Manage, Govern AI Assets with Microsoft Purview’s New AI Hub This blog post was authored by Patrick Anderson - Managing Director, Microsoft, Joe Marcum - Managing Director, Security and Privacy and Antonio Maio - Managing Director, Microsoft on Protiviti's technology insights blog.From personal digital assistants to autonomous vehicles, artificial intelligence (AI) is revolutionising how we interact with technology and each other. Amidst this landscape, Microsoft Copilot and Open AI’s ChatGPT stand at the forefront, harnessing transformative technologies such as Generative Pretrained Transformers (GPT) and Large Language Models (LLM). These advanced tools leverage natural language processing to understand and generate human-like responses from vast quantities of data, performing a wide array of tasks such as sentiment analysis, question answering, summarisation and image and text generation. As we continue to explore new frontiers in AI innovation, trends suggest a future increasingly guided by these powerful platforms which are not only enhancing our abilities but also shaping a future where AI’s influence permeates every aspect of our lives.AI and LLMs offer tremendous benefits for enterprises that want to leverage the power of natural language for their business. AI and LLMs can help enterprises improve customer service, enhance productivity, optimise processes, generate insights and create new value. However, AI and LLMs also pose significant challenges for enterprises that want to use them effectively and responsibly. AI and LLMs require a lot of data, computing power and expertise to train, deploy and maintain. They also raise questions about ethical, legal and social issues, such as data privacy, security, bias, fairness, accountability and transparency. It is also important to note that LLMs are not necessarily trained for accuracy; rather they are trained to provide the next best conversational response to a query. The amount of data that needs to be managed and governed is growing exponentially and with the onset of generative AI, the generation of new unstructured data is significantly impacting the data footprint that needs to be discovered, protected and monitored. Topics Cybersecurity and Privacy Digital Transformation Technology Enablement Industries Technology, Media and Telecommunications Managing and governing AI assetsMicrosoft Purview is Microsoft’s suite of data security solutions providing a single place to discover, protect and manage data across the corporate environment for privacy, compliance and security. Microsoft Purview allows users to discover, protect and monitor prompts and responses, using Generative AI data across internal and external tools. These solutions are essential for AI to operate in a well-governed manner, but they are also of paramount importance to enterprises that are quickly adopting technology without thought to the care and usage of the data being shared and exported from these enabling tools. Microsoft has recently announced the Microsoft AI Hub, which leverages the capabilities of Purview to discover, protect and manage an organisation’s AI usage in a single pane of glass.The essential capabilities of the Purview AI Hub are the ability to discover generative AI activity, including the use of sensitive data in a wide variety of generative AI apps and websites. Microsoft Purview can protect Copilot interactions by preventing sensitive unauthorised access of sensitive data and, more specifically, the Purview AI Hub can monitor, alert or even prevent users from sending sensitive information to generative AI sites (see full list here). Ultimately, it can detect and mitigate business risks and regulatory violations while using generative AIAI Hub in Purview helps users overcome these data protection challenges and maximise the benefits of using AI and LLMs in the enterprise context.The Microsoft Purview AI Hub and the policies it enforces are closely linked to Microsoft Purview Endpoint DLP and require devices to be onboarded for Endpoint DLP. The AI Hub comes with built-in policies that can be enabled with one click and customised to either scope them for specific users/groups or tailor them to organisational requirements. The built-in policies include:Discover sensitive prompts in AI assistants (a long list of AI assistants are already supported.Detect when users access the web browser to visit other AI assistantsEnable adaptive protection in AI assistants through integration with Microsoft Purview Insider Risk ManagementAdministrators and data protection teams can also use the Microsoft Purview Activity Explorer to monitor AI interactions by users and be alerted when a DLP rule matches with a user’s interaction with a generative AI site. The top concerns for security leaders include ethical, legal, and regulatory risk from AI utilisation. As organisations increase adoption of AI capabilities, additional regulations will be enacted to support responsible utilisation while protecting sensitive personal data. While the EU AI Act, along with frameworks from NIST and ISO, provide guidance for adoption, risk identification and mitigation, developing a comprehensive and sustainable framework for AI that considers the strategic implications unique to the organisation is essential.Microsoft Purview supports AI across the enterpriseBridging the gap between proactive monitoring and the necessity for comprehensive AI governance, Microsoft Purview Compliance Manager’s new Premium AI templates offer a strategic solution to manage and report on AI compliance risk, ensuring ethical and legal AI utilisation aligns with organisational standards and upcoming regulations. Microsoft Purview Compliance Manager supports AI compliance through four new Premium AI templates (current templates) to help assess, manage and report on AI compliance risk. These templates identify best practices, monitor AI interactions, prevent inappropriate sharing of sensitive data in AI applications and manage retention and deletion policies for AI interactions. Compliance Manager includes real-time monitoring across Multi Cloud and Software as a Services (SaaS) applications