareness empowers users to protect the organization. 

The sensitivity labels that enforce scoped encryption, watermarking, and other protections travel with the document as the user interacts with the AI. When the AI creates new content based on the document, the new content inherits the most restrictive label and policy.

Microsoft Purview can automatically apply sensitivity labels to AI interactions based on the organization’s existing policy for email, desktop applications, and Microsoft Teams, or new policy can be deployed for the AI.

These can be based on out-of-the-box sensitive information types for a quick start.

Microsoft Purview Data Loss Prevention

The Microsoft Purview Data Loss Prevention policies that the organization currently uses for email, desktop applications, and Teams can be extended to the AI or new policy for the AI can be created. Cut and paste of sensitive information or transfer of a labeled document into the AI can be prevented or only allowed with an auditable justification from the user.

A rule can be configured to prevent all documents bearing a specific label from being reasoned over by the AI. Out-of-the-box sensitive information types can be used for a quick start.

Microsoft Purview Communication Compliance

Microsoft Purview Communication Compliance provides the ability to detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content.

Out-of-the-box policies can be used to monitor user prompts or AI-generated content. It provides policy enforcement in near real time and also audit logs and reporting.

Microsoft Purview Insider Risk Management

Microsoft Purview Insider Risk Management correlates signal to identify potential malicious or accidental behaviors from legitimate users. Pre-configured generative AI-specific risk detections and policy templates are now available in preview.

As the Insider Risk Management solution algorithms determine a user to be engaging in risky behavior, the data loss prevention (DLP) policies for that user can be made stricter using a feature called Adaptive Protection. It can be configured with out-of-the-box policies. This continuous monitoring and policy modulation mitigates risk while reducing administrator workload.

AI analytics can be activated from the Microsoft Purview portal to provide insights even before the Insider Risk Management solution is deployed to users. This quickly surfaces AI risks with minimal administrative workload.

Microsoft Purview Data Lifecycle Management

Microsoft Purview can enforce AI Data Lifecycle Management, with retention of AI prompts, prompt returns, and the documents AI creates for a specified time period. This can be done globally for every interaction with an AI solution. It can be done with out-of-the-box or custom policies. This will keep these interactions available for future investigations, for regulatory compliance, or to tune policies and inform the governance program.

A policy for deletion of AI interactions can be enforced so information is not over-retained.

Microsoft Purview Audit and Microsoft Purview eDiscovery

The organization will need to support internal investigations around the use of AI. Microsoft Purview Audit logs and retains these interactions. They also need to support their legal team should they have to produce AI interactions to support litigation.

Microsoft Purview eDiscovery can put a user’s interactions with the AI as well as their other Microsoft 365 documents and communications on hold so that their availability to support investigations is maintained. It allows them to be searched based metadata, enhancing relevancy, annotated, and produced.

Microsoft Purview Compliance Manager

Microsoft Purview Compliance Manager has pre-built assessments for AI regulations including:

• EU Artificial Intelligence Act.
• ISO/IEC 23894:2023.
• ISO/IEC 42001:2023.
• NIST AI Risk Management Framework (RMF) 1.0.

These assessments are available to benchmark compliance over time, report on control status, and maintain and produce evidence for both Microsoft and the organization’s activities that support the regulatory compliance program.

Microsoft Purview is an AI enabler

Without security, governance, and compliance bases being covered, the AI program puts the organization at risk. An AI program can be blocked before it deploys if the team can’t demonstrate how it is mitigating these risks.

The actions suggested here can all be taken quickly, and with limited effort, to set up a generative AI deployment for success.

Learn more

Learn more about Microsoft Purview.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Fast-track generative AI security with Microsoft Purview appeared first on Microsoft Security Blog.

Historically, organizations have relied on the traditional approach to data security and governance, largely involving stitching together fragmented solutions. According to Gartner®, “75% of security leaders are actively pursuing a security vendor consolidation strategy as of 2022.”² Consolidation, however, is no easy feat. In a recent study, more than 95% of security leaders acknowledge that unifying the handling of data security, compliance, and privacy across teams and tools is both a priority and a challenge.³ These approaches often fall short because of duplicate data, redundant alerts, and siloed investigations, ultimately leading to increased data risks. Over time, this approach has been increasingly difficult for organizations to maintain.

Unify how you protect and govern your data with Microsoft Purview

Unlike traditional data security and governance strategies that require disparate solutions to achieve comprehensive data protection, Microsoft Purview is purpose-built to unify data security, governance, and compliance into a single platform experience. This integration aims to reduce complexity, simplify management, and mitigate risk, while helping enhance efficiency across teams to support a culture of collaboration. With Microsoft Purview you can:

• Enable comprehensive data protection.
• Support compliance and regulatory requirements.
• Help safeguard AI Innovation.

What’s new in Microsoft Purview?

To meet our growing customer needs, the team has been delivering a lot of innovation at a rapid pace. In this blog, we’re excited to recap all the new capabilities we announced at Microsoft Ignite last month.

Enable comprehensive data protection

Microsoft Purview enables you to discover, secure, and govern data across Microsoft and third-party sources. Today, Microsoft Purview delivers rich data security capabilities through Microsoft Purview Data Loss Prevention, Microsoft Purview Information Protection, and Microsoft Purview Insider Risk Management, enhanced with AI-powered Adaptive Protection. To drive AI transformation, you need to build and maintain a strong data foundation, categorized by data that is not just secured but also governed. Microsoft Purview also addresses your data governance needs with the newly reimagined Microsoft Purview Unified Catalog. These data security and data governance products leverage shared capabilities such as a common data catalog, connectors, classifications, and audit logs—helping reduce inconsistencies, inefficiencies, and exposure gaps, commonly experienced by using disparate tools.

Introducing Microsoft Purview Data Security Posture Management

Microsoft Purview Data Security Posture Management (DSPM) provides visibility into data security risks and recommends controls to protect that data. DSPM provides contextual insights, usage analysis, and continuous risk assessments of your data, helping you mitigate risks and enhance data security. With DSPM, you get a shared understanding of key risks through a series of reports that correlate insights across location and type of sensitive data, risky user activities, and common exfiltration channels. In addition, DSPM provides actionable, scenario-based recommendations for detection and protection policies. For example, DSPM can help you create an Insider Risk Management policy that identifies risky behavior such as downgrading labels in documents followed by exfiltration, and a data loss prevention (DLP) policy to block that exfiltration at the same time.

DSPM also brings a view of historical trends and insights based on sensitivity labels applied, sensitive assets covered by at least one DLP policy, and potentially risky users so show the effectiveness of your data security policies over time. And finally, DSPM leverages the power of generative AI through its deep integration with Microsoft Security Copilot. With this integration, you can easily uncover risks that might not be immediately apparent and drive efficient and richer investigations—all in natural language.

With DSPM, you can easily identify possible labeling and policy gaps such as unlabeled content and users that aren’t scoped in a DLP policy, unusual patterns and activities that might indicate potential risks, as well as opportunities to adapt and strengthen your data security program.

Figure 1. DSPM overview page provides centralized visibility across data, users, and activities, as well as access to reports.

Learn more about this announcement in the Data Security Posture Management blog.

Increasing data security and security operations center integration

Understanding data and user context is vital for improving security operations and prioritizing investigations, especially when sensitive data is at stake. By integrating insights such as data classification, access controls, and user activity into the security operations center (SOC) experience, organizations can better assess the impact of security incidents, reduce false alerts, and enhance containment efforts. In addition to the already present DLP alerts in the Microsoft Defender XDR incident investigation and data security remediation actions enabled directly from Defender XDR, we’ve also added Insider Risk Management context to the user entity page to provide a more comprehensive view of user activities.

With Microsoft Purview’s latest integration with Microsoft Defender, now in preview, you get insider risk alerts in Defender XDR and can correlate them with incidents. This gives you critical user context for your security investigations. SOC teams can now better distinguish internal incidents from external cyberattacks and refine their response strategies. For more complex analysis to identify risks such as attack patterns, we are integrating insider risk signals into Defender XDR’s Advanced Hunting, giving you deeper insights and allowing you to improve your policies in partnership with data security teams. Together, these advancements allow your organization to stay ahead of evolving cyberthreats, providing a collaborative and data-driven approach to security.

Learn more about this announcement in the Purview Insider Risk Management blog.

Protecting data and preventing sensitive data loss

As AI generates new data in unprecedented volumes, the need to secure that data and prevent the loss of sensitive information has become even more crucial. Our new DLP capabilities help you effectively investigate DLP incidents, fortify existing protections, and refine your overall DLP program. You can now customize Purview DLP to the established processes of your organization with the Microsoft Power Automate connector in preview. This lets you automate and customize your DLP policy actions through Power Automate workflows to integrate your DLP incidents into new or established IT, security, and business operations workflows, like stakeholder awareness or incident remediation.

DLP policy insights in Security Copilot, also in preview, summarize existing DLP policies in natural language and helps you understand any gaps in policy coverage across your environment. This makes it easier for you to quickly and easily understand the full breadth of DLP policy coverage across your organization and address gaps in protection. We are also enhancing DLP protections on endpoints by expanding our file type coverage from more than 40 to more than 110 file types. Users can also now store and view full files on Windows devices as evidence for forensic investigations using Microsoft-managed storage. With the Microsoft-managed option, your admins can save time otherwise spent configuring additional settings, assigning permissions, and selecting the storage in the policy workflow. Finally, you can now enforce blanket protections on file types that cannot currently be scanned or classified by endpoint DLP, such as blocking copy to removable media for all computer-aided design (CAD) files regardless of those files’ contents. This helps ensure that the diverse range of file types found in your environment are still protected even if they cannot currently be scanned and classified by Microsoft Purview endpoint DLP. 

Learn more about these announcements in our Microsoft Purview Data Loss Prevention blog.

Microsoft Purview Data Governance innovations to drive greater business value

Research indicates that data practitioners spend 80% of their time finding, cleaning, and organizing data, leaving only 20% of time to process and analyze it.⁴ To simplify the data governance practice in the age of AI, the Microsoft Purview Unified Catalog is a comprehensive enterprise catalog that automatically inventories and tags your organization’s critical data assets. This gives your business users the ability to search for specific business data when building analytics reports or AI models. The Unified Catalog gives you visibility and confidence in your data across your disparate data sources and local catalogs with built-in data quality management and end-to-end lineage. You can integrate metadata from diverse catalogs such as Fabric OneLake, Databricks Unity, and Snowflake Polaris, into a unified catalog for all your data stewards, data owners, and business users.

