Use Microsoft Security Copilot with Data Security Posture Management (preview)

Use Microsoft Security Copilot and Data Security Posture Management (DSPM) (preview) to quickly dive into the details and get answers about unprotected sensitive data assets and potentially risky user activities in your organization. Data security insights are generated from scanned data across data loss prevention (DLP), information protection, and insider risk management solutions.

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.

Get started with Copilot

After you configure DSPM (preview), onboard your organization to Security Copilot, and the automated scanning has completed, you can use suggested or customized prompts in Copilot to quickly learn more about your data security posture.

To get started with Copilot, complete the following steps:

1. Go to the Microsoft Purview portal and sign in using the credentials for a user account assigned DSPM (preview) permissions.
2. Select the Data Security Posture Management solution card and then select Overview in the left nav.
3. Select one of the suggested prompts for Security Copilot:
   1. Prioritize alerts: See which alerts were triggered in the last 30 days for users leaving your organization.
   2. Detect sensitive data leaks: See which sensitive files were shared outside of your organization from SharePoint in the last week.
   3. Find devices at risk: See which devices were involved in exfiltration activities in your organization.
   4. Find risky activity: See any suspicious user activity sequences involving sensitive data.

Suggested prompt responses automatically scope insight data and provide quick answers in a separate flyout pane. You can select additional built-in prompts to automatically update and generate new responses in the flyout pane. Select New chat to clear previous responses to suggested prompts.

Create custom prompts directly in Copilot to generate responses from AI-driven analytics based the scanning results from your organization.

Tips for Copilot prompts in DSPM

For an enhanced experience with Copilot in DSPM, use the following tips for higher accuracy in Copilot responses:

• Questions involving a specific user should always include the user's UPN.
• Questions involving a specific type of sensitive info type or label should always specify the complete name for the sensitive info type or label.
• Questions for top users, activities, and alerts should clearly list the sorting criteria.
• Questions for data in a specific date period, always specify the date period. If a date period isn't specified, only data from the last 10 days from current date is included. The maximum lookback is 30 days from the current date.
• Put all items (classifiers or labels) in single quotes in your prompt.
• Any path (for example, a file path) in a user prompt must use "/" as a separator.
• The accuracy of responses is higher if the prompt is scoped to a single intent. Break complex prompts into single intent questions and enter the prompts one by one.
• Questions should be self-contained. Avoid referring to previous questions or responses.
• Avoid using generic terms.
• Prompts are supported for data security across Information Protection, DLP, Insider Risk Management, or from public documentation.

For more information on creating Security Copilot prompts, see Create effective prompts.

Using Copilot in other solutions

Security Copilot is also available directly in other Purview solutions to help you quickly find answers for specific scenarios or to generate insights scoped to specific solution areas not related to unprotected assets.

• Using Copilot to summarize an alert in insider risk management
• Use Copilot to summarize user activities in insider risk management