Microsoft Purview · DSPM for AI · GA April–May 2026

See what AI is doing with your data — before it costs you.

Microsoft Purview DSPM for AI gives you visibility into how Microsoft 365 Copilot, copilot agents, and third-party AI tools (ChatGPT, Gemini, Claude) interact with sensitive data across your tenant. Detect oversharing, risky prompts, jailbreak attempts and shadow-AI use — without slowing the rollout.

Get a DSPM for AI Quote → See What It Does
GA
Worldwide April–May 2026
Copilot + 3rd-Party
ChatGPT, Gemini, Claude
DPDPA + CERT-In
Aligned with Indian regs
INR Billing
GST invoiced, full ITC

The Copilot risk you can't see

Microsoft 365 Copilot is built on the principle "users see only what they have permission to see." That sounds safe — until you remember most M365 tenants have inherited 5–10 years of over-permissive SharePoint sharing, mailbox auto-forwards, Teams files and OneDrive folders that "Everyone" can read. Copilot doesn't change permissions; it just makes finding the wrong file 100× faster.

Risk

Oversharing

Copilot surfaces an HR salary spreadsheet to an intern because "Everyone in the organisation" had read access on the original SharePoint site for years. The data was always exposed — Copilot just makes it discoverable in seconds.

Risk

Sensitive prompts

Employees paste customer Aadhaar numbers, source code, M&A documents or merger pricing into ChatGPT/Gemini/Claude to "just summarise this quickly". The data leaves your tenant the moment they hit Enter.

Risk

Jailbreaks

Adversarial prompts attempt to bypass Copilot's safety filters — e.g. role-play attacks, prompt injections from emailed documents, or chained prompts that extract data the user technically should not access.

Risk

Shadow AI use

Marketing uses Jasper, engineers use GitHub Copilot Workspace, finance uses ChatGPT, support uses Claude — none of it sanctioned, all of it processing customer data, none of it visible to IT.

Risk

Hallucinated outputs

Copilot generates a confident answer about a customer's renewal date that is wrong because it pulled from a stale shared mailbox. The mistake reaches the customer; the audit trail shows no DLP signal.

Risk

Copilot agents

Custom-built agents (via Copilot Studio) act as AI identities with their own scopes — accessing data autonomously. Without observability they're a new identity class your IAM team has never governed.

What DSPM for AI actually does

Six capabilities, all integrated with the wider Purview console — sensitivity labels, DLP, Insider Risk and Audit. So when DSPM flags a risky prompt, the same investigation surface that handles a DLP incident handles an AI incident. One pane, one workflow.

Capability

AI Activity Map

Tenant-wide dashboard of every AI interaction — Copilot prompts and responses, Copilot Studio agents, ChatGPT/Gemini/Claude usage, plus DSPM-onboarded third-party assistants. Filter by user, department, sensitivity label, app and time.

Capability

Risk Assessments

Pre-built assessments scan your tenant for AI-readiness issues: SharePoint sites with "Everyone except external" access, mailboxes inheriting too-broad permissions, sensitivity labels missing from high-value content. Each finding includes the exact remediation step.

Capability

Sensitive Prompt Detection

When a user types Aadhaar, PAN, credit card numbers, source code, or labelled documents into a Copilot or third-party AI prompt, DSPM logs it, alerts security, and (depending on policy) blocks or warns the user inline. Adaptive Protection escalates repeat offenders to higher-risk DLP rules automatically.

Capability

Jailbreak & Injection Detection

Detects adversarial prompts attempting to bypass Copilot's safety, prompt-injection payloads embedded in emailed documents, and chained-prompt extraction patterns. Each detection is tied to MITRE ATLAS technique IDs for downstream SOC investigation.

Capability

Third-Party AI Coverage

Beyond Microsoft, DSPM observes ChatGPT, Gemini, Claude, Copilot for browsers, and ~40 other AI tools via the integrated Microsoft Defender for Cloud Apps catalog. Discover shadow-AI use, sanction or block by policy, and apply DLP at the upload boundary.

