Microsoft Purview · DSPM (Classic)

Data Security AI Viewer

Read-only access to DSPM for AI to monitor AI app usage, view insights into Copilot interactions, and track AI-related data security risks without viewing prompts/responses.

Scope: Read-only DSPM for AI monitoring for Copilots, agents, enterprise AI apps, and third-party generative AI sites

Permissions

  • View Data Security Posture Management for AI dashboard and reports
  • Access Apps and agents page showing AI app usage across organization
  • View AI interaction reports: Copilot experiences, enterprise AI apps, third-party AI sites
  • Monitor sensitive interactions per generative AI app (ChatGPT, Gemini, etc.)
  • View insider risk severity trends for AI usage
  • Access Activity Explorer for AI events (cannot view prompts/responses)
  • View AI website visit events and sensitive info type detections
  • See data risk assessment results for SharePoint sites and Fabric workspaces
  • View completion status of AI recommendation cards (most cards)
  • View policy list for DLP and Information Protection (excludes IRM and Comm Compliance)
  • Access reports showing total AI interactions, visits, and sensitive data exposure
  • Monitor weekly data risk assessments for top 100 SharePoint sites
  • View AI app categories: Copilot experiences, enterprise AI apps, other AI apps
  • See supported third-party AI sites usage (ChatGPT, Gemini, Claude, etc.)
  • Cannot view prompts/responses in AI interactions (requires AI Content Viewer)
  • Cannot view user risk level or IRM details (requires IRM Analyst/Investigator)

Common use cases

  • AI governance teams monitoring organizational AI adoption and usage patterns
  • Security managers tracking AI-related data security risks and sensitive data exposure
  • Compliance officers monitoring AI app usage for regulatory compliance (GDPR, HIPAA)
  • Executive leadership viewing AI usage dashboards for board reporting
  • Risk management teams assessing AI-related data oversharing and security posture
  • External auditors reviewing AI governance program implementation
  • Privacy officers monitoring AI interactions with sensitive data
  • IT leadership tracking which AI apps (Copilot, ChatGPT, Gemini) are being used
  • Data protection officers monitoring data risk assessments for AI readiness
  • Business unit leaders understanding AI usage trends in their departments
  • Security consultants assessing AI security posture and policy coverage
  • Audit committee members reviewing AI data protection effectiveness

Best practices

  • Review Apps and agents page regularly to identify new AI apps being used
  • Monitor sensitive interactions per AI app to identify high-risk usage patterns
  • Track insider risk severity trends to prioritize AI security investigations
  • Use data risk assessments to identify SharePoint oversharing before Copilot deployment
  • Review weekly default data risk assessments for top 100 SharePoint sites
  • Monitor Activity Explorer for AI website visits to third-party sites (ChatGPT, etc.)
  • Track which sensitive information types are being shared with AI apps
  • Use reports to demonstrate AI governance program effectiveness to leadership
  • Coordinate with AI Content Viewer role for deeper investigation of specific incidents
  • Monitor policy list to verify DLP and sensitivity label coverage for AI protection
  • Generate quarterly AI usage reports for board and audit committee presentations
  • Identify gaps in AI protection policies and recommend to Data Security Management
  • Track AI adoption trends over time to plan capacity and training needs
  • Use recommendation cards to understand quick-win AI security improvements

Security considerations

  • Cannot view actual prompts/responses - maintains privacy for AI interactions
  • Read-only access - safe for broad assignment to oversight and governance roles
  • Cannot view user risk levels or insider risk details without IRM permissions
  • Activity Explorer shows AI events but not sensitive content of interactions
  • Data risk assessments reveal potential oversharing but not individual user actions
  • Policy list visibility may show organizational security gaps - handle appropriately
  • AI usage trends may reveal business-sensitive adoption patterns
  • Aggregate reporting minimizes privacy concerns while enabling governance
  • Cannot create or modify policies - lowest risk DSPM for AI role
  • Appropriate for external auditors and third-party consultants with NDAs

Official Microsoft Learn documentation →

Open the interactive RBACMap →