Microsoft Purview · DSPM (Preview)

Data Security AI Admin (Preview)

[Preview] Edit DLP policies related to Copilot and view AI content in the unified DSPM (Preview). Cannot read prompts and responses of AI interactions. Role group: Data Security AI Admins.

Scope: DLP policy editing for Copilot workloads plus AI content viewing in DSPM (Preview). Does not include prompt/response viewing or non-AI DLP policy editing.

Permissions

  • Copilot DLP - Edit Data Loss Prevention policies related to Copilot location
  • AI Content Viewing - View AI content in Data Security Posture Management (preview)
  • AI Activity Explorer - View AI-related events in Activity Explorer
  • AI Observability - View Apps and agents page for AI app usage monitoring
  • AI Reports - View AI-related reports and metrics
  • AI Recommendations - View and act on AI-related recommendation cards
  • Data Risk Assessments - View data risk assessments for AI readiness
  • DLP Configuration - Manage DLP policies specifically for Copilot and AI workloads
  • Cannot Read Prompts - Does NOT have access to read prompts/responses of AI interactions

Common use cases

  • Security engineers creating DLP policies specifically for Copilot interactions
  • Compliance team members managing AI-specific data loss prevention controls
  • AI governance teams needing to create DLP protections for AI apps without broader DLP access
  • Security administrators configuring Copilot DLP to prevent sensitive data in AI prompts
  • IT security staff implementing AI-specific data protection policies
  • Organizations wanting targeted DLP administration for AI workloads only

Best practices

  • Use this role for targeted AI DLP administration without granting full DLP Compliance Management
  • Start DLP policies for Copilot in test/simulation mode before enforcement
  • Coordinate with broader DLP team to ensure AI policies align with organizational DLP strategy
  • Monitor AI Activity Explorer events to validate DLP policy effectiveness
  • Review data risk assessments to identify oversharing before applying Copilot DLP
  • Use recommendations to guide policy creation for AI workloads
  • Document AI DLP policy decisions for audit trail and compliance evidence
  • Test policies with pilot user groups before organization-wide rollout

Security considerations

  • Can edit DLP policies for Copilot - changes affect AI data protection for entire organization
  • Cannot read AI prompts/responses - reduced privacy exposure compared to Content Viewer
  • DLP policy changes for Copilot can impact user productivity - test thoroughly
  • Scoped to AI/Copilot DLP only - cannot edit broader DLP policies
  • AI content viewing shows aggregate data without individual prompt/response access
  • Safe for security engineers who need AI DLP configuration without investigation access
  • Monitor Copilot DLP policy changes through audit logs

Official Microsoft Learn documentation →

Open the interactive RBACMap →