Capability

Copilot Agent Observability

Copilot agents (Copilot Studio + 3rd-party agents) are treated as AI identities. DSPM logs every agent action, ties Insider Risk policies to agent behaviour, and feeds Audit Premium for forensic investigations. Newly GA in 2026.

What's covered, what isn't — honest table

DSPM for AI is broad but not magic. Here is the realistic coverage map across the AI tools your employees actually use today. Anything we cannot observe via Microsoft, we extend with Defender for Cloud Apps (CASB) or endpoint DLP — flagged below.

AI Tool
Native DSPM Coverage
How / What's Covered
Microsoft 365 Copilot
Yes — native
Full coverage — every Copilot prompt and grounded response is observed. Sensitive data classification, oversharing detection, prompt risk, jailbreak detection.
Copilot Studio Agents
Yes — native
Native — agent actions logged, Insider Risk policies applied, audit trail in Purview Audit Premium.
Copilot for Sales / Service / Finance
Yes — native
Native — same observability as M365 Copilot, plus role-specific risk policies (e.g. CRM customer-data leakage detection).
GitHub Copilot (work account)
Yes — native
Native via the Microsoft GitHub Copilot connector — code-suggestion risk and IP exfiltration detection.
ChatGPT (browser, sanctioned)
Partial — via CASB
Via Defender for Cloud Apps integration — prompt observation, DLP at upload boundary. Requires CASB licence (in M365 E5 or as standalone).
Gemini, Claude, Perplexity (browser)
Partial — via CASB
Same path as ChatGPT — observed via Defender for Cloud Apps catalog. Sanction, block, or apply DLP per policy.
Shadow AI (any unsanctioned)
Partial — via CASB
Discovered via Defender for Cloud Apps shadow-IT report. DSPM correlates discovered AI usage with the user's sensitive-data context for prioritisation.
Custom internally-built LLMs
No
Not natively observable. Bring them under DSPM via the AI SDK + Purview API — typically a 2–3 week integration project.
Air-gapped / on-prem AI
No
Not in scope of cloud-based DSPM. We can deploy Sentinel + Purview Endpoint DLP on the workstations that talk to them — partial coverage only.

How Indian sectors use DSPM for AI

Three sectors driving most of the Copilot rollouts we see in 2026 — each with its own AI risk profile and regulatory pressure. The DSPM configuration looks different in each.

Sector

BFSI · Banks & NBFCs

Front-office staff use Copilot for client memos and email summarisation. Treasury teams use Copilot in Excel for market-rate analysis. Credit teams use it to summarise loan documents.

Risk → DSPM control

  • Aadhaar / PAN / account-number prompt risk → Real-time prompt redaction; user warned + audit logged
  • RBI CSF audit trail for AI usage → Audit Premium 1-year retention with high-value events
  • SEBI CSCRF for treasury Copilot → Communication Compliance + Insider Risk for market-abuse signals
  • Customer data leakage to ChatGPT → Defender for Cloud Apps blocks unsanctioned uploads

Sector

Healthcare · Hospitals & Pharma

Clinical documentation via Copilot in Word + Outlook. Pharma research teams use Copilot for Office to draft regulatory submissions. Both touch DPDPA-sensitive personal health data.

Risk → DSPM control

  • PHI / health record leakage → Sensitivity labels + auto-classification + DLP
  • DPDPA "significant data fiduciary" controls → Compliance Manager DPDPA template + Insider Risk
  • Pharma research IP exfiltration → Endpoint DLP + Insider Risk Adaptive Protection
  • AI hallucination in clinical content → Audit trail of every Copilot output for review

Sector

Manufacturing · Engineering & OT

Engineering teams use Copilot for technical documentation and CAD-adjacent workflows. Plant operators experiment with AI copilots for SCADA/HMI summaries — high-risk surface.

Risk → DSPM control

  • Drawing & spec leakage to AI tools → Endpoint DLP on engineering laptops + sensitivity labels
  • OT-network AI agents → DSPM observes any agent connected to plant data
  • Supplier-NDA documents in prompts → Real-time prompt classification + block
  • Shadow AI on engineering workstations → Defender for Cloud Apps discovery

How you license DSPM for AI

DSPM for AI is bundled — there is no standalone SKU. Three legitimate pathways depending on your existing licensing posture. We size the cleanest path against your current M365 plan and Copilot adoption profile.

