Microsoft Purview is an essential data security and governance tool typically utilized by IT admins and other specialized personnel in enterprise environments. Microsoft has made several important updates to Purview as the cybersecurity landscape continues evolving through the general availability of Data Investigations and the public preview of Security Dashboard for AI. Now, the tech firm is rolling out yet another powerful capability for security teams.
In an update on its Message Center (MC1304292), Microsoft revealed that its Purview Insider Risk Management section is gaining a new feature that will allow authorized personnel to view potentially risky messages sent to AI services. Messages with risk indicators will be surfaced to IT teams in plaintext and they will also be able to view the response sent by the AI service. This content will be displayed even when the user has been pseudonymized which basically ensures that user privacy is maintained, but not at the expense of enterprise privacy and security.
If a security member believes that AI interaction has violated company policies, leaked data, or caused other compliance issues, they will be able to deanonymize the user who participated in this activity, provided that they have this authorization, of course.
It"s a rather interesting proposal for IT admins overall, especially since it seems to have a decent balance between user privacy and enterprise security. It safeguards organizations against data leakage and IP theft, while also encouraging them to review AI prompts with abnormal risk signals attached to them. Role-based access controls and audit logs will continue to remain in effect to ensure that the capability is not being misused. A preview will land later this month while general availability is scheduled for next month.
Microsoft has been emphasizing the risk of potentially harmful AI interactions recently, and it has also taken steps to discourage the use of shadow AI in Edge. Some people may believe that the latest Purview feature is basically enabling their organization to spy on them since their AI prompts and responses may be visible in plaintext, it is important to remember that your use of enterprise infrastructure is never really private.