Now in preview, Unified Catalog provides deeper data quality through a new scan engine that supports open standard file and table formats for big data platforms, including Microsoft Fabric, Databricks Unity Catalog, Snowflake, Google Big Query, and Amazon S3. This new scan engine enables rich data quality management at the asset level for improved data quality management at the asset level for overall improved data quality health. Lastly, Microsoft Purview Analytics in OneLake (preview) allows you to extract tenant-specific metadata from the Unified Catalog and export it directly into OneLake. You can then use Microsoft Power BI to analyze the metadata to further understand and report on your data’s quality and lineage.

Learn more about these announcements in our Microsoft Purview Data Governance blog.

Support compliance and regulatory requirements

As regulatory requirements evolve with the proliferation of AI, it is more critical than ever for businesses to keep compliance and privacy top of mind. However, adhering to requirements is becoming increasingly complex, while consequences for non-compliance are growing more severe. Microsoft Purview empowers you to address regulatory demands and comply with corporate policies by offering compliance and privacy controls that are both scalable and adaptable to changing needs.

New templates in Compliance Manager to help simplify compliance

Microsoft Purview Compliance Manager provides insights into your organization’s compliance status through compliance templates and provides suggested actions and next steps to help you along your compliance journey. Compliance Manager continues to add new templates to help you address new and evolving regulations, including templates for the European Union AI Act (EUAI Act), NIST 2 AI, ISO 42001, ISO 23894, Digital Operations Resiliency Act (DORA), and additional industry and regional regulations. Compliance Manager now includes historical records that help track your organization’s compliance and provides actionable next steps to understand how new regulations or policies affect your compliance score over time. In addition, you can now leverage custom templates to address both regulatory and your organization’s specific policies and preferences.

Figure 2. EUAI Act Assessment in Compliance Manager.

Learn more about this announcement in the Microsoft Purview Compliance Manager blog.

New Microsoft Purview controls for ChatGPT Enterprise with integration with OpenAI for improved compliance

Microsoft Purview now integrates with ChatGPT Enterprise, allowing you to gain visibility and govern the prompts and responses of your ChatGPT Enterprise interactions. This integration, currently in preview, includes Microsoft Purview Audit for auditing ChatGPT Enterprise interactions, Microsoft Purview Data Lifecycle Management for enabling retention and deletion policies, Microsoft Purview Communication Compliance to proactively detect regulatory and corporate policy violations, and Microsoft Purview eDiscovery to streamline legal investigations.

Learn more about all these announcements in our Security for AI blog.   

Microsoft Purview is built to help safeguard AI Innovation

With the rapid adoption of AI, new vulnerabilities have emerged, highlighting the need for strong data security and governance of AI workloads. Microsoft Purview is built to secure and govern data related to pre-built and custom-built AI apps.

Introducing Microsoft Data Security Posture Management for AI (DSPM for AI)

Security teams often find themselves in the dark when it comes to data security and compliance risks associated with AI usage. Without proper visibility, organizations often struggle to safeguard their AI assets effectively. DSPM for AI, now generally available, gives you visibility through a centralized dashboard and reports, enables you to proactively discover and manage your AI-related data risks, such as sensitive data in user prompts, and gives you actionable recommendations and real-time insights to respond effectively to security incidents.

Microsoft Purview controls for Microsoft 365 Copilot help prevent data oversharing

Data oversharing occurs when users have access to more data than necessary for their job duties. Organizations need effective data security controls to help mitigate this risk. At Microsoft Ignite we announced a number of new Microsoft Purview capabilities in preview to prevent data oversharing in Microsoft 365 Copilot.

Data oversharing assessments: Discover data that is at risk of oversharing by scanning files containing sensitive data, identifying risky data sources such as SharePoint sites with overly permissive user access, and by providing recommendations such as auto-labeling policies and default labels to prevent sensitive data from being overshared. The oversharing assessment report can identify unlabeled files accessed by users before deploying Copilot or can be run post-deployment to identify sensitive data referenced in Copilot responses. 

Label-based permissions: Microsoft 365 Copilot honors permissions based on sensitivity labels assigned by Microsoft Purview when referencing sensitive documents.

Purview DLP for Microsoft 365 Copilot: You can create DLP policies to exclude documents with specified sensitivity labels from being processed, summarized, or used in responses in Microsoft 365 Copilot, preventing sensitive data from being inadvertently overshared.

New Microsoft Purview capabilities to detect risky activities in Microsoft 365 Copilot

Security teams need ways to detect risky use of AI applications like deliberate or accidental access to sensitive data, jailbreaks, and copyright violations. Insider Risk Management and Communication Compliance now provide risky AI usage indicators, a policy template, and an analytics report in preview to help detect and investigate the risky use of AI. These new capabilities not only help detect risky activities and prompts but also integrate with Microsoft Defender XDR, enabling your security teams to investigate new AI-related risks holistically alongside other risks, such as identity risks through Microsoft Entra and data oversharing and data loss risks through Purview DLP.

New Microsoft Purview capabilities for agents built with Microsoft Copilot Studio

When new and citizen developers are building low code or no-code AI, they often lack security expertise and tools to enable security and compliance controls. Microsoft Purview now provides data controls for agents built in Copilot Studio to enable low code and no-code developers to build more secure agents. For example, when an agent built with Copilot Studio accesses sensitive data, it will recognize and honor the sensitivity labels of the data being accessed. Microsoft Purview will also protect sensitive data generated by the agent through label inheritance and will enforce label permissions, ensuring only authorized users have access.

Data security admins also get visibility into the sensitivity of data in user prompts and agent responses within DSPM for AI. Moreover, Microsoft Purview will enable you to detect anomalous user activity and risky or non-compliant AI use and apply retention or deletion policies on your agent prompts and responses. These new controls give you visibility and and insights into risks for your agents built with Copilot Studio, strengthening your data security posture.

Learn more about all these announcements in our Security for AI blog.   

Unified solutions that empower your organization

As you navigate the complexities of AI proliferation, regulatory requirements, and security threats, we are excited to innovate, invest in, and expand the capabilities of Microsoft Purview to address your most pressing data security, governance, and compliance challenges.

Get started with Microsoft Purview today

To get started, we invite you to try Microsoft Purview free and to learn more about Microsoft Purview today.

• Read the Data Security Index report.
• Read our new whitepaper: Accelerating AI transformation by prioritizing security, a path to implementing effective security for AI that enables innovation.
• Watch Microsoft Purview sessions from Microsoft Ignite.
• Try Microsoft Purview for free.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft internal research, May 2023. 

²Gartner, Innovation Insight for Security Platforms, Peter Firstbrook, Craig Lawson. October 16, 2024. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

³Microsoft internal research, August 2024. 

⁴Overcoming the 80/20 Rule in Data Science, Pragmatic Institute.

The post New Microsoft Purview features help protect and govern your data in the era of AI appeared first on Microsoft Security Blog.

Fragmentation is in the way

The market has responded with dozens of products that address this challenge locally. Security and governance teams often bolt on security controls to protect individual data stores, having to stitch together a patchwork of solutions. This approach not only strains resources but is also ineffective. Security outcomes are worse—audits are failed and brand reputations are damaged.

In Microsoft’s most recent Data Security Index report, we found that 74% of organizations experienced some sensitive data exposure in the past year. Similarly, 68% of companies reported not being able to gather the right data insights, leading to poor data quality.² And even though organizations are quickly adopting generative AI, less than half of business leaders are confident in their organization’s ability to mitigate AI risks and adhere to its upcoming regulations.³ In the era of AI, before unlocking the power of data, organizations are looking for integrated security and governance solutions to help them confidently activate their data estate.

“In the age of data-driven decision making, organizations must recognize that governance practices are prerequisites for extracting trusted and responsible insights from their data. Without proper security and governance, analytics initiatives are at risk of producing unreliable or compromised results, which in turn negatively impacts business outcomes.”

—Chandana Gopal, Research Director, Enterprise Intelligence, IDC

Microsoft Purview—Seamlessly securing and confidently activating your data estate

The rise of generative AI and data democratization in the form of new analytics tools has made organizations look inward to adopt responsible analytics practices. At Microsoft, we believe that the key to responsible analytics is in adopting integrated solutions to secure your data, so you can confidently activate it. Security and governance are no longer an aftermath to data deployments, they are table stakes.

In 2022, we introduced Microsoft Purview, a comprehensive set of solutions that let you secure, govern, and ensure compliance across your data estate. Since then, the teams have worked tirelessly to bring this vision to life. With a unified approach, Microsoft Purview combines a variety of capabilities to allow customers to seamlessly secure, and confidently activate data, while adhering to regulatory requirements in one single solution built on a shared set of AI-powered data governance, classification, and audit logging, all under a unified management experience.

Seamlessly secure your data with built-in controls

With the rapid adoption of platforms such as Microsoft Fabric, we are excited to announce new innovations—all in preview—to help organizations adopt built-in data security across their most utilized systems. Starting today, we are enabling the following experiences:

• Built-in protections: Business users can now apply label-based protections—a familiar concept to the millions of users who employ Microsoft 365 labels and data loss prevention (DLP) policies, into Microsoft Fabric workloads. 
• Consistent enforcements: Admins can now extend their label-based protections across structured and unstructured data stores, including Microsoft Azure SQL, Microsoft Azure Data Lake Storage, and Amazon S3 buckets.
• Data risk detections: Data doesn’t move itself. People move data. Security teams can now ingest signals coming from Microsoft Fabric into the millions of signals across Microsoft Purview Insider Risk Management.

Click here to watch the Microsoft Mechanics video to see this scenario in action!

These capabilities enable a confident approach to data democratization as organizations work on all types of data, whether sensitive or not, in a secure and responsible way. Learn more about how to seamlessly secure your data estate with our new capabilities.

Confidently activate your data with modern data governance

We are thrilled to introduce the new Microsoft Purview Data Governance experience. This new reimagined software as a service (SaaS) solution offers sophisticated yet simple business-friendly interaction, integration across your multicloud data estate, and actionable insights that help data leaders to responsibly unlock business value within their data estate. The new experience is:

• Business-friendly, federated, multicloud: Purpose-built for federated governance with efficient data office management and oversight that offers customizable business terms, roles, and policies for your multisource, multicloud data estate.
• Designed for business efficiency: Scan and search data assets and accelerate your practice with built-in templates, terms, and policy recommendations served up based on your metadata. Define data quality policies that follow the data through your governance practice.
• Actionable and informative: Aggregated actions and health insights help you put the practice in data governance by showcasing the overall health of your governed estate through built-in reports while interactive summarized actions help you improve the overall posture of your data governance practice.

