MC947048: Microsoft Purview | Insider Risk Management- Risky AI usage

Announcement IDMC947048Published Date12-02-2024
ServiceGeneralLast Updated12-02-2024
CategoryPlan for changeExpiration Date05-30-2025
Roadmap ID394281Action Required by Date
TagsAdmin impact, New feature, User impact


Summary
                MC947048: Microsoft Purview | Insider Risk Management- Risky AI usage


More Information

Coming soon, Microsoft Purview Insider Risk Management will be rolling out risky AI usage detections

When this will happen:

Public Preview: We will begin rolling out early December 2024 and expect to complete by mid-December 2024.

General Availability (Worldwide): We will begin rolling out mid-February 2025 and expect to complete by late February 2025

How this will affect your organization:

With this update, Insider risk management will help admins identify risky AI usage. We are adding new detections of intentional and unintentional insider risk activity on generative AI apps that can pose a risk to an organization. Activities will include risky prompts containing sensitive info or risky intent and sensitive responses containing sensitive info or generated from sensitive files or sites. Coverage will span across M365 Copilot, Copilot Studio and ChatGPT Enterprise. These detections will also contribute to Adaptive Protection insider risk levels.

What you need to do to prepare:

Below are some of the steps admin can take

  1. Get insights into risky AI usage at an organization level in an anonymized form using analytics
  2. Create Risky AI usage policy to track risky prompts and sensitive responses in M365 Copilot, Copilot Studio
  3. The activity explorer in alerts gives a single threaded view of prompt, response along with the sensitive information present
  4. Use the new Generative AI indicators in adaptive protection for user risk score

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. 

Previous Post Next Post