Detect generative AI usage with Insider Risk Management
Microsoft Purview Insider Risk Management is a compliance solution that focuses on minimizing internal risks in organizations. It enables detection, investigation, and action on both deliberate and accidental activities within an organization. Offering flexibility to define insider risk policies, tailored to specific organizational needs and compliance standards. It balances user privacy with organizational risk management and provides tools for comprehensive analytics, policy creation, and risk action workflows. This approach proactively addresses various internal risks, including data leaks, IP theft, and regulatory compliance violations, ensuring a secure and compliant workplace environment. As part of its approach to managing risks associated with generative AI, the Risky browser usage (preview) policy template includes an indicator for detecting browsing to generative AI sites.
Risky browser usage (preview) policy template in insider risk management
Insider Risk Management templates in Microsoft Purview are predefined policy conditions that outline the types of risk indicators and the risk scoring model a policy uses. The Risky browser usage (preview) template focuses on:
- Overseeing web activities that might pose risks to your organization.
- Identifying instances where employees visit websites that might be outside the scope of your organization's policies.
- Helping uphold compliance with your organization's rules and regulatory standards
- Ensuring networks and devices are used responsibly and safely.
Detect browsing to generative AI sites
An indicator within Microsoft Purview is a specific metric or signal that the system uses to track and evaluate activities for potential risks. The browsed to generative AI sites indicator is integrated into the Risky browser usage (preview) policy template to specifically track usage of generative AI websites within an organization.
Imagine an employee in your R&D department frequently visits a generative AI site that offers advanced data modeling tools. While these tools can be beneficial for their work, the site also hosts forums with sensitive content. The browsed to generative AI sites indicator:
- Flags employee visits to generative AI sites.
- Allows review of these visits against internal policies.
- Helps determine the purpose of site visits.
- Maintains oversight in an AI-integrated landscape, balancing innovation with security.
Get started with generative AI detection within your organization
Use the table to understand prerequisites needed for getting started with insider risk management and enabling detection of browsing to generative AI sites.
To get started with insider risk management:
| Step | Description | Learn more |
|---|---|---|
| Check licensing requirements | Confirm that you have the appropriate Microsoft 365 E3/E5 licenses for Microsoft Purview Insider Risk Management. | Microsoft Purview Insider Risk Management service guide |
| Enable auditing | Enable the Microsoft 365 audit log to record user and admin activities. | Turn auditing on or off in Microsoft 365 |
| Enable permissions for insider risk management | Assign users to Insider Risk Management or Insider Risk Management Admins role groups for access and configuration. | Enable permissions for insider risk management |
For more information on getting started with insider risk management, see Get started with insider risk management.
To get started with using the Risky browser usage (preview) policy template with the browsed to generative AI sites indicator:
| Requirements and configuration options | Description |
|---|---|
| Onboard devices for Microsoft Purview | Ensure devices are onboarded for browser detection signals. - Onboard Windows devices into Microsoft 365 overview (Browser signal detection isn't currently supported on non-Windows devices) |
| Microsoft Edge requirements | Ensure the latest Microsoft Edge x64 version (91.0.864.41 or higher) and Microsoft Compliance Extension add-on (1.0.0.44 or higher) are installed. Edge.exe should be configured as allowed. |
| Configuration options for Microsoft Edge | Choose from basic setup for single machine testing, Intune setup for organizational configuration, or Group Policy setup for organization-wide implementation. |
| Google Chrome requirements | Install the latest version of Google Chrome x64 and Microsoft Compliance Extension (2.0.0.183 or higher). Ensure Chrome.exe is configured correctly. |
| Configuration options for Chrome | Options include basic setup for single machine testing, Intune setup for organizational configuration, or Group Policy setup for organization-wide configuration. |
| Testing & verification | Create an insider risk management policy with device indicators enabled and test various signal detection scenarios. |
For more information on configuring browser signal detection, see Learn about and configure insider risk management browser signal detection.
Use the browsed to generative AI sites indicator
To use the browsed to generative AI sites indicator, start by creating an insider risk policy with the Risky browser usage (preview) template.
In Microsoft Purview, go to Insider risk management and select the Policies tab.
Select Create policy to open the policy wizard.
On the Policy template, scroll down and select Risky browser usage (preview).
- The Risky browser usage (preview) template requires devices to be onboarded. For more information on the Risky browser usage (preview) prerequisites, see Learn about and configure insider risk management browser signal detection.
Select Next to continue.
On the Name and description page, complete these fields:
- Name (required): Enter a friendly name for the policy. This name can't be changed after the policy is created.
- Description (optional): Enter a description for the policy.
Select Next to continue.
On the Users and groups page select either:
- Include all users and groups for insider risk to look for triggering events for all users and groups in your organization to start assigning risk scores for the policy.
- Include specific users and groups to define which users and groups to assign to the policy.
To take advantage of real-time analytics (preview) for indicator threshold settings, set your policy to Include all users and groups. This feature provides real-time estimates on how many users fit your policy conditions, helping fine-tune indicators and thresholds to avoid excessive or insufficient alerts. Using Include all users and groups also enhances overall protection in your organization. For more information on real-time analytics for indicator threshold settings, see Indicator level settings.
Select Next to continue.
On the Decide whether to prioritize content page, leave the default, I don't want to prioritize content right now selected then Next. Specifying what content to prioritize isn't relevant for the Risky browser usage (preview) template.
On the Choose triggering event for this policy page, you see the list of indicators available for the Risky browser usage (preview) template. Ensure Browsed to generative AI websites is selected to use this indicator. You can also select any other browser related signals for your organizational needs.
- If you're unable to select a listed indicator or sequence, it's because they aren't currently enabled for your organization. To make them available to select and assign to the policy, select the Turn on indicators prompt.
Select Next to continue.
On the Choose thresholds for triggering events page, select to Apply built-in thresholds (recommended) or Choose your own thresholds.
- If you select to choose your own thresholds, select the appropriate thresholds for your organization on this page.
Select Next.
On the Policy indicators page, you see the indicators that you defined as available on the Insider risk settings > Indicators page that includes indicator variants if you defined any. Select the indicators you want to apply to the policy.
- If indicators on this page can't be selected, you need to select the indicators you want to enable for all policies. You can use the Turn on indicators button in the wizard or select indicators on the Insider risk management > Settings > Policy indicators page.
Select Next to continue.
On the Choose threshold type for indicators page, choose custom or default thresholds for the policy indicators that you selected. Choose either the Apply thresholds provided by Microsoft or Choose your own thresholds for the selected policy indicators. If you selected Choose your own thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.
- If analytics is turned on, and if you scoped the policy to include all users, you can take advantage of real-time analytics to tune your threshold settings. Learn more about real-time analytics for indicator threshold settings
On the Review settings and finish page, review the settings you selected for the policy and any suggestions or warnings for your selections. Select Edit to change any of the policy values or select Submit to create and activate the policy.
Learn more
- Get started with insider risk management
- Learn about insider risk management policy templates
- Learn about and configure insider risk management browser signal detection
- Create and manage insider risk management policies