Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Once you have integrated Purview APIs into your application, you can follow the steps below to test the integration.
Scenario
Data for AI interactions shows up in Purview across Posture Management, Compliance, and Governance solutions.
Setup test
DSPM for AI - Enable the following 1-click policies within DSPM for AI. This enables Purview to collect AI interactions from your GenAI applications and enable risk analytics and all the other Purview solutions for this data.
- Enable Purview Audit in DSPM for AI Overview page
- Turn on the following policies within Recommendations:
- DSPM for AI - Capture interactions for enterprise AI apps (DSPM for AI)
- DSPM for AI - Unethical behavior in AI apps (Communication Compliance)
- DSPM for AI - Risky AI usage (IRM)
Application: Initiate a few interactions in the AI application (that is, generate prompts and responses), some of which can include sensitive information types (SITs predefined in Purview or custom SITs)
Allow a few minutes for the data to land in Purview and for Purview solutions to showcase the data classifications and data in the respective solutions.
Run test
In DSPM for AI, look for
- Reports: Filtered by Enterprise AI apps
- Activity explorer: AI interaction & Sensitive info types for the test interaction
Purview Audit: Create Audit logs using the following filters to verify AI interaction data is sent to audit and create audit logs
- ConnectedAIApp in Workloads
- (OR) connectedAIAppInteraction in “Activities – operation names”
Insider Risk Management:
- Create a “Risky AI Usage (preview)” policy to trigger alerts for “Generative AI app -> Enterprise AI apps” in indicators.
- Interact with your application (prompts and responses) that would trigger this policy and look for alerts generated against the policy within IRM.
Communication Compliance:
- Create a policy to trigger alerts for Enterprise AI apps.
- Interact with your application (prompts and responses) that would trigger this policy and look for alerts generated against the policy within the Communication Compliance solution.
eDiscovery:
- Create an eDiscovery case with the following KQL query in the search filter ItemClass=IPM.SkypeTeams.Message.ConnectedAIApp.Entra.YourEntraAppID
- To view the prompts and responses – select add to review set and create a review set. Check the review set for the actual data for validation.
- In the review set, filter again as needed. Look for your app’s prompts and responses as returned search results in the eDiscovery case
Data Lifecycle Management (DLM): Create a data retention policy via DLM with ___location = “Enterprise AI app” where you can custom define what data to retain and how long to retain it for.
See Also
Microsoft Purview SDK overview
Data Security and Compliance for GenAI