MC937924: Microsoft Purview: Data Security Posture Management with Copilot (preview)

Announcement IDMC937924Published Date11-19-2024
ServiceGeneralLast Updated12-11-2024
CategoryPlan for changeExpiration Date04-30-2025
Roadmap ID420941Action Required by Date
TagsAdmin impact, New feature


Summary
                Microsoft Purview's Data Security Posture Management (DSPM) preview, initially set for late November 2024, will now begin mid-December 2024 and complete by late January 2025. DSPM helps identify and correct vulnerable data configurations, integrating insights from user and data risk. It includes Microsoft Security Copilot features for efficient risk identification and mitigation. Prerequisites include specific Microsoft 365 licenses and enabling DSPM in the Purview portal. Rollout will occur automatically for admins meeting these prerequisites.


More Information

Coming soon for Microsoft Purview: Data Security Posture Management (DSPM) identifies vulnerable configurations across your critical data assets and allows for quick corrective actions. It combines insights from user and data risk in Purview solutions, offering a comprehensive view of insufficient controls to protect your data. Also, data security and compliance admins can use Microsoft Security Copilot's summarization and natural language features embedded in DSPM. These capabilities expedite action and help analysts at all levels identify and address data security gaps efficiently.

When this will happen:

Public Preview: We will begin rolling out mid-December 2024 (previously late November) and expect to complete by late January 2025 (previously late December).

We will update this message later to add the plan for General Availability.

How this will affect your organization:

After you enable DSPM, it will automate a data security risk assessment of your tenant. The dashboard will be populated with a detailed report on your unprotected sensitive information, including its location and top-line insights into activities involving the data. Also, to help you mitigate the top data security risks in your tenant, we provide policy recommendations for implementing protective controls:

Data Security Posture Management with Copilot

Data security administrators can leverage Security Copilot in DSPM to delve deeper into dashboard insights and conduct critical data security investigations. With Copilot, you can quickly uncover insights across various dimensions such as activities, files, devices, users, departments or regions, enabling you to manage your data security posture more effectively:

Data Security Posture Management with Copilot

What you need to do to prepare:

Prerequisites to access Data Security Posture Management (DSPM)

  • A Microsoft 365 E5 or Microsoft 365 E5 Compliance license.
  • Opt in to DSPM in the Purview portal > Data Security Posture Management (preview). Alternatively, you can 1) enable DLP analytics at the Microsoft Purview portal > Data Loss Prevention > Settings > Data Loss Prevention settings > Analytics and 2) enable IRM analytics in the Purview portal > Insider Risk Management > Settings > Insider Risk Management settings > Analytics, which will then automatically enable DSPM.
    • Enable DLP analytics: 
    • Enable IRM analytics: 
  • Roles required: Access the DSPM dashboard with one of these roles: Entra compliance admin, Insider Risk Management admin, or Data security viewer.
    • Data security viewer is a view only role. If the DSPM dashboard is opted in, this role has the permission to view all insights.
    • Currently, any user that is configured to a Purview admin unit is not allowed to access the DSPM dashboard.
  • To access Security Copilot on DSPM, you must first be onboarded to Security Copilot and have the data security viewer role. 
  • Enable the Purview plugin in Security Copilot.
  • Optional Opt in to sharing the prompts with Microsoft to improve this experience.

DSPM will be available by default to admins who meet the prerequisites.

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users about this change and update any relevant documentation.

Previous Post Next Post