Purview DSPM for AI — securing Copilot + public-LLM prompts
Published 10 Jun 2026
· By
Pawan Sharma
· AI & Security
· 14 min read
Generative-AI adoption in Indian enterprise has gone from "interesting exploration" to "your finance team is pasting customer data into ChatGPT and the SOC has no visibility" in 18 months. Microsoft Purview Data Security Posture Management for AI is the operational layer that fixes that — prompt content classification, DLP enforcement on AI prompts, sanctioned-vs-unsanctioned AI app visibility, and the sensitivity-label propagation that makes M365 Copilot safe to roll out. This post is the 30-day activation plan, with the DPDP evidence frame.
3 risks
DSPM for AI addresses
Public-LLM prompt leak, Copilot over-share, sanctioned-AI policy gap.
Purview DSPM
Prerequisite layer
Sensitivity labels + DLP must be live first. AI tier sits on top.
30,000+
AI apps catalogued
Defender for Cloud Apps Catalog tags every known AI service.
DPDP-aligned
Compliance frame
Sec 8(5) reasonable safeguards extends to AI-mediated processing.
Three AI-data-leak risks DSPM for AI addresses
▸ 1. Sensitive data into public LLMs
Employees paste customer PII, source code, M&A docs, financial data into ChatGPT / Gemini / Claude. DSPM for AI: endpoint DLP detects, blocks, warns, or audits. Edge browser integration sees the prompt content.
▸ 2. M365 Copilot over-share
SharePoint over-permissioned content surfaces to Copilot users who shouldn't see it. DSPM for AI: pre-Copilot Purview rollout fixes the underlying over-share (auto-labelling + DLP); Copilot inherits labels + enforces policy on generated content.
▸ 3. Sanctioned-AI policy gap
Internal Azure OpenAI deployment or sanctioned Copilot used without classification policies. DSPM for AI: prompt-content audit + sensitivity-aware response policies on tenant-anchored AI workloads.
The DSPM for AI feature stack
| Component | What it does |
|---|---|
| DSPM for AI dashboard | Usage visibility across users + AI apps; risk-scored views; week-over-week trend |
| Endpoint DLP for AI prompts | Prevent paste / file-upload of Restricted-PII into AI apps at the endpoint |
| Edge browser integration | Inspect + classify prompt content sent to web-based AI apps; apply block / warn policies |
| Sensitivity label inheritance for Copilot | Restricted-PII source → Copilot-generated content inherits label + enforcement |
| Sanctioned AI policy framework | Approved-AI list + per-app sensitivity policies + auditable usage trail |
| Defender for Cloud Apps Catalog | 30,000+ AI services categorised + risk-scored; sanctioned / unsanctioned tagging |
| Sentinel + Defender XDR integration | AI-prompt-DLP events flow to SIEM + analyst investigation surface |
The 30-day activation plan
Prerequisite
Purview Information Protection + DLP must already be production
If sensitivity labels aren't deployed + DLP rules aren't enforcing on the data side, DSPM for AI produces low-signal outputs. Run the standard Purview 30-day plan first (covered in our DPDP post), then roll out DSPM for AI. Trying to skip-ahead is the #1 reason DSPM for AI pilots stall.
Days 1-7 — Baseline AI usage visibility
Enable DSPM for AI dashboard. Defender for Cloud Apps Catalog active. Capture 7 days of AI-usage telemetry — which AI apps, who's using them, what sensitivity context.
Days 8-14 — Endpoint DLP + Edge browser
Endpoint DLP rules to block Restricted-PII paste into public AI apps. Edge browser integration for content inspection. Start in monitor mode for 7 days; tune false-positives.
Days 15-21 — Sanctioned AI policy framework
Define sanctioned-AI list (M365 Copilot + tenant Azure OpenAI workloads). Sensitivity label inheritance configured. Per-app sensitivity policies enforced.
Days 22-30 — Incident detection + Sentinel
Flip endpoint + Edge DLP to enforce. Sentinel data connector for AI-prompt-DLP events. First incidents triaged through Defender XDR. Monthly compliance report cadence established.
What you can show your DPO + auditor on day 30
▸ AI app inventory + risk score
Every AI app accessed from corporate endpoints, classified by Defender for Cloud Apps Catalog.
▸ Sensitive-data-into-AI events
Blocked, warned, or audited — full chain-of-custody for DPDP Sec 8(5) evidence.
▸ Sanctioned AI usage profile
Which sanctioned AI (Copilot, Azure OpenAI) is used by which user populations, with sensitivity context.
▸ Copilot over-share remediation
Pre-Copilot Purview auto-labelling + DLP outcomes — what was over-shared and how the labels closed it.
FAQ
What is DSPM for AI specifically protecting against?
Does DSPM for AI work for non-Microsoft LLMs too?
How does it interact with M365 Copilot specifically?
How does this map to DPDP Act obligations?
Is this all paid premium tier?
What's the rollout order — Purview DSPM general first, then DSPM for AI?
Workforce concerns + employee monitoring?
What's the 30-day DSPM for AI activation plan?
Free Purview DSPM for AI readiness assessment
Inventory your enterprise AI usage, identify the top sensitive-data leak channels, plan the 30-day fix
Ogma audits your current AI-app usage (sanctioned + shadow) via Defender for Cloud Apps Catalog, identifies the top 5 sensitive-data leak channels, and returns a 30-day DSPM for AI activation plan with Purview prerequisite gap analysis.
Request the readiness assessment or explore the Microsoft Purview landingSources
Related: Purview for DPDP Act · Copilot for Security rollout · 30/60/90 stack rollout
Stay ahead of cyber threats
One short email a week — curated Indian cybersecurity news, Fortinet releases, DPDPA updates. No fluff.
