Patrick Anderson
Joe Marcum
Antonio MaioFrom personal digital assistants to autonomous vehicles, artificial intelligence (AI) is revolutionizing how we interact with technology and each other. Amidst this landscape, Microsoft Copilot and Open AI’s ChatGPT stand at the forefront, harnessing transformative technologies such as Generative Pretrained Transformers (GPT) and Large Language Models (LLM). These advanced tools leverage natural language processing to understand and generate human-like responses from vast quantities of data, performing a wide array of tasks such as sentiment analysis, question answering, summarization and image and text generation. As we continue to explore new frontiers in AI innovation, trends suggest a future increasingly guided by these powerful platforms which are not only enhancing our abilities but also shaping a future where AI’s influence permeates every aspect of our lives.
AI and LLMs offer tremendous benefits for enterprises that want to leverage the power of natural language for their business. AI and LLMs can help enterprises improve customer service, enhance productivity, optimize processes, generate insights and create new value. However, AI and LLMs also pose significant challenges for enterprises that want to use them effectively and responsibly. AI and LLMs require a lot of data, computing power and expertise to train, deploy and maintain. They also raise questions about ethical, legal and social issues, such as data privacy, security, bias, fairness, accountability and transparency. It is also important to note that LLMs are not necessarily trained for accuracy; rather they are trained to provide the next best conversational response to a query. The amount of data that needs to be managed and governed is growing exponentially and with the onset of generative AI, the generation of new unstructured data is significantly impacting the data footprint that needs to be discovered, protected and monitored.
Managing and governing AI assets
Microsoft Purview is Microsoft’s suite of data security solutions providing a single place to discover, protect and manage data across the corporate environment for privacy, compliance and security. Microsoft Purview allows users to discover, protect and monitor prompts and responses, using Generative AI data across internal and external tools. These solutions are essential for AI to operate in a well-governed manner, but they are also of paramount importance to enterprises that are quickly adopting technology without thought to the care and usage of the data being shared and exported from these enabling tools. Microsoft has recently announced the Microsoft AI Hub, which leverages the capabilities of Purview to discover, protect and manage an organization’s AI usage in a single pane of glass.
The essential capabilities of the Purview AI Hub are the ability to discover generative AI activity, including the use of sensitive data in a wide variety of generative AI apps and websites. Microsoft Purview can protect Copilot interactions by preventing sensitive unauthorized access of sensitive data and, more specifically, the Purview AI Hub can monitor, alert or even prevent users from sending sensitive information to generative AI sites (see full list here). Ultimately, it can detect and mitigate business risks and regulatory violations while using generative AIAI Hub in Purview helps users overcome these data protection challenges and maximize the benefits of using AI and LLMs in the enterprise context.
The Microsoft Purview AI Hub and the policies it enforces are closely linked to Microsoft Purview Endpoint DLP and require devices to be onboarded for Endpoint DLP. The AI Hub comes with built-in policies that can be enabled with one click and customized to either scope them for specific users/groups or tailor them to organizational requirements. The built-in policies include:
- Discover sensitive prompts in AI assistants (a long list of AI assistants are already supported.
- Detect when users access the web browser to visit other AI assistants
- Enable adaptive protection in AI assistants through integration with Microsoft Purview Insider Risk Management
Administrators and data protection teams can also use the Microsoft Purview Activity Explorer to monitor AI interactions by users and be alerted when a DLP rule matches with a user’s interaction with a generative AI site. The top concerns for security leaders include ethical, legal, and regulatory risk from AI utilization. As organizations increase adoption of AI capabilities, additional regulations will be enacted to support responsible utilization while protecting sensitive personal data. While the EU AI Act, along with frameworks from NIST and ISO, provide guidance for adoption, risk identification and mitigation, developing a comprehensive and sustainable framework for AI that considers the strategic implications unique to the organization is essential.
Microsoft Purview supports AI across the enterprise
Bridging the gap between proactive monitoring and the necessity for comprehensive AI governance, Microsoft Purview Compliance Manager’s new Premium AI templates offer a strategic solution to manage and report on AI compliance risk, ensuring ethical and legal AI utilization aligns with organizational standards and upcoming regulations. Microsoft Purview Compliance Manager supports AI compliance through four new Premium AI templates (current templates) to help assess, manage and report on AI compliance risk. These templates identify best practices, monitor AI interactions, prevent inappropriate sharing of sensitive data in AI applications and manage retention and deletion policies for AI interactions. Compliance Manager includes real-time monitoring across Multi Cloud and Software as a Services (SaaS) applications and should be reviewed as part of a broad AI governance program.
Copilot for Microsoft 365 thrives on data and is most impactful when leveraging access to unstructured data throughout the organization, therefore successful deployment and utilization requires access to current and relevant data. However, most organizations already struggle with data proliferation, management and protection. As organizations move forward to adopt AI, critical focus must be applied to ensure strong data management across the enterprise. This includes removing stale and outdated data, protecting critical and sensitive data and proactively identifying inappropriate use. Microsoft Purview Data Lifecycle and Records Management capabilities enable organizations to defensibly dispose of data that is no longer needed. By leveraging policies and labels within these tools, organizations can stay compliant with regulations for data retention, reduce their attack surface by disposing of data that is no longer needed and enable Copilot for Microsoft 365 to access the most relevant and up-to-date information to provide the most relevant and useful responses.
Microsoft Purview eDiscovery Premium enables eDiscovery and legal teams to discover what types of information users are entering into Copilot for Microsoft 365 prompts, and what types of responses they are receiving. This is an essential capability when investigating potential malicious use of AI in organizations or performing compliance assessments on how information is being shared through generative AI.
AI Hub in Purview, along with Purview data protection capabilities, provides a new way to manage AI assets responsibly with a focus on security and compliance.
To learn more about our Microsoft consulting solutions, contact us.
Ram Krishnamani
Christine Livingston
Richard Kessler
Corey Harrison
Jody Casey
Brian Parrino
