Step 1 – Scenario

The requirement is to ensure Microsoft Purview Insider Risk Management can collect signals when a user copies files to a USB device using their default browser. The devices differ by browser type:

Device1 → Default browser = Microsoft Edge

Device2 → Default browser = Google Chrome

Step 2 – Signal collection methods in Insider Risk Management

Insider Risk Management uses Microsoft Purview Information Protection client and Purview browser extensions to collect activity signals.

For Microsoft Edge (Chromium-based), insider risk signals are collected via the Microsoft Purview Information Protection client.

For Google Chrome, signals are collected through the Microsoft Purview extension (available in the Chrome Web Store).

The Microsoft Defender Browser Protection extension is for web protection against malicious sites, not for insider risk activity signals, so it is irrelevant here.

Step 3 – Microsoft Reference

Microsoft documentation:

“For insider risk signals collection in Microsoft Edge, the Microsoft Purview client must be deployed. For Google Chrome, the Microsoft Purview extension is required.”

To track interactions between users and generative AI websites in Microsoft Purview Audit, you need to deploy the Microsoft Purview browser extension to the devices. This extension enables tracking of user activities on web-based applications, including AI-related tools like ChatGPT, Microsoft Copilot, and other generative AI platforms.

Microsoft Purview extension provides visibility into browser-based activities, including AI tool usage, ensuring compliance and risk management within Microsoft Purview. This extension works with Microsoft Edge and Google Chrome to track and log user interactions.

The sensitivity label Label1 assigns permissions (User1 = Co-Author, User2 = Reviewer, User3 = Viewer) and enables Double Key Encryption (DKE). Microsoft 365 Copilot can summarize content only when the service can access the file using the user’s permissions. Content protected with Double Key Encryption is not accessible to Microsoft cloud services (including Copilot); as a result, Copilot cannot open or process DKE-protected files for any user, even if they can open the file themselves in Office apps.

Therefore, no user can use Microsoft 365 Copilot to summarize File1.

This question is about creating a one-click policy within Microsoft Purview's Data Security Posture Management for AI portal. These policies are designed to mitigate risks associated with sensitive data and AI websites. The correct configuration for this specific scenario is to select "Test it out first" and apply the policy to "Devices, Instances, and SharePoint sites." This configuration is based on Microsoft's recommended practices for deploying data loss prevention (DLP) and similar policies.

Policy Mode: "Test it out first"

Microsoft recommends using test mode for new policies to evaluate their impact and effectiveness before enforcing them. This approach prevents unintended disruptions to user workflows. In test mode, the policy monitors and audits the specified activities without blocking them. It generates alerts and reports, allowing administrators to review the policy's behavior and make necessary adjustments. This aligns with the principle of "start small, then scale," ensuring that a policy designed to block sensitive data transfers doesn't inadvertently prevent legitimate business activities.

Policy Scope: "Devices, Instances, and SharePoint sites"

The policy aims to block users from pasting or uploading sensitive data to AI websites. This requires a comprehensive scope to cover all potential data exfiltration points.

Devices: This covers the user's local device, preventing data from being uploaded or pasted from applications running on the machine. This is crucial for controlling data from endpoints.

Instances: This refers to SaaS (Software as a Service) instances, including AI websites. Applying the policy to instances ensures that data transfers to these external services are monitored and controlled.

SharePoint sites: Data residing in SharePoint is a common source of sensitive information. Including SharePoint sites in the policy scope ensures that data cannot be directly copied from these locations and uploaded to AI websites, providing a holistic security posture.

By selecting "Devices, Instances, and SharePoint sites," the policy is configured to monitor and protect data across the most common sources and destinations, providing a robust defense against data exfiltration to AI services. This comprehensive approach is a cornerstone of modern data security strategies in Microsoft 365.

This information is verifiable through Microsoft's official documentation for Microsoft Purview, particularly sections related to Data Loss Prevention (DLP) policies and Data Security Posture Management for AI. The best practice of "test first" and the broad scope for sensitive data protection are consistently recommended.

Since you need to automatically apply a sensitivity label to resumes based on their content and structure (work experience, education, accomplishments), a trainable classifier is the best choice.

Trainable classifiers use machine learning to identify unstructured data, such as resumes, contracts, or legal documents. Instead of relying on predefined patterns (like keywords or regular expressions), a trainable classifier learns from sample documents and can accurately identify resumes even if they are formatted differently.

Final Approach:

● Train a trainable classifier using sample resumes.

● Deploy the classifier in Microsoft Purview.

● Configure a sensitivity label to be automatically applied when a document matches the classifier.

User1: Since the Microsoft Purview browser extension is installed on Device1, AI-related activity performed by User1 (generating an image using a generative AI website) can be reviewed in Activity explorer in DSPM for AI.

User2: Since Device2 does not have the Microsoft Purview browser extension installed, AI-related activity cannot be tracked in DSPM for AI. Instead, Audit log search should be used to review activity such as using Microsoft 365 Copilot.

User3: Since Device3 has the Microsoft Purview browser extension installed, AI-related activity (browsing sample content on a generative AI website) can be reviewed using Activity explorer in DSPM for AI.