Microsoft Purview · DSPM (Classic)
Data Security AI Content Viewer
View AI interaction prompts and responses for investigation of data security incidents in Copilot, agents, and third-party AI apps.
Scope: Deep investigation access to AI interaction content including prompts/responses for security incidents
Permissions
- All Data Security AI Viewer permissions (AI dashboard, reports, Activity Explorer)
- View prompts and responses within AI Interaction events in Activity Explorer
- See actual user prompts sent to Microsoft 365 Copilot, agents, and third-party AI sites
- View AI-generated responses containing potentially sensitive information
- Investigate AI interactions for data leakage, sensitive data exposure, or policy violations
- Access AI interaction details: user, timestamp, AI app, sensitive info types detected
- View web queries and search terms used in AI interactions
- See files referenced in AI prompts and responses
- Monitor sensitive file references in Copilot and agent interactions
- Investigate potential data exfiltration through AI prompts
- View AI interactions across Copilot experiences, enterprise AI apps, other AI apps
- Access Content Explorer Content Viewer permissions for AI interactions
- View file details for data risk assessments (SharePoint, OneDrive, Fabric)
- Requires Content Explorer Content Viewer or List Viewer role for file context
Common use cases
- Security incident investigators examining potential data leakage through AI prompts
- Data protection officers investigating suspected sensitive data exposure in Copilot
- Insider threat investigators reviewing AI usage for potential intellectual property theft
- Compliance investigators reviewing AI interactions for regulatory violations (GDPR, HIPAA)
- Legal team examining AI prompts/responses for litigation or employment investigations
- Security Operations Center (SOC) analysts investigating AI-related security alerts
- Privacy officers investigating potential PII exposure through AI interactions
- Forensic analysts examining suspicious AI usage patterns and content
- eDiscovery team collecting AI interaction evidence for legal matters
- Data loss prevention investigators confirming true vs false positive AI alerts
- Corporate security investigating trade secret or confidential data sharing via AI
- Regulatory compliance investigators responding to data breach notifications
Best practices
- Access AI interaction content ONLY when investigating specific security incidents
- Document clear business justification for each AI content review in investigation log
- Coordinate with legal counsel before viewing employee AI prompts/responses
- Maintain proper chain of custody for all AI interaction evidence
- Use Privileged Identity Management (PIM) for just-in-time access where possible
- Export and preserve AI interaction evidence securely with encryption
- Minimize scope of content review to only interactions necessary for investigation
- Use Activity Explorer filters to narrow results before viewing content
- Review audit logs periodically for appropriate use of AI content viewing
- Establish investigation playbooks defining when AI content access is appropriate
- Consider privacy implications when viewing personal AI interactions
- Coordinate with HR and legal on employment law compliance before investigations
- Use this role sparingly - escalate from Data Security AI Viewer only when necessary
- Verify data risk assessment context before viewing individual AI interaction content
Security considerations
- EXTREMELY SENSITIVE - can view actual employee prompts and AI-generated responses
- AI interactions may contain highly confidential business strategy or personal information
- Must comply with privacy laws and employment regulations (GDPR, CCPA, local laws)
- All AI content viewing is logged and auditable via unified audit log
- Should be limited to senior investigators, legal team, and privacy officers only
- Consider using Privileged Identity Management (PIM) for time-limited access
- AI prompts may reveal employee personal issues, medical information, or protected data
- Copilot responses may include executive-level or board discussions
- Attorney-client privileged content may be visible in AI interactions - legal coordination required
- Requires documented justification for each AI content access for privacy compliance
- Monitor audit logs for unauthorized or excessive AI content viewing
- Separate from Data Security AI Viewer to maintain least privilege separation of duties
- AI interaction content may be subject to eDiscovery legal holds - preserve appropriately
- Cross-border AI monitoring may have additional data sovereignty requirements
Common questions
When should I assign the Data Security AI Content Viewer role?
Assign Data Security AI Content Viewer when you need to: Security incident investigators examining potential data leakage through AI prompts; Data protection officers investigating suspected sensitive data exposure in Copilot; Insider threat investigators reviewing AI usage for potential intellectual property theft; Compliance investigators reviewing AI interactions for regulatory violations (GDPR, HIPAA); and Legal team examining AI prompts/responses for litigation or employment investigations. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Data Security AI Content Viewer role do?
The Data Security AI Content Viewer role grants permissions including: All Data Security AI Viewer permissions (AI dashboard, reports, Activity Explorer); View prompts and responses within AI Interaction events in Activity Explorer; See actual user prompts sent to Microsoft 365 Copilot, agents, and third-party AI sites; View AI-generated responses containing potentially sensitive information; Investigate AI interactions for data leakage, sensitive data exposure, or policy violations; and Access AI interaction details: user, timestamp, AI app, sensitive info types detected. See the Permissions section above for the full list.
What are the security risks of the Data Security AI Content Viewer role?
Key considerations when assigning Data Security AI Content Viewer: EXTREMELY SENSITIVE - can view actual employee prompts and AI-generated responses; AI interactions may contain highly confidential business strategy or personal information; Must comply with privacy laws and employment regulations (GDPR, CCPA, local laws); and All AI content viewing is logged and auditable via unified audit log. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.