Click here to learn more about our new modern Data Governance experience.

Expanding across your data estate

These innovations, all in public preview, are just the beginning of our journey to provide you with an integrated solution to secure and govern your data estate. We invite you to try them out and share your feedback with us. These capabilities will come in a new pay-as-you-go consumptive model, available at no additional cost during preview in the near term, with pricing details to follow in the future.

Join us at the Fabric Community Conference

Please join us at the first ever Microsoft Fabric Community Conference in Las Vegas. If you’re attending, don’t miss the “Microsoft Purview for the Age of AI” keynote and our sessions on Microsoft Purview. Explore more details on how Microsoft Purview can help you and read our e-book “Crash Course in Microsoft Purview: A guide to securing and managing your data estate.”

Microsoft Purview

Secure and govern data across your data estate while reducing risk and meeting compliance requirements.

Learn more

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on X at @MSFTSecurity for the latest news and updates on cybersecurity.

Explore data security resources and trends

Gain insights into the latest data security advancements, including expert guidance, best practices, trends, and solutions.

Get started

¹Worldwide Global DataSphere and Global StorageSphere Structured and Unstructured, DOC #US50397723, Data Forecast, 2023–2027 Market Forecast. June 13, 2023.

²2022 Chief Data Officer survey, Deloitte. September 2022.

³ISMG First Annual Generative AI Study: Business rewards vs. Security Risks. January 31, 2024.

The post The foundation for responsible analytics with Microsoft Purview appeared first on Microsoft Security Blog.

Microsoft Copilot for Security

Powerful new capabilities, new integrations, and industry-leading generative AI—generally available on April 1, 2024.

Learn more

We are inspired by the results of our second Copilot for Security economic study, which shows that experienced security professionals are faster and more accurate when using Copilot, and they overwhelmingly want to continue using Copilot. The gains are truly amazing:

• Experienced security analysts were 22% faster with Copilot.
• They were 7% more accurate across all tasks when using Copilot.
• And, most notably, 97% said they want to use Copilot the next time they do the same task.

This new study focuses on experienced security professionals and expands the randomized controlled trial we published last November, which focused on new-in-career security professionals. Both studies measured the effects on productivity when analysts performed security tasks using Copilot for Security compared to a control group that did not. The combined results of both studies demonstrate that everyone—across all levels of experience and types of expertise—can make gains in security with Copilot. When we put Copilot in the hands of security teams, we can break down barriers to entry and advancement, and improve the work experience for everyone. Copilot enables security for all.

Copilot for Security is now pay-as-you-go

Toward our goal of enabling security for all, Microsoft is also introducing a provisioned pay-as-you-go licensing model that makes Copilot for Security accessible to a wider range of organizations than any other solution on the market. With this flexible, consumption-based pricing model, you can get started quickly, then scale your usage and costs according to your needs and budget. Microsoft Copilot for Security will be available for purchase starting April 1, 2024. Connect with your account representative now so your organization can be among the first to enjoy the incredible gains from Copilot for Security.

Global availability and broad ecosystem

General availability means Copilot for Security will be available worldwide on April 1, 2024. Copilot is multilingual and can process prompts and respond in eight languages with a multilingual interface for 25 different languages, making it ready for all major geographies across North and South America, Europe, and Asia.

Copilot has grown a broad, global ecosystem of more than 100 partners consisting of managed security service providers and independent software vendors. We are so grateful to the partners who continue to play a vital role in empowering everyone to confidently adopt safe and responsible AI.

Partners can learn more about integrating with Copilot.

New Copilot for Security product innovations

Microsoft Copilot for Security helps security and IT professionals amplify their skillsets, collaborate more effectively, see more, and respond faster.

As part of general availability, Copilot for Security includes the following new capabilities:

• Custom promptbooks allow customers to create and save their own series of natural language prompts for common security workstreams and tasks.
• Knowledge base integrations, in preview, empowers you to integrate Copilot for Security with your business context, so you can search and query over your proprietary content.
• Multi-language support now allows Copilot to process prompts and respond in eight different languages with 25 languages supported in the interface.  
• Third-party integrations from global partners who are actively developing integrations and services.
• Connect to your curated external attack surface from Microsoft Defender External Attack Surface Management to identify and analyze the most up-to-date information on your organization’s external attack surface risks.
• Microsoft Entra audit logs and diagnostic logs give additional insight for a security investigation or IT issue analysis of audit logs related to a specific user or event, summarized in natural language.
• Usage reporting provides dashboard insights on how your teams use Copilot so that you can identify even more opportunities for optimization.

To dive deeper into the above announcement and learn about pricing, read the blog on Tech Community. Read the full report to dig into the complete results of our research study or view the infographic. To learn more about Microsoft Copilot for Security, visit our product page or check out our solutions that include Copilot. If you’re interested in a demo or are ready to purchase, please contact your sales representative.

“Threat actors are getting more sophisticated. Things happen fast, so we need to be able to respond fast. With the help of Copilot for Security, we can start focusing on automated responses instead of manual responses. It’s a huge gamechanger for us.” 

—Mario Ferket, Chief Information Security Officer, Dow 

AI-powered security for all

With general availability, Copilot for Security will be available as two rich user experiences: in an immersive standalone portal or embedded into existing security products.

Integration of Copilot with Microsoft Security products will make it even easier for your IT and security professionals to take advantage of speed and accuracy gains demonstrated in our study. Enjoy the product portals you know and love, now enhanced with Copilot capabilities and skills specific to use cases for each product.

The unified security operations platform, coming soon, delivers an embedded Copilot experience within the Microsoft Defender portal for security information and event management (SIEM) and extended detection and response (XDR) that will prompt users as they investigate and respond to threats. Copilot automatically surfaces relevant details for summaries, drives efficiency with guided response, empowers analysts at all levels with natural language to Kusto Query Language (KQL) and script and file analysis, and now includes the ability to assess risks with the latest Microsoft threat intelligence.

Copilot in Microsoft Entra user risk investigation, now in preview, helps you prevent identity compromise and respond to threats quickly. This embedded experience in Microsoft Entra provides a summary in natural language of the user risk indicators and tailored guidance for resolving the risk. Copilot also recommends ways to automate prevention and resolution for future identity attacks, such as with a recommended Microsoft Entra Conditional Access policy, to increase your security posture and keep help desk calls to a minimum.

To help data security and compliance administrators prioritize and address critical alerts more easily, Copilot in Microsoft Purview now provides concise alert summaries, integrated insights, and natural language support within their trusted investigation workflows with the click of a button.

Copilot in Microsoft Intune, now in preview, will help IT professionals and security analysts make better-informed decisions for endpoint management. Copilot in Intune can simplify root cause determination with complete device context, error code analysis, and device configuration comparisons. This makes it possible to detect and remediate issues before they become problems.

Discover, protect, and govern AI usage

As more generative AI services are introduced in the market for all business functions, it is crucial to recognize that as this technology brings new opportunities, it also introduces new challenges and risks. With this in mind, Microsoft is providing customers with greater visibility, protection, and governance over their AI applications, whether they are using Microsoft Copilot or third-party generative AI apps. We want to make it easier for everyone to confidently and securely adopt AI.

To help organizations protect and govern the use of AI, we are enabling the following experiences within our portfolio of products:

• Discover AI risks: Security teams can discover potential risks associated with AI usage, such as sensitive data leaks and users accessing high-risk applications.
• Protect AI apps and data: Security and IT teams can protect the AI applications in use and the sensitive data being reasoned over or generated by them, including the prompts and responses.
• Govern usage: Security teams can govern the use of AI applications by retaining and logging interactions with AI apps, detecting any regulatory or organizational policy violations when using those apps, and investigating any new incidents.

At Microsoft Ignite in November 2023, we introduced the first wave of capabilities to help secure and govern AI usage. Today, we are excited to announce the new out-of-the-box threat detections for Copilot for Microsoft 365 in Defender for Cloud Apps. This capability, along with the data security and compliance controls in Microsoft Purview, strengthens the security of Copilot so organizations can work on all types of data, whether sensitive or not, in a secure and responsible way. Learn more about how to secure and govern AI.

Expanded end-to-end protection to help you secure everything

Microsoft continues to expand on our long-standing commitment to providing customers with the most complete end-to-end protection for your entire digital estate. With the full Microsoft Security portfolio, you can gain even greater visibility, control, and governance—especially as you embrace generative AI—with solutions and pricing that fit your organization. New or recent product features include:

Microsoft Security Exposure Management is a new unified posture and attack surface management solution within the unified security operations platform that gives you insights into your overall assets and recommends priority security initiatives for continuous improvement. You’ll have a comprehensive view of your organization’s exposure to threats and automatic discovery of critical assets to help you proactively improve your security posture and lower the risk of exposure of business-critical assets and sensitive data. Visualization tools give you an attacker’s-eye view to help you investigate exposure attempts and uncover potential attack paths to critical assets through threat modeling and proactive risk exploration. It’s now easier than ever to identify exposure gaps and take action to minimize risk and business disruption.

Adaptive Protection, a feature of Microsoft Purview, is now integrated with Microsoft Entra Conditional Access. This integration allows you to better safeguard your organization from insider risks such as data leakage, intellectual property theft, and confidentiality violations. With this integration, you can create Conditional Access policies to automatically respond to insider risks and block user access to applications to secure your data.

Microsoft Communication Compliance now provides both sentiment indicators and insights to enrich Microsoft Purview Insider Risk Management policies and to identify communication risks across Microsoft Teams, Exchange, Microsoft Viva Exchange, Copilot, and third-party channels. 

Microsoft Intune launched three new solutions in February as part of the Microsoft Intune Suite: Intune Enterprise Application Management, Microsoft Cloud PKI, and Intune Advanced Analytics. Intune Endpoint Privilege Management is also rolling out the option to enable support approved elevations.

Security for all in the age of AI

Microsoft Copilot for Security is a force multiplier for the entire Microsoft Security portfolio, which integrates more than 50 categories within six product families to form one end-to-end Microsoft Security solution. By implementing Copilot for Security, you can protect your environment from every angle, across security, compliance, identity, device management, and privacy. In the age of AI, it’s more important than ever to have a unified solution that eliminates the gaps in protection that are created by siloed tools.

