Data Security Posture Management for AI

November 2025

Data Governance

• General availablity (GA): Unified Catalog is now generally available in the West Central US region; see all supported regions.
• Updated: Sensitivity labels can now be applied to 11 more Data Map data sources: Azure Cosmos DB for SQL API, Azure Data Explorer, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Databricks Unity Catalog, Azure SQL Managed Instance, Azure Synapse Analytics (Workspace), Snowflake, SQL Server, Amazon S3, Microsoft Dataverse.
• In preview: Create workflows within Unified Catalog to automate the process of granting access to data products, and for publishing data products and glossary terms.

Data Loss Prevention

• Updated: Get started with Endpoint Data Loss Prevention Just-In-Time file protection.
• In preview: Get started with data loss prevention protections for Recall helps protect against sensitive content being included in Recall snapshots on Copilot+ PCs.
• In preview: For Ignite Block sensitive information types in prompts provides the ability to block specific sensitive information types from being used in prompts to Microsoft 365 Copilot and Copilot Chat. When a user attempts to use sensitive information types that are blocked by the DLP policy, they will receive a notification informing them that the prompt cannot be completed.
• General availability (GA): For Ignite Block files and emails with sensitivity labels from being used in response summaries is released to general availability.
• In preview: Use Network Data Security to help prevent sharing sensitive information with unmanaged AI. You can enforce DLP protections on network traffic for Microsoft Entra GSA Internet Access to help prevent users from sharing sensitive information with unmanaged AI apps (files only).
• general availability: Learn about Microsoft Purview Network Data Security for third-party SASE network security solutions.

Data Security Posture Management for AI

• In preview: To help you more confidently adopt Microsoft 365 Copilot, custom data risk assessments now include item-level scanning with remediation for potentially overshared files in SharePoint.

Data Security Investigations (preview)
In preview: Use Search with AI (preview) to ask natural language questions or enter keywords with a specific focus to narrow down items for review. AI Search supplements vector search and extends AI capabilities when analyzing your data.

Data Lifecycle Management

• General availability (GA): Priority cleanup support for SharePoint and OneDrive.

Insider Risk Management

• In preview: Pay-as-you-go usage reports provide transparency and enable more accurate budget planning and policy tuning.

Purview

• In preview: Manage pay-as-you-go and per-user licensing usage - TheUsage center lets you see your pay-as-you-go billing usage for Microsoft Purview capabilities, as well as your per-user licensing usage. You can drill down to specific policies, workloads and features and toggle pay-as-you-go on/pause. The Premium usage report shows you the number of seats that are protected by Microsoft Purview policies but unlicenses and licensed but unprotected empowering you to optimize your licensing usage.

Security Copilot Agents in Purview

• New: Get started with the Microsoft Purview Triage Agent in Data Loss Prevention (preview) to include new configuration flow and feedback functionality as a stand alone article.
• New: Get started with the Microsoft Purview Triage Agent in Insider Risk Management (preview) as a stand alone article.

Sensitivity labels

• New: RAG-based Foundry apps and agents built with AI search as the knowledge retrieval service can honor sensitivity labels the same way as Microsoft 365 Copilot does. For encrypted items, a user must have the EXTRACT usage right, as well as VIEW, for these items to be returned in search results.
• General availability (GA): SharePoint document libraries can be configured for a sensitivity label to extend permissions to downloaded documents, and protect files from being copied or moved. For more information, see Configure SharePoint with a sensitivity label to extend permissions to downloaded documents. Microsoft 365 Copilot can access unopened files that are labeled with this configuration.