Microsoft Purview · DSPM (Classic)

Data Security AI Content Viewer

View AI interaction prompts and responses for investigation of data security incidents in Copilot, agents, and third-party AI apps.

Scope: Deep investigation access to AI interaction content including prompts/responses for security incidents

Permissions

  • All Data Security AI Viewer permissions (AI dashboard, reports, Activity Explorer)
  • View prompts and responses within AI Interaction events in Activity Explorer
  • See actual user prompts sent to Microsoft 365 Copilot, agents, and third-party AI sites
  • View AI-generated responses containing potentially sensitive information
  • Investigate AI interactions for data leakage, sensitive data exposure, or policy violations
  • Access AI interaction details: user, timestamp, AI app, sensitive info types detected
  • View web queries and search terms used in AI interactions
  • See files referenced in AI prompts and responses
  • Monitor sensitive file references in Copilot and agent interactions
  • Investigate potential data exfiltration through AI prompts
  • View AI interactions across Copilot experiences, enterprise AI apps, other AI apps
  • Access Content Explorer Content Viewer permissions for AI interactions
  • View file details for data risk assessments (SharePoint, OneDrive, Fabric)
  • Requires Content Explorer Content Viewer or List Viewer role for file context

Common use cases

  • Security incident investigators examining potential data leakage through AI prompts
  • Data protection officers investigating suspected sensitive data exposure in Copilot
  • Insider threat investigators reviewing AI usage for potential intellectual property theft
  • Compliance investigators reviewing AI interactions for regulatory violations (GDPR, HIPAA)
  • Legal team examining AI prompts/responses for litigation or employment investigations
  • Security Operations Center (SOC) analysts investigating AI-related security alerts
  • Privacy officers investigating potential PII exposure through AI interactions
  • Forensic analysts examining suspicious AI usage patterns and content
  • eDiscovery team collecting AI interaction evidence for legal matters
  • Data loss prevention investigators confirming true vs false positive AI alerts
  • Corporate security investigating trade secret or confidential data sharing via AI
  • Regulatory compliance investigators responding to data breach notifications

Best practices

  • Access AI interaction content ONLY when investigating specific security incidents
  • Document clear business justification for each AI content review in investigation log
  • Coordinate with legal counsel before viewing employee AI prompts/responses
  • Maintain proper chain of custody for all AI interaction evidence
  • Use Privileged Identity Management (PIM) for just-in-time access where possible
  • Export and preserve AI interaction evidence securely with encryption
  • Minimize scope of content review to only interactions necessary for investigation
  • Use Activity Explorer filters to narrow results before viewing content
  • Review audit logs periodically for appropriate use of AI content viewing
  • Establish investigation playbooks defining when AI content access is appropriate
  • Consider privacy implications when viewing personal AI interactions
  • Coordinate with HR and legal on employment law compliance before investigations
  • Use this role sparingly - escalate from Data Security AI Viewer only when necessary
  • Verify data risk assessment context before viewing individual AI interaction content

Security considerations

  • EXTREMELY SENSITIVE - can view actual employee prompts and AI-generated responses
  • AI interactions may contain highly confidential business strategy or personal information
  • Must comply with privacy laws and employment regulations (GDPR, CCPA, local laws)
  • All AI content viewing is logged and auditable via unified audit log
  • Should be limited to senior investigators, legal team, and privacy officers only
  • Consider using Privileged Identity Management (PIM) for time-limited access
  • AI prompts may reveal employee personal issues, medical information, or protected data
  • Copilot responses may include executive-level or board discussions
  • Attorney-client privileged content may be visible in AI interactions - legal coordination required
  • Requires documented justification for each AI content access for privacy compliance
  • Monitor audit logs for unauthorized or excessive AI content viewing
  • Separate from Data Security AI Viewer to maintain least privilege separation of duties
  • AI interaction content may be subject to eDiscovery legal holds - preserve appropriately
  • Cross-border AI monitoring may have additional data sovereignty requirements

Official Microsoft Learn documentation →

Open the interactive RBACMap →