The coming general availability of Copilot on April 1, 2024, is truly a milestone moment. With Copilot, you and your security team can confidently lead your organization into the age of AI. We will continue to deliver on Microsoft’s vision for security: to empower defenders with the advantage of industry-leading generative AI and to provide the tools to safely, responsibly, and securely deploy, use, and govern AI. We are so proud to work together with you to drive this AI transformation and enable security for all.

Join us April 3, 2024, at the Microsoft Secure Tech Accelerator for a deep dive into technical information that will help you and your team implement Copilot. Learn how to secure your AI, see demonstrations, and ask our product team questions. RSVP now.

Microsoft Secure

Watch the second annual Microsoft Secure digital event to learn how to bring world-class threat intelligence, complete end-to-end protection, and industry-leading, responsible AI to your organization.

Watch now

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Cybersecurity and AI news

Discover the latest trends and best practices in cyberthreat protection and AI for cybersecurity.

Get the latest resources

The post Microsoft Copilot for Security is generally available on April 1, 2024, with new capabilities appeared first on Microsoft Security Blog.

As many of you look to AI transformation to drive the next wave of innovation, you now also need to account for data being both consumed and created by generative AI applications. The risks that come with implementing and deploying AI are not fully known, and it is only a matter of time before you start to see broader regulatory policies on AI. According to Gartner®, by 2027 at least one global company will see its AI deployment banned by a regulator for noncompliance with data protection or AI governance legislation.² AI will be a catalyst for regulatory changes, and having secure and compliant AI will become fundamental.

With these trends converging all at once, securing and governing all your data is a complex and multifaceted undertaking. You need to secure and govern different types of data (structured, unstructured, and data generated by AI). You need to secure and govern it in different locations across multiple clouds, and you need to account for existing and future data security, governance, and AI regulations.

Most organizations experience an average of 59 data security incidents per year and use an average of 10 solutions to secure their data estate.¹ This fragmented approach requires many of you to stitch together multiple tools to address data security and governance, which can lead to higher costs and difficulty in both procurement and management. The lack of integration between the disparate tools can cause unnecessary data transfers, duplicate copies of data, redundant alerts, siloed investigations, and exposure gaps that lead to new types of data risks and ultimately worse security outcomes.

A simpler approach: Microsoft Purview

To address these challenges, you need a simplified approach to data security, governance, and compliance that covers your entire data estate. Microsoft Purview is an integrated solution that helps you understand, secure, and manage your data—and delivers one unified experience for our customers.

With Microsoft Purview, you can:

• Gain end-to-end visibility and understanding of your entire data estate, across on-premises, multicloud, and software as a service (SaaS) environments, and for structured, unstructured, and data created by generative AI applications.
• Apply comprehensive data protection across your data estate, using AI-powered data classification technology, data maps, extensive audit logs and signals, and management experience.
• Improve your risk and compliance posture with tools to identify data risk and manage regulatory requirements.

Microsoft Purview

Help keep your organization’s data safe with a range of solutions for unified data security, data governance, and risk and compliance management.

What’s new in Microsoft Purview?

In this blog post, we will outline some of the exciting new capabilities for Microsoft Purview that we announced at Microsoft Ignite 2023.

Expanding data protection across the data estate

As we unveiled earlier this year, Microsoft Purview is expanding the sphere of protection across your entire data estate, including structured and unstructured data types. We are excited to share some of the next steps in that journey by providing you with:

• A unified platform that enables you to discover, label, and classify data across various data sources, including Microsoft Fabric, Microsoft Azure, Amazon Web Services (AWS), and other cloud environments.
• Consistent protections across structured and unstructured data types such as Azure SQL, Azure Data Lake Storage (ADLS), and Amazon S3 buckets.  
• Expanded risk detections enabling signals from infrastructure clouds and third-party apps such as AWS, Box, DropBox, and GitHub.

With these capabilities, you can gain visibility across your data estate, apply consistent controls, and ensure that your data is protected and compliant across a larger digital landscape. For example, you can scan and label your data in Microsoft Azure SQL, Azure Data Lake Storage, and Amazon S3 buckets, and enforce policies that restrict access to sensitive data based on data labels or user roles from one control plane—just like you do for Microsoft 365 sources. Check out this short Microsoft Mechanics video covering an end-to-end scenario. To learn more, we invite you to read the “Expanding data protection” blog.

Securing AI with Microsoft Purview

We are committed to helping you protect and govern your data, no matter where it lives or travels. Building on this vision, Microsoft Purview enables you to protect your data across all generative AI applications—Microsoft Copilots, custom AI apps built by your organization, as well as more than 100 commonly used consumer AI apps such as OpenAI’s ChatGPT, Bard, Bing Chat, and more.³ We announced a set of capabilities in Microsoft Purview to help you secure your data as you leverage generative AI. Microsoft Purview will provide you with:

• Comprehensive visibility into the usage of generative AI apps, including sensitive data usage in AI prompts and total number of users interacting with AI. To enable customers to get these insights, we announced preview of AI hub in Microsoft Purview.
• Extensive protection with ready-to-use and customizable policies to prevent data loss in AI prompts and protect AI responses. Customers can now get additional data security capabilities such as sensitivity label citation and inheritance when interacting with Copilot for Microsoft 365 and prevent their users from pasting sensitive information in consumer generative AI applications.
• Compliance controls to help detect business violations and easily meet regulatory requirements with compliance management capabilities for Copilot for Microsoft 365.

Copilot for Microsoft 365 is built on our security, compliance, privacy, and responsible AI framework, so it is enterprise ready. With these Microsoft Purview capabilities, you can strengthen the data security and compliance for Copilot. The protection and compliance capabilities for Copilot are generally available, and you can start using them today. To learn more, read the Securing AI with Microsoft Purview blog.

Supercharge security and compliance effectiveness with Microsoft Security Copilot in Microsoft Purview

Microsoft Purview capabilities for Microsoft Security Copilot are now available in preview. With these capabilities you can empower your security operations center (SOC) teams, your data security teams, and your compliance teams to address some of their biggest obstacles. Your SOC teams can use the standalone Security Copilot experience to analyze signals across Microsoft Defender, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, and Microsoft Purview into a single pane of glass. Your data security and compliance teams can use the embedded experiences in Microsoft Purview for real-time analysis, summarization, and natural language search, for data security and compliance built directly into your investigation workflows.

Microsoft Purview capabilities in Security Copilot

To help your SOC team gain comprehensive insights across your security data, Microsoft Purview capabilities in Security Copilot will provide your team with data and user risk insights, identifying specific data assets that were targeted in an incident and users involved to understand an incident end to end. For example, in the case of a ransomware attack, you can leverage user risk insights to identify the source of the attack, such as a user visiting a website known to host malware, and then leverage data risk insights to understand which sensitive files that user has access to that may be held for ransom.

Security Copilot embedded in Microsoft Purview

We’ve also embedded Security Copilot into Microsoft Purview solutions to help with your data security and compliance scenarios. You can now leverage real-time guidance, summarization capabilities, and natural language support to catch what others miss, accelerate investigation, and strengthen your team’s expertise. Here’s where these capabilities will light up:

• Summarize alerts in Microsoft Purview Data Loss Prevention: Investigations can be overwhelming for data security admins due to the large number of sources to analyze and varying policy rules. To help alleviate these challenges, Security Copilot is now natively embedded in Data Loss Prevention to provide a quick summary of alerts, including the source, attributed policy rules, and user risk insights from Microsoft Purview Insider Risk Management. This summary helps admins understand what sensitive data was leaked and associated user risk, providing a better starting point for further investigation. Learn more in our Microsoft Purview Data Loss Prevention announcement.
• Summarize alerts in Microsoft Purview Insider Risk Management: Insider Risk Management provides comprehensive insights into risky user activities that may lead to potential data security incidents. To accelerate investigations, Security Copilot in Insider Risk Management summarizes alerts to provide context into user intent and timing of risky activities. These summaries enable admins to tailor investigations with specific dates in mind and quickly pinpoint sensitive files at risk. Learn more in our Microsoft Purview Insider Risk Management announcement.
• Contextual summary of communications in Microsoft Purview Communication Compliance: Organizations are subject to regulatory obligations related to business communications, requiring compliance investigators to review lengthy communication violations. Security Copilot in Communication Compliance helps summarize alerts and highlights high-risk communications that may lead to a data security incident or business conduct violation. Contextual summaries help you evaluate the content against regulations or corporate policies, such as gifts and entertainment and stock manipulation violations. Learn more in our Microsoft Purview Communication Compliance announcement.
• Contextual summary of documents in review sets in Microsoft Purview eDiscovery: Legal investigations can take hours, days, even weeks to sift through the list of evidence collected in review sets. This often requires costly resources like outside council to manually go through each document to determine the relevancy to the case. To help customers address this challenge, we are excited to introduce Security Copilot in eDiscovery. This powerful tool generates quick summaries of documents in a review set, helping you save time and conduct investigations more efficiently. Learn more in our Microsoft Purview eDiscovery announcement.
• Natural language to keyword query language in eDiscovery: Search is a difficult and time-intensive workflow in eDiscovery investigations, traditionally requiring input of a query in keyword query language. Security Copilot in eDiscovery now offers natural language to keyword query language capabilities, allowing users to provide a search prompt in natural language to expedite the start of the search. This empowers analysts at all levels to conduct advanced investigations that would otherwise require keyword query language expertise. Learn more in our Microsoft Purview eDiscovery blog.

To learn more about Security Copilot and Microsoft Purview, read our Microsoft Security Copilot in Microsoft Purview blog.

Additional product updates

New Microsoft Purview Communications Compliance capabilities

Copilot for Microsoft 365 support introduces an advanced level of detection within Communication Compliance, allowing organizations to identify and flag risky communication, regardless of source. Investigative scenarios across various Microsoft applications, including Outlook, Microsoft Teams, and more, showcase the precision of this feature, identifying patterns, keywords, and sensitive information types. With additional features for policy creation and user privacy protection, administrators can also fine-tune their management strategy, ensuring secure, compliant, and respectful communications. Integration with Security Copilot further enhances data security and regulatory adherence, providing concise contextual summaries for swift investigation and remediation. Leveraging AI technology, Communication Compliance detects and categorizes content, prioritizing content that requires immediate attention. Reporting inappropriate content within Microsoft Viva Engage and ensuring compliance in Microsoft Teams meetings further strengthens the multilayered compliance defense. Stay ahead of compliance challenges and embrace these innovative features to secure, comply, and thrive in the digital age.

Learn more in our Microsoft Purview Communication Compliance announcement.

