Microsoft Purview is set to introduce a set of security policies for risky AI usage

The new policies will be previewed in July, followed by a general release in September.

4 min. read

Published onApril 23, 2024

published onApril 23, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

AI has become a tech industry trend for over 2 years now, with tech companies placing all the bets on it, and using it as an essential part of modern computing. However, after bad actors started to see in AI a new way to conduct disastrous cyber attacks, the enthusiasm has also started to slow down.

Earlier this year, Microsoft in a partnership with OpenAI, the company behind the world’s most popular AI model, released a report chronicling and explaining how bad actors from Russia, Iran, China, or North Korea used AI to initiate various cyber attacks.

Suddenly AI wasn’t seen as an enthusiasm, but as a threat, as well. And Microsoft, it seems, might finally admit that AI could become a serious security risk to organizations if left unchecked.

The Redmond-based tech giant is updating Microsoft Purview, its corporate-oriented platform for IT admins, managers, and security experts, to recognize, and deal with possible risky AI usage.

According tothe latest entryto the Microsoft 365 Roadmap, the new update will be previewed in July 2024, with a general availability scheduled for September 2024.

So, what exactly is risky AI usage, according to Microsoft? Well, the Redmond-based tech giant says that any intentional or unintentional risk activity on generative AI apps an organization uses can pose a risk to that organization, so it will automatically be labeled as risky AI usage.

These intentional or unintentional risk activities are varied: from prompts containing sensitive info or risky intent and sensitive responses containing sensitive info to using AI to generate data from sensitive files or sites.

Microsoft Purview will be updated to cover risky AI usage from Microsoft Copilots, to 3P generative AI apps, and it will automatically detect AI-based cyber attacks that end up in IP theft, data leakage, and security violations. The platform will also allow customers to create their own policies to combat risky AI usage according to specific characteristics of their organization.

With this update, Insider risk management will help admins identify risky AI usage. We are adding new detections of intentional and unintentional insider risk activity on generative AI apps that can pose a risk to an organization. Activities will include risky prompts containing sensitive info or risky intent and sensitive responses containing sensitive info or is generated from sensitive files or sites. Coverage will span across Microsoft Copilots and 3P generative AI apps. These detections will also contribute to Adaptive Protection insider risk levels. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Purview will also be updated to ease multiple processes: for instance, the platform will make it easier to implement onboarding processes that dealwith setting up new devices to the organization’s network.

The platform will also get a new unified experience that offers access to all solutionsin one single place. The new portal will allow IT admins, managers, and cybersecurity experts to access data security, data governance, and risk and compliance solutions for all data, no matter where this data is located. They can also access other settings, such as global search, recommendations, and roles and permissions management, everything in a single portal.

Microsoft Purview will have all the tools to deal with the looming threat of AI-based cyber attacks, but it might be time for the industry tech to admit the obvious: AI is also extremely dangerous.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Microsoft Purview is set to introduce a set of security policies for risky AI usage#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft Purview is set to introduce a set of security policies for risky AI usage