Path 1 · Enterprise

Microsoft 365 E5

  • DSPM for AI included
  • Plus all advanced Purview, Defender XDR, Sentinel 50MB/day
  • Best for: 300+ user enterprises that want the full security + compliance stack in one SKU
Path 2 · SMB

Business Premium + Purview Add-on

  • Business Premium covers core M365 + identity + endpoint
  • Purview Suite for Business Premium add-on layered on top — adds advanced DLP, Insider Risk, eDiscovery Premium and DSPM for AI without the E5 jump
  • DSPM for AI included in the add-on
  • Best for: ≤300 user SMBs already on Business Premium who don't want to jump to E5
Path 3 · AI-first enterprise

Microsoft 365 E7 (Frontier Suite)

  • GA 1 May 2026
  • Bundles E5 + Copilot + Entra Suite + Agent 365
  • DSPM for AI included via E5; aligned with Agent 365 governance
  • Best for: Enterprises rolling Copilot to ≥1,000 seats — buys observability + agents in one SKU

Note: a fourth path — pay-as-you-go via Azure metering — is available for narrow scenarios (e.g. coverage of custom internal LLMs via the Purview API). We size that against the consolidated M365 path to find the cheaper option.

How Ogma rolls out DSPM for AI

Four-stage delivery. Most engagements hit "running & tuned" within 4–6 weeks for a 500-seat tenant — significantly faster than full Purview Compliance because DSPM is mostly observation rather than policy authoring.

01

AI Readiness Assessment

2-week assessment running Microsoft's built-in Copilot Readiness scan + the Purview AI Risk Assessment template. Output: a list of every SharePoint site, mailbox and Teams channel with over-permissive sharing, plus the ranked sensitive-data classification gaps. Most tenants find 100–500 issues — we triage to the top 30.

02

Remediate & Label

Fix the highest-risk sharing issues (typically: tighten "Everyone except external" sites, scope Teams external-share defaults, remove auto-forwards). Deploy sensitivity labels for the top sensitive-data classes — Aadhaar, PAN, customer master, source code, financial reports, M&A. Auto-labelling rules turned on for the top 5 patterns.

03

DSPM Pilot

Enable DSPM for AI in observe-only mode for a pilot group (typically Legal + HR + Finance + a business unit). Adaptive Protection learns prompt-risk baseline for 14–30 days. We tune the AI policies weekly against the false-positive rate.

04

Tenant-wide Enforcement

Move DSPM to enforce mode — risky prompts blocked or warned with business justification, jailbreak detections piped to the SOC, shadow-AI usage gated through Defender for Cloud Apps. Hand over weekly tuning to your Risk team or take it as a managed service.

Get a sized DSPM for AI quote

Tell us your user count, current M365 plan, and your Copilot rollout stage (planning / piloting / live). We send back the cleanest licensing path in INR with GST, a 2-week AI Readiness scope of work, and an integration plan with your existing SOC. Quote within 2 hours during IST business hours.

Pricing inquiry

Get a tailored quote in 2 hours for Purview DSPM for AI Deployment

Senior engineers size and price this for your environment. No call required — we'll email the formal quote within 2 business hours.

Term
Authorised partner. Sales response in 2 business hrs.

Frequently asked questions

Yes, with caveats. Traditional DLP and sensitivity labels protect data at rest and in transit — files, emails, SharePoint items. DSPM for AI specifically observes the AI interaction layer: what users type into Copilot, what Copilot retrieves and grounds on, what flows to third-party AI tools. The two are complementary. A correctly-labelled file with strong DLP can still be summarised by Copilot and the summary surfaced to the wrong user — DSPM is what catches that. If you are deploying Copilot, you need both.