New to Information Protection in Microsoft Purview

As organizations prepare to use generative AI tools such as Copilot for Microsoft 365, leveraging Microsoft Purview Information Protection, discovery and labeling of sensitive data across the digital estate is now even more important than ever. New releases to Microsoft Purview Information Protection include intelligent advanced classification and labeling capabilities at an enterprise scale, contextual support for trainable classifiers that improve visibility into effectiveness and discoverability, better protection for important PDF files, secure collaboration on labeled and encrypted documents with user-defined permissions, as well support for Microsoft Fabric, Azure, and third-party clouds.

You can learn more about the new Information Protection capabilities in the Information Protection announcement.

New Microsoft Purview Data Loss Prevention capabilities

We are excited to announce a set of new capabilities in Microsoft Purview Data Loss Prevention (Purview DLP) that can help comprehensively protect your data and efficiently investigate DLP incidents. Our announcements can be grouped into three categories:

• Efficient investigation: Capabilities that empower admins by making their everyday tasks easier, including enriching DLP alerts with user activity insights from Insider Risk Management, DLP analytics to help find the biggest risk and recommendations to finetune DLP policies, and more.
• Strengthening protection: Capabilities that help protect numerous types of data and provide granular policy controls, including predicate consistency across workloads, enhancements to just-in-time protection for endpoints, support for optical character recognition (OCR), and performance improvements for DLP policy enforcements.
• Expanding protection: Capabilities that extend your protection sphere to cover your diverse digital estate, including support for Windows on ARM and several enhancements to macOS endpoints.

Purview DLP is easy to turn on; protection is built into Microsoft 365 apps and services as well as endpoint devices running on Windows 10 and 11, eliminating the need to set up agents on endpoint devices. 

Learn more in our Microsoft Purview DLP blog.

New Microsoft Purview Insider Risk Management and Adaptive Protection capabilities

To secure data in diverse digital landscapes, including cloud environments and AI tools, detecting and mitigating data security risks arising from insiders is a pivotal responsibility. At Microsoft Ignite, we made a few exciting announcements for Insider Risk Management and Adaptive Protection: 

• Intelligent detection across diverse digital estate: Insider Risk Management will now detect critical data security risks generated by insiders in AWS, Azure, and SaaS applications, including Box, Dropbox, Google Drive, and GitHub. Additionally, security teams can also gain visibility into AI usage with our new browsing to generative AI sites indicator.  
• Adaptive data security from risk detection to response: User context can help security teams make better data security decisions. Security teams can now gain user activity summary when a potential DLP incident is detected in Microsoft Purview DLP and Microsoft Defender portal. With this update and Adaptive Protection, user risk context is available from DLP incident detection to response, making data security more effective. In addition, security teams can now leverage human resources resignation date to define risk levels for Adaptive Protection, addressing common incidents, such as potential data theft from departing employees.  
• Streamlined admin experience for effective policies: To enable better policies management experience, Insider Risk Management will support admin units and provide recommended actions to fine tune policies and receive more high-fidelity alerts. 

Learn more details about all these announcements in our Microsoft Purview Insider Risk Management blog.  

Get started today

These latest announcements have been exciting additions to help you secure and govern your data, across your entire data estate in the era of AI. We invite you to learn more about Microsoft Purview and how it can empower you to protect and govern your data. Here are some resources to help you get started:

• Watch the Microsoft Purview on-demand sessions from Microsoft Ignite, outlined in this guide.
• Try Microsoft Purview for free.
• Read the Data Security Index report.
• Visit the Microsoft Purview website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Data Security Index: Trends, insights, and strategies to secure data, October 2023.

²Gartner, Security Leader’s Guide to Data Security, Andrew Bales. September 7, 2023.

³Microsoft sets new benchmark in AI data security with Purview upgrades, VentureBeat. November 13, 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post New Microsoft Purview features use AI to help secure and govern all your data appeared first on Microsoft Security Blog.

While our in-person tickets have sold out, registration for the virtual event is still available to participate in the Microsoft Security experience at Microsoft Ignite, which includes sessions on security strategies and practical applications. In both tracks,​ you’ll learn about the latest innovations and implementation strategies from Microsoft Security across comprehensive security, unified visibility, and Microsoft Security Copilot. Keep reading this blog post for ideas on keynotes, breakout sessions, and discussions to check out. Register to browse our session catalog and bookmark sessions you’d like to attend.

Catch the news highlights during our keynote

Our announcement-packed keynote from Charlie Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft, will be highlighted on Day 2 of Microsoft Ignite. Don’t miss insights from them during their keynote, “The Future of Security with AI.” They will share how Microsoft is delivering AI for security with Microsoft Security Copilot, and how we enable organizations to secure and govern AI with new capabilities. This new era of AI offers unprecedented opportunities to elevate human potential but also challenges organizations with unknowns and risks.

Learn security strategies for today’s and tomorrow’s challenges 

Our cybersecurity strategy sessions are focused on equipping you to leverage AI and Microsoft Security solutions to strengthen your threat defense strategy. Join these sessions to take your strategies to the next level across identity protection, code-to-cloud approaches, industry best practices for AI, and the latest learnings in threat intelligence.   

Strategy sessions to consider joining include:

• “How we secure the Microsoft estate” (BRK291H: in-person and online): Join a fireside chat with Bret Arsenault, Corporate Vice President and Chief Information Security Officer, on Microsoft’s approach to security and how Microsoft plans to adapt as the industry continues to embrace the new era of AI.
• “Boosting ID Protection Amid Sophisticated Attacks” (BRK294H: in-person and online): Alex Weinert, Vice President, Identity Security, and Mia Reyes, Director, Foundational Security—Cybersecurity, will offer a deep dive into the escalating landscape of cyberthreats targeting digital identities amid the evolving tech realms of the Internet of Things, operational technology, and hybrid workspaces. Learn about innovation in automated key management and Hardware Security Modules for fortified key storage, crucial in mitigating human errors and bolstering defenses against sophisticated aggressors.
• “This Year In Threats: Tales From Microsoft’s Global Fight Against APTs” (BRK299: in-person only): Sherrod DeGrippo, Director of Threat Intelligence, and John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research, will discuss how Microsoft defends customers at the nexus of the cyber and physical worlds and how they can join our global alliance to help give bad actors nowhere to hide. This year, Microsoft Threat Intelligence stood with its partners on the leading edge of the global response to the most impactful threats and incidents. In this session, look back at the threat actors and campaigns that defined 2023 and hear our experts tell their favorite stories from the front line.
• “Secure access in the AI era: What’s new in Microsoft Entra” (BRK297H: in-person and online): Jade D’Souza, Product Manager; John Savill, Cloud Solution Architect; and Joy Chik, President, Identity and Network Access, will offer details on innovations for Microsoft Entra ID (formerly Azure Active Directory) that can help you automatically prevent identity compromise, enforce granular access policies, govern permissions, and leverage AI to secure access for anyone to anything from anywhere. This demo-centric session will follow an employee as they onboard, access resources, and collaborate.
• “Unifying XDR + SIEM: A new era in SecOps” (BRK293H: in-person and online): Preeti Krishna, Principal Product Manager, and Rob Lefferts, Corporate Vice President, Microsoft Threat Protection, will offer insights on how the latest innovations in generative AI, automatic attack disruption, embedded threat intelligence, decoy assets, a reimagined user interface, and cloud posture management capabilities will supercharge your threat detection, response, and defense.
• “Secure and govern your data in the era of AI” (BRK296H: in-person and online): Erin Miyake, Principal Product Manager; Herain Oberoi, Marketing Leader; Tina Ying, Senior Product Marketing Manager, Insider Risk Management; and Rudra Mitra, Corporate Vice President, Microsoft Data Security and Compliance, will demonstrate how Microsoft Purview’s comprehensive approach to data security, compliance, and privacy helps empower organizations to protect and govern their data.
• “Security for AI: Prepare, protect, and defend in the AI era” (BRK298H: in-person and online): Douglas Santos, Senior Product Manager; Maithili Dandige, Partner Group Program Manager, Microsoft 365 Security and Compliance; and Shilpa Bothra, Senior Product Marketing Manager, will discuss the importance of preventing sensitive data leaks in AI as third-party AI apps grow exponentially and hackers continue to launch adversarial attacks using generative AI. Leave this session with a solid defense and ways to secure data as you interact with AI using Microsoft’s comprehensive security suite.

Gain practical applications with in-depth product views

When strategizing a security approach, technology solutions play a critical role. To help you become an expert on security solutions and implement new features within your organization, Microsoft Ignite will include sessions exploring the use cases of Microsoft solutions, including Security Copilot, Microsoft Entra, Microsoft Purview, and Microsoft Intune.

Practical application sessions to consider joining include:

• “Boost multicloud security with a comprehensive code to cloud strategy” (BRK261H: in-person and online): Safeena Begum, Principal Product Manager, and Yuri Diogenes, Principal Product Manager, will talk about how Microsoft Defender for Cloud can help you fortify your defenses and enhance your incident response strategy with cloud security graphic insights and tailored analytics from Defender for Cloud workload protection plans.
• “Fortified security and simplicity come together with Microsoft Intune” (BRK263H: in-person and online): Archana Devi Sunder Rajan, Partner Group Product Manager, Microsoft Intune; Dilip Radhakrishnan, Partner Group Product Manager, Microsoft Intune; Jason Roszak, Chief Product Officer, Microsoft Intune; and Sangeetha Visweswaran, Partner Director of Engineering, will discuss how the next generation of endpoint management and security capabilities from Microsoft Intune help transform security and IT operations. Learn how to simplify app updates, cut the cost of public key infrastructure lifecycle management, mitigate risks with AI-derived insights, and free up resources by automating IT workflows.
• “Modern management innovation shaping endpoint security” (BRK295H: in-person and online): Jeff Pinkston, Director of Engineering; Ramya Chitrakar, Corporate Vice President, Intune Engineering; and Steve Dispensa, Corporate Vice President, will explore how to defend against the evolving sophistication of cyberthreats while ensuring a productive workforce. The newest wave of Microsoft Intune innovation can shape your defense-in-depth strategy for a secure and productive end user computing estate.
• “Beyond traditional DLP: Comprehensive and AI-powered data security” (BRK262H: in-person and online): Maithili Dandige, Shilpa Bothra, and Talhah Mir, Product Manager, will share how AI-powered Microsoft Purview Information Protection and Microsoft Purview Insider Risk Management can transform your data loss prevention (DLP) program, enabling Adaptive Protection and fortifying your data security posture. You will also hear about new features that enhance incident response and expand endpoint coverage and gain insights on how to enhance their data security strategies.
• “How Microsoft Purview helps you protect your data” (OD07: online only): Anna Chiang, Senior Product Marketing Manager, and Tony Themelis, Principal Product Manager, will explore organizational paradoxes and how Microsoft Purview can help strengthen your data security posture. They will also demonstrate how our latest AI-powered and contextual classifiers can identify sensitive trade secrets, personally identifiable information, and more in seconds across your digital estate.
• “Effortless application migration using Microsoft Entra ID” (OD03: online only): David Gregory, Director of Product Marketing, Identity Compete, will share how our newly proposed tool supplies a one-click configuration to integrate applications into Microsoft Entra ID. During this on-demand session, we will provide an overview of how our tool offers a guided experience to seamlessly facilitate the migration of your applications from Active Directory Federation Services to Microsoft Entra ID.
• “Bringing Passkey into your Passwordless journey” (OD02: online only): Calvin Lui, Product Manager; Erik Dauner, Senior Program Manager; and Mayur Santani, Product Manager, walk you through the background of where passkeys came from, their impact on the passwordless ecosystem, and the product features and roadmap bringing passkeys into the Microsoft Entra passwordless portfolio and phishing-resistant strategy.
• “The power of Microsoft’s XDR: they attempted, we disrupted” (BRK265H: in-person and online): Dustin Duran, Director of Security Research, and Kim Kischel, Director of Product Marketing—XDR, will discuss Microsoft 365 Defender’s automatic attack disruption technology and give you a clear understanding of attack disruption and how it’s providing immediate value to customers in the real world today.
• “Making end-to-end security real” (BRK267H: in-person and online): Mark Simos, Lead Cybersecurity Architect, and Sarah Young, Senior Cloud Security Advocate, will share quick wins that solve real-world problems using Microsoft’s integrated security products. This session will show you how to make progress on end-to-end security across identity, security operations, and more.

Interact with the experts

Bring your questions about Microsoft solutions. Our experts have answers. Connect with them during live discussions to learn more.

Opportunities to interact with the experts include:

• “Windows 11, Windows 365, & Microsoft Intune Q&A” (DIS657H: in-person and online): Gabe Frost, Group Product Manager; Harjit Dhaliwal, Senior Product Marketing Manager; Jason Githens, Principal Group Product Manager; and Joe Lurie, Senior Product Manager, will participate in a collaborative question and answer session about where we are today with Windows 11 and device management—and what you need to propel your organization and IT strategies. We’ll quickly outline a few of the latest commercial enhancements, but the focus here is on your thoughts and questions.
• “Preventing loss of sensitive data: Microsoft Purview DLP Q&A” (DIS666H: in-person and online): Shekhar Palta, Principal Product Marketing Manager, and Shilpa Bothra will discuss Microsoft Purview DLP and the way it can prevent accidental or intentional loss of sensitive data across apps and devices. Join us to discuss how you can modernize your DLP and get started quickly, and learn how DLP works with Microsoft Defender products.
• “Panel discussion: Resilient. Compliant. Secure by default” (DISFP375: online only): Joye Purser, Global Lead, Field Cybersecurity, Veritas Technologies; Saurabh Sensharma, Principal Product Manager, Microsoft; Simon Jelley, General Manager for SaaS Protection, Endpoint and Backup Executive, Veritas Technologies; and Tim Burlowski, Senior Director of Product Management, Veritas Technologies, will discuss security strategies. Join Veritas experts for an interactive question and answer on ensuring your cloud applications are resilient and your data is protected, compliant, and recoverable when it matters most.

Socialize with us and your peers

As you’ve probably experienced yourself at previous conferences and business networking events, some of the best ideas are sparked during conversations with other security professionals. Get social and join us and your cybersecurity peers at two incredible networking events.

• The Lounge at Microsoft Ignite: Located in the Hub on Level 5 (Summit Convention Center), the Lounge is the main gathering area for community. The Lounge will be staffed by Microsoft full time employees and attending Most Valuable Professionals (MVPs) to provide continuous question and answer opportunities.
• Microsoft Ignite Security After Party: Network and connect over drinks and appetizers on Wednesday, November 15, 2023, at The Collective. Partners, customers, Microsoft MVPs, and Microsoft subject-matter experts will mix and mingle. Register to reserve your spot.

Register today for Microsoft Ignite

Join us online from anywhere from November 15 to 16, 2023, to hear major product announcements, inspiring messages, and expert insights on the future of cybersecurity and Microsoft solutions. And if you’re not able to participate at all this year, you can still check out plenty of session content, product announcements, and keynotes after Microsoft Ignite wraps up. It will be available on demand after the event. Reserve your spot today. Hope you can join us!

Join the Security Tech Accelerator

We’re also having a Tech Accelerator event on Wednesday, December 6, 2023. Ask questions about the latest product announcements from Ignite and connect with your security peers at this virtual skilling event hosted on the Security Tech Community—register today.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as Twitter) (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Digital security sessions at Microsoft Ignite to prepare you for the era of AI appeared first on Microsoft Security Blog.

Microsoft 365 Defender is our security solution for phishing and related cyberthreats. Some great analysis has been done by the Microsoft Threat Intelligence team on BazaCall’s Tactics, Techniques, and Procedures (TTPs). They’ve also shared how to use Microsoft 365 Defender to locate exploitation activity.

I wanted to take another perspective with this post and share the role that Microsoft Purview data security solutions play, together with Microsoft 365 Defender and Microsoft Sentinel, to provide defense-in-depth mitigation. With defense-in-depth, we create barriers to the bad actor, increasing their resources required and uncertainty, interfering with their business case.

Microsoft Purview provides important value with unified data governance and compliance solutions but it’s Microsoft Purview’s data security capabilities within Microsoft 365 we’ll be discussing in this blog.

What makes BazaCall different from most phishing attacks is using a malicious email to have the victim initiate a call to a phony call center run by the bad actor that then coaches the victim to install malware. Replacing malicious links and attachments in email with a phone number to the call center is used to evade email protection.

An overview of the BazaCall attack flow is provided at the end of this post.

The mitigations suggested here will be of value for attacks where the bad actor has control of a Microsoft 365 account and is attempting to exfiltrate sensitive data.

The data security benefits of Microsoft Purview for attack mitigation are sometimes overlooked. These solutions may be managed by other groups in the organization, such as the compliance team rather than the security team, and so may not be the go-to tools in the toolbox when preparing for or responding to an attack. These solutions should be part of a defense-in-depth strategy and Zero Trust architecture.

Microsoft Purview Mitigations

Microsoft Purview Information Protection sensitivity labels can be applied to protect sensitive files from unauthorized access. These sensitivity labels can have scoped encryption, among other protections, which travels with the file inside and outside of the organization’s environment. This would make the file unreadable except by the party for which the encryption is scoped—for example, only employees, a partner, or a customer organization—or it can be defined by the user to be consumable only by specific individuals.

Figure 1. Sensitivity Label with scoped encryption—accessible only to employees.

Automation, configured by the administrators, can be used to support the user in applying these labels including making the application of a label mandatory if the file contains sensitive information.

Microsoft Purview Data Loss Prevention (Purview DLP) can be used to prevent the sensitive information from being exfiltrated through several egress channels, including user’s endpoint devices, Microsoft cloud services such as SharePoint Online, OneDrive for Business, Exchange Online, Teams, and Microsoft PowerBI, browsers such as Microsoft Edge, Chrome, and Firefox, as well as non-Microsoft applications such as Salesforce, Dropbox, Box, and more, including the free file-sharing services used as part of the BazaCall TTPs.

Customers can create policies that block and do not allow override for their top priority sensitive information such that even if the bad actor manages to get access to the user’s account, they are blocked from exfiltrating any sensitive content. Purview DLP policies can be configured leveraging a variety of out-of-the-box or custom criteria including machine learning-based trainable classifiers as well as the sensitivity labels created in Information Protection.

Figure 2. Purview DLP preventing the upload of sensitive files into Dropbox.

Microsoft Purview Insider Risk Management can alert the security team to the bad actor’s activities, including the exfiltration of sensitive information to the file-sharing service. Insider Risk Management can reason over and parse through user activity signals, by leveraging more than 100 ready-to-use indicators and machine learning models, including sequence detection and cumulative exfiltration detection. With Adaptive Protection powered by Insider Risk Management, the security team can detect high-risk actors, such as a bad actor-controlled account, and automatically enforce the strictest DLP policy to prevent them from exfiltrating data.  

Figure 3. Insider Risk Management uses specialized algorithms and machine learning to identify data exfiltration and other risks.

Microsoft Defender for Cloud Apps can make a file-sharing site used for sensitive file exfiltration unreachable from the user’s browser or it can prevent sensitive files from being moved to the site. Alternatively, the policy can be configured to only allow files to be moved to the file-sharing site if they have a sensitivity label applied that contains scoped encryption. If this protected file is exfiltrated it would not be readable by the bad actor.

Figure 4. Microsoft Defender for Cloud Apps blocking access to file sharing and backup site.

Microsoft Purview Audit provides forensic information to scope a possible breach. This is especially valuable when bad actors are “living off the land.” Among the audit items made available are the terms that a user searched in email and SharePoint. If the bad actor was searching for sensitive information to exfiltrate, this item will assist the investigation.

Purview Audit, recently expanded for accessibility and flexibility, will also provide insight to mail items accessed and mail sent, which would be impactful when investigating scope and possible exfiltration channels. Although a bad actor’s known TTPs may not include these channels, we need a fulsome investigation. Their TTPs are likely not static.

Purview Audit Premium provides more logging event retention capabilities, with one-year retention (up from 180 days with Standard) and an option to increase retention to 10 years among other upgraded features.

Figure 5. Premium Audit solution searching forensic events.

Microsoft Purview Data Lifecycle Management policies and labeling could be used to purge unneeded information from the organization’s environment. An auditable review can be required prior to deletion or deletion can be automated without user or administrator action.

If information is not in the environment, it cannot be exfiltrated by the bad actor or put the organization at risk.

Figure 6. Disposal of unneeded documents reduces exfiltration risk to the organization.

About BazaCall

BazaCall uses a phishing campaign that tricks unsuspecting users into phoning the attacker, who coaches them into downloading BazaLoader malware, which retrieves and installs a remote monitoring and management (RMM) tool onto the user’s device. The email typically claims that the user has reached the end of a free trial of some type, that billing will begin shortly and provides an option to cancel by phoning a call center. The threat of unjustified billing is the lever that the attacker uses to get the victim to comply.