No, the pilot is the right time. The biggest source of post-launch Copilot incidents is over-permissive sharing that nobody noticed for years — Copilot just makes it discoverable. DSPM's AI Readiness Assessment will surface those issues during the pilot, when you can fix them quietly, instead of after a public Copilot rollout when they become "AI incidents". We typically recommend running the assessment in week 1 of the pilot.

Both. Microsoft 365 Copilot, Copilot agents, Copilot Studio bots and GitHub Copilot are observed natively. Third-party AI (ChatGPT, Gemini, Claude, Perplexity, ~40 others) is observed via integration with Microsoft Defender for Cloud Apps — which is itself included in M365 E5 and many Defender bundles. So if you have E5 or Business Premium + Purview add-on, you get coverage of both Microsoft and the major third-party AI tools. Custom internal LLMs require a 2–3 week SDK integration on top.

It can, but it does not by default. Like Purview DLP, DSPM has two modes: observe-only (audit + alert) and enforce (block, warn, or require business justification). Most enterprises run observe-only for 30 days during the pilot, then move specific high-risk patterns to enforce — for example, block prompts containing Aadhaar/PAN, but only warn on prompts containing internal financial codes. The point is to enable Copilot adoption with visibility, not to slow it down.

Microsoft Purview compliance data for tenants provisioned in India is stored at rest in India (Mumbai / Pune / Chennai). DSPM for AI telemetry sits inside the Purview compliance store and follows the same residency. Audit logs, AI activity records, prompt-risk events, and remediation actions are all India-resident for Indian tenants. For customers needing stronger commitments, Microsoft offers the Advanced Data Residency add-on. This satisfies the DPDPA "significant data fiduciary" residency expectations and CERT-In's logging requirements.

DSPM events surface in the unified Microsoft Defender XDR portal alongside endpoint, identity, email and DLP events. From there they flow into Microsoft Sentinel via the M365 Defender data connector — so an AI prompt-risk event, a Copilot oversharing detection, and a related DLP incident appear as one correlated incident in Sentinel. We build the Sentinel data pipeline, write the playbooks, and feed the SOC during deployment. If you run a third-party SIEM (Splunk, QRadar, Chronicle), the Defender XDR events are exported via Graph API or Event Hub.

Yes. Microsoft Sentinel can be the lightweight ingestion layer (often kept on a 50MB/day free tier from M365 E5) and forward DSPM events to Splunk via universal forwarder or HEC. Fortinet integration is via FortiSOAR playbooks that consume Sentinel alerts and orchestrate FortiGate or FortiClient response actions. We deliver the cross-vendor SOC integration as part of our Microsoft + Fortinet managed-security practice — it is not an extra project.

Materially, yes. DPDPA Rule 6 mandates "reasonable security safeguards" including encryption, access control and logging — DSPM provides the AI-layer audit trail required to demonstrate those safeguards apply to Copilot and AI tools, not just to traditional data flows. DPDPA also classifies certain entities as "Significant Data Fiduciaries" with elevated controls; DSPM's AI Activity Map and Audit Premium retention support those controls directly. Compliance Manager (included in E5 and the Business Premium Purview add-on) has a DPDPA assessment template that maps DSPM controls to DPDPA articles.

DSPM for AI is bundled, not a standalone SKU. The three pathways are (1) M365 E5 — full DSPM included alongside the wider E5 security stack, best for 300+ user enterprises; (2) Business Premium + Purview add-on — for ≤300-user SMBs already on Business Premium who do not want the jump to E5; (3) M365 E7 (Frontier Suite, GA 1 May 2026) — for AI-first enterprises rolling Copilot and Agent 365 broadly. We quote INR-equivalents with applicable GST and current CSP discount; the deployment engagement (AI Readiness Assessment + remediation + tuned rollout) is priced separately as a fixed-scope project. Use the form on this page with your user count, current M365 plan and your Copilot rollout stage — we send a sized quote within 2 hours during IST business hours.

Ready to deploy DSPM for AI?

Tell us your user count, current M365 plan, and your Copilot rollout stage — we send back the licensing path in INR with GST, a 2-week AI Readiness scope of work, and an integration plan with your existing SOC. Within 2 hours during IST business hours.

Get a DSPM for AI Quote →