Typically, the file download has been a malicious Excel document that purports to be a “cancellation form” for the unwanted service and charges referred to in the phishing campaign. The bad actor coaches the victim into accepting macros and disabling security solutions to complete the phony “cancellation.”

RMM software provides multiple useful purposes for attackers: The software allows an attacker to maintain persistence and deploy malicious tools within a compromised network. It can also be used for an interactive command-and-control system. With command and control established, the bad actor organization can spread laterally through the environment to steal sensitive data and deploy ransomware. Once command and control of the user’s machine is established, bad actor hands-on keyboard is used to exfiltrate data including through free cloud-based file-sharing sites. TTPs have evolved in the last two years, including the use of file-sharing sites for exfiltration in addition to open-source tools like RClone.

The user is also subject to human-operated ransomware.

The mitigations discussed in this post are focused on the data exfiltration aspects in the “hands-on-keyboard” phase of the attack.

Figure 7. BazaCall attack flow.

Microsoft Purview can help protect from BazaCall attacks

Microsoft Purview data security for Microsoft 365 is not a cure-all for phishing attacks. It is part of a defense-in-depth strategy that includes user training, antimalware, vulnerability management, email security, access control, monitoring, and response. The data security solutions within Microsoft Purview should be considered based on risk-based criteria for inclusion in the strategy.

These tools may be managed by different teams in the organization. Collaboration among these teams is critical for coordinated defense and incident response. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks appeared first on Microsoft Security Blog.

Attacks are quickly becoming more automated through AI-assisted tools. They are also increasing exponentially—the number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second.¹ Plus, the annual cost of cyberattacks continues to grow. According to the FBI Internet Crime Complaint Center’s (IC3) latest research, reported total losses grew from USD6.9 billion in 2021 to more than USD10.2 billion in 2022.² Such losses are even greater on a global scale. If organizations continue to operate within a fractured security state and only utilize what’s worked in the past, they will leave gaps in their security posture.

Now there is a unique opportunity to harness the power of AI in combination with an end-to-end security solution to build a resilient security posture with defenses that rapidly adapt. There has never been a more important time for specialized cybersecurity expertise, and our partners are critical to preparing customers for the era of AI. According to a Forrester Total Economic Impact study, Microsoft Security partners are realizing a significant increase in their business with more than 14 percent year-over-year growth.³ In small and medium businesses (SMBs), partners are seeing even more dramatic demand with more than 37 percent market expansion just this last year.

Today at Microsoft Inspire 2023, we will discuss AI-powered security during the “Springboard customers into the era of AI with end-to-end security” session. Also, you’ll have an opportunity to ask your most pressing questions at the expert Q&A.

Register for Microsoft Inspire to hear more details on our latest exciting announcements listed in this blog.

Microsoft Inspire 2023

Elevate your business by joining us for Microsoft Inspire, July 18 and 19, 2023, and learn how to accelerate AI transformation in your security practice.

Register now

Coming soon: Microsoft Security Copilot Early Access Program

We are extremely encouraged by the excitement and positive feedback we have received from customers and partners since we announced Microsoft Security Copilot—one of the first generative AI products in the security industry—in March 2023. This fall, we will open our Early Access Program and invite more customers and partners to experience Security Copilot. To help us focus our learning, customers who use Microsoft Defender for Endpoint will be prioritized for early access. Those who also use Microsoft Sentinel will get even more benefit from the program. Security Copilot is designed to work with a broad range of Microsoft and third-party tools, and we will expand the program as we learn.

Our preview is well underway, and the feedback from our preview customers shows that there’s every reason to be excited about the massive potential of this technology to help protect at machine speed and scale:

“Microsoft is spearheading a transformative shift in security operations center (SOC) processes and operations at a truly remarkable speed. By fully integrating these cutting-edge AI technologies, they are pioneering a leap so momentous that by December 2024, SOC operations from 2021 may seem prehistoric in comparison. The surge in productivity could be unparalleled. At Bridgewater, we are thrilled to be helping Microsoft on this voyage, collaboratively propelling Security Copilot’s full potential to the forefront of the industry.”

—Igor Tsyganskiy, President, Bridgewater

New: Security Copilot design advisory council

Today, we are officially kicking off our partner engagement to help you build your own solutions and services powered by Security Copilot. If you are a Microsoft partner, you can start today by helping customers deploy Microsoft Defender for Endpoint and Microsoft Sentinel so that they are prepared to adopt Microsoft Security Copilot. We are excited to join forces with our partners, including members of the Microsoft Intelligent Security Association. Here’s what a couple of our partners have shared already:

“When it comes to cybersecurity, threat actors are increasingly using AI to carry out sophisticated attacks, so why aren’t defenders? We are operating in an era where fighting AI with AI is non-negotiable. By partnering with Microsoft Security Copilot, we can help level the playing field for defenders together. Much of the AI universe sits behind Cloudflare, and acting as the intermediary to allow businesses to harness the power of this technology in a safe way is critical.”

—Matthew Prince, Chief Executive Officer, Cloudflare

“We believe that generative AI will be truly revolutionary and will allow us to become more effective and efficient, by orders of magnitude, in protecting our customers. We expect to see productivity increases from our SOC analysts using Security Copilot when dealing with scenarios like incident response and threat hunting and believe there is potential for upskilling effects, allowing any analyst to complete more advanced tasks quicker than ever before. We are proud to be on this journey with Microsoft and remain excited as they continue to add more compelling capabilities to Security Copilot.”

—Brian Beyer, Chief Executive Officer, Red Canary

“Building on our recent investment to expand and scale our AI offerings, we’re excited to team with Microsoft on bringing Security Copilot to our joint customers, augmenting their ability to predict—prevent—and rapidly respond to security threats. This will help empower all of our customers and provide new opportunities leveraging the responsible use of generative AI.”

—Sean Joyce, Global Cybersecurity and Privacy Leader, PwC

If you are interested in learning how to engage with your customers now to take full advantage of these new AI technologies, we invite you to sign up to receive communications and to be considered for our new Security Copilot design advisory council.

Investments in the managed security service provider community

According to Gartner®, “by 2025, 60 percent of organizations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30 percent today.”⁴ 

To help meet the anticipated demand for these services, we are actively working to recruit more Managed Extended Detection and Response (MXDR) partners alongside our first-party offering. Microsoft is deeply committed to our partner community, and partners will always be the primary path for customers to get the services they need. We are increasing our overall investments for security partners by nearly 50 percent this coming year. A great example of this continued investment is the Microsoft engineering verified MXDR solution status that we launched for partners last year.

Making it easier to better protect small and medium businesses

Small and medium businesses are seeing more cyberattacks, with 82 percent of ransomware attacks targeting small businesses.⁵ Due to a lack of internal security specialists, these businesses often look to IT partners to help secure their IT environments.

We are making it easier for partners to deliver security services to their customers:

• For partners who want to build their own SOC or managed detection and response (MDR) service, we are pleased to announce streaming APIs from Microsoft Defender for Business to enable advanced hunting and attack detection. Available in preview in Defender for Business standalone and as part of Microsoft 365 Business Premium.
• With a 3.4 million-person global shortage in the cyber workforce, partners face staffing challenges as much as their customers do.⁶ For those partners who want to resell security services but do not have the resources to invest in an in-house SOC, we are pleased to announce integrations with leading MDR providers. For example, Blackpoint Cyber now offers both a round-the-clock cloud response MDR service for Microsoft 365 environments, including Microsoft 365 Business Premium, and a managed endpoint detection and response (EDR) service for Defender for Business customers. 
• We’re extending mobile protection to SMB customers who may not have a mobile device management solution with Mobile threat defense for standalone Defender for Business customers—now generally available. The new Defender for Business monthly summary report will show threats prevented, current status from Microsoft Secure Score and recommendations, and will help partners to show value to customers.

For details on our SMB-focused announcements, read our Tech Community blog post.

Expanding comprehensive security with product innovations

We continue to offer one of the most comprehensive security solutions in the market and power it with world-class global threat intelligence. Today we announced the following innovations:

• Microsoft Sentinel: To simplify budgeting, billing, and cost management, the Microsoft Sentinel price now includes the Azure Monitor Log Analytics price. To learn more, read the announcement blog.
• Microsoft Defender Experts for XDR: A new managed service gives customers step-by-step guidance to respond to incidents, receive expertise when they need it, and stay ahead of emerging threats.
• Microsoft Purview Insider Risk Management: With the new bring-your-own-detections capabilities, partners can help their customers create custom indicators by bringing in detections from non-Microsoft sources, such as a customer relationship management system like Salesforce or a developer tool like GitHub.
• Microsoft Defender for Cloud Apps: The new open app connector platform makes it easier for partners to plug their solutions into our platform. New API connectors include the preview of Asana and Miro as well as the general availability of software as a service security posture management capabilities for DocuSign, Citrix, Okta and GitHub.
• Microsoft Defender for Endpoint: The settings management experience is now natively embedded into Microsoft Defender for Endpoint for Windows, Linux, and macOS, removing dependencies on Microsoft Intune and the need to switch between portals.
• Microsoft Defender Threat Intelligence: Graph APIs now enable simple exporting and ingestion of data to Microsoft Defender, Microsoft Sentinel, and third-party applications.
• Microsoft Purview eDiscovery: Now generally available, the Microsoft Graph eDiscovery Export API will enable external applications and partners to integrate the eDiscovery export function through scripting.
• Microsoft Purview Information Protection: With this update, confidential and highly sensitive Excel files that are labeled and protected by Microsoft Purview Information Protection can continue to be protected when imported into Microsoft Power BI datasets and reports throughout their lifecycle. Additionally, documents in SharePoint and OneDrive now support labeled and encrypted documents with user-defined permissions. Co-authoring for Word, Excel, and PowerPoint apps now enables document owners to define permissions for people who can have access to shared sensitive documents that are encrypted.
• Microsoft Purview Data Loss Prevention: Microsoft Purview Data Loss Prevention introduces a new capability to allow security teams to create policies that prevent their users from pasting sensitive data to specific websites or web applications.
• Microsoft Defender for External Attack Surface Management: With External Attack Surface Management, you can leverage new data connections to seamlessly integrate your attack surface data into other Microsoft solutions, including Azure Data Explorer and Log Analytics. These data connections will help you supplement workflows with new insights, which will enable you make informed security decisions based on more comprehensive information.

We have been innovating rapidly across the entire Microsoft Security portfolio. In case you missed them, here are a few of our most recent announcements.

• Two new Security Service Edge solutions: Microsoft Entra Internet Access helps protect access against malicious traffic and threats from the open internet. Microsoft Entra Private Access helps secure access to private apps and resources from any device and network.
• Microsoft Azure Active Directory is now Microsoft Entra ID: To unify our product family, we changed the name of Microsoft Azure Active Directory to Microsoft Entra ID.
• Microsoft Intune Suite: In March 2023, we launched the Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The suite’s AI-powered automation empowers IT and security teams to move simply and quickly from reactive to proactive in addressing security challenges.
• Adaptive Protection in Microsoft Purview: In early 2023, we launched Adaptive Protection in Microsoft Purview. This new capability dynamically updates data loss prevention controls and policies, turning them to individual users and helping customers identify and mitigate the most critical risks. This saves security teams valuable time while ensuring better data security. Learn more about the features and benefits of Adaptive Protection.
• Microsoft Sentinel reduces investigation time by 88 percent: This year, we unveiled a new context-focused incident investigation experience for Microsoft Sentinel that enables security analysts to reduce their investigation time by up to 88 percent.⁷ We also delivered the ability to automatically disrupt in-progress attacks in Microsoft 365 Defender to help customers prevent devasting breaches. 

2023 Security Partner of the Year Awards

We are excited to announce our 2023 Security Partner of the Year Award winners.

Security Partner of the Year: BDO Digital

BDO Digital is a global company that offers detection, automation, and reduction of overall cybersecurity risks. Many of BDO’s clients’ legacy tools were not equipped to deal with modern infrastructure, and internal security teams did not have the bandwidth to monitor and triage security events. BDO helped improve its clients’ cybersecurity posture by reducing actionable alerts by over 50 percent.

Compliance Partner of the Year: Epiq

Epiq offers advanced data security technology solutions, such as a unique Chat Connector for Microsoft Teams that allows legal teams to effectively assess data for relevant and privileged content. 

Building securely together

As we all consider what we can accomplish with AI now and in the future, I cannot overstate the importance of end-to-end security. This is exactly where we recommend you start with your customers. Help them strengthen their security posture now so that when they deploy AI, they are not vulnerable to attacks. AI solutions will only ever be as strong as their underlying security.

As with any product design, we hold ourselves to high security standards when building, developing, and deploying AI-powered solutions from platforms to applications to processes. We maintain rigorous responsible AI practices, aimed at understanding and mitigating harms, measuring the quality of responses, and fostering a continuous learning environment from customer feedback. A cornerstone of these standards is our commitment to developing solutions that are “secure by design and secure by default.” However, it is important to note that the robustness of security is significantly enhanced when users actively manage and maintain it. Our focus extends to ensuring robust control over data, meaning it won’t be used to train AI models without explicit permission. We advocate for our partners to adhere to these benchmarks while crafting and implementing AI-based offerings for customers—whether the aim is to enhance productivity, automate a business process, or safeguard against threats.

Connect with us at Microsoft Inspire 2023

Microsoft Inspire 2023 is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. If you haven’t registered, there’s still time to reserve your complimentary spot. There, you’ll hear strategies to prepare your organization for AI with comprehensive security and security posture. Hope to see you in these sessions!

• “Springboard customers into the era of AI with end-to-end security” (FS106): This session will spotlight how AI will transform technology for our customers and their security practices. You can also join a live Q&A with the experts.
• “Investments Microsoft is making to accelerate your security business” (ODBRK117): Learn the latest opportunities to expand the offerings of existing customers over the next 12 months with Microsoft Security.
• “Take advantage of the expanding opportunity with end-to-end security” (OD130): Explore how Microsoft Security’s end-to-end solution helps you get ready and get your customers to fully leverage the massive opportunity in the security market.  
• “Securing the channel: protecting customers’ digital transformation” (OD131): Find out more about Microsoft’s vital role in addressing increasing cyberattacks in hybrid and remote work environments, while also hearing of the role of partners in proactively securing customers’ digital transformation.
• “Bridging the cybersecurity gap: security training for partners” (OD132): In this Level 400 session, you’ll experience a new gamified learning simulation that makes Microsoft Security solutions real for you and your teams through interactive scenarios. 
• “Build Your Security Practice” (OD142): Explore how partners can grow revenue and profitability with managed security services with Microsoft 365 Business Premium and Microsoft Defender for Business. We will discuss key SMB trends, new product innovations, and resources to help partners develop successful security service offerings.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft internal data.

²Internet Crime Report, Federal Bureau of Investigation. 2022.

³The Partner Opportunity For Microsoft Security, Forrester. July 2023.

⁴Gartner® Market Guide for Managed Detection and Response Services, Pete Shoard, Al Price, Mitchell Schneider, Craig Lawson, Andrew Davies. February 14, 2023. 

⁵The Devastating Impact of Ransomware Attacks on Small Businesses, Quinn Cleary. April 4, 2023.

⁶2022 Cybersecurity Workforce Study, (ISC)². 2022.

⁷The Total Economic Impact™ Of Microsoft SIEM And XDR, Forrester. August 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

The post Microsoft Inspire: Partner resources to prepare for the future of security with AI appeared first on Microsoft Security Blog.

Figure 1. This graphic shows how software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) work together in a comprehensive security strategy.

Microsoft Security—extending our multicloud reach

At Microsoft, we have long embraced our commitment to protecting our customers’ multicloud environments. The journey began in July 2021, when we acquired CloudKnox Security to help customers manage permissions across clouds and strengthen their Zero Trust strategy.² That cloud infrastructure entitlement management (CIEM) solution has evolved to become Microsoft Entra Permissions Management, and is part of our comprehensive identity product family: Microsoft Entra. In February 2022, Microsoft Defender for Cloud expanded to include GCP and AWS, becoming the first cloud provider to offer integrated cloud-native application protection (CNAPP) for the three main public clouds—from development to runtime.³ This past March, we introduced Microsoft Defender Cloud Security Posture Management for multicloud environments, including new data-aware security posture management capabilities to help customers identify risks across their data estate, and an improved multicloud security benchmark to better unify security and compliance across services. And finally, earlier this year we announced enhancements to Microsoft Purview to continue building on the promise of securing both structured and unstructured data wherever it lives.

Figure 2. Timeline of Microsoft Security’s journey to multicloud, starting in 2021 with the acquisition of CloudKnox Security, to the launch of Microsoft Entra and the extension of Microsoft Defender for Cloud to GCP and AWS in 2022, continuing with enhancements to Microsoft Purview in 2023, with more capabilities to come.

Securing your data wherever it travels

The amount of data being created and transferred is growing exponentially. This is taking place at a time when employees don’t just gather around the water cooler; they’re communicating across digital channels on personal and corporate devices. Modern workforces are distributed, and the digital fabric of any given organization is made up of multiple threads, adding layers of complexity. Additionally, the shift to multicloud makes the surface area of your data even larger. Without unified visibility across your multicloud data security posture, the shift adds to the complexity of identifying risks such as misconfigured object storage and databases.⁴ You can hear more about this in the most recent Uncovering Hidden Risks podcast, which discusses the risks of running a multicloud strategy as customers accelerate their digital transformation. Organizations looking to proactively protect and manage multicloud environments often face challenges around data risk, data protection, and data compliance.

Data Risk—Data doesn’t move itself; people move and interact with data, and that’s where the majority of data security risks stem from. In fact, data security incidents are commonly caused by insider actions, accounting for nearly 35 percent of all unauthorized incidents.⁴ Even the strongest cybersecurity programs can be undermined by insiders who either intentionally or unintentionally compromise an enterprise. To assist you in identifying data risks across various environments, we are pleased to share that you can now bring your own risk detections into Microsoft Purview Insider Risk Management. For example, you can import events from customer relationship management (CRM) systems, such as Salesforce, or developer tools like GitHub. These user activities can then be used as custom indicators in insider risk policies, combined with other built-in indicators, offering organizations a comprehensive view and understanding of potential data security risks posed by an insider. You can learn more about it from our blog “Manage insider risks in multicloud environments.”

Data Protection—The loss of sensitive data remains the top security concern for IT and security professionals. This often leads to the deployment of multiple solutions to manage data loss across different environments, which could lead to both blind spots and data leakage. It is crucial to have integrated solutions that can protect sensitive data across your digital landscape. In addition to supporting Microsoft 365 apps, services, Microsoft Edge, and Windows endpoints, Microsoft Purview Data Loss Prevention (Purview DLP) supports macOS endpoints, as well as virtualized environments such as Citrix, Windows Virtual Desktop, Amazon Workspaces, and Hyper-V platforms, as well as Google Chrome and Firefox browsers. We are continuing to expand our capabilities to allow you to cover all egress risks. Today we are excited to announce that organizations can now leverage Purview DLP to prevent their users from pasting sensitive content in websites on supported browsers. For example, let’s say a user copies customer information from an internal CRM system or SQL database, and pastes it into personal email, social media sites, or generative AI prompts on a supported browser like Microsoft Edge, Google Chrome, or Firefox. Based on the pre-set policy, Purview DLP will audit, warn, or block the action to prevent leaking sensitive information. Learn more in our blog here.

Data Compliance—The compounding impact of a complex regulatory environment and the growing adoption of cloud services makes it increasingly difficult for organizations to identify compliance risks. We are excited to share that you can now run multicloud assessments in Microsoft Purview Compliance Manager. This feature lets you assess your compliance posture across your organization’s multicloud estate, including Azure, AWS, GCP, and services like Zoom and Salesforce. For example, for a regulation such as Payment Card Industry Data Security Standard, you can aggregate and automate your compliance posture across all in-scope services. You can learn more about it in our latest blog.

Be sure to explore our videos on Multicloud Assessments from Microsoft Mechanics, and delve into the latest overview of Microsoft Defender for Cloud by Microsoft Solution Architect, John Savill. This is the first of a series of exciting multicloud innovations, with more in store over the next few months. Stay tuned!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹2023 State of the Cloud Report, Flexera. 2023.

²Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management, Microsoft Security Team. July 21, 2021.

³Microsoft Announces new Security Capabilities for the Multicloud World, Microsoft Stories Asia. February 24, 2022.

⁴Insider threat peaks to highest level in Q3 2022, Maria Henriquez. November 10, 2022.

The post Expanding horizons—Microsoft Security’s continued commitment to multicloud appeared first on Microsoft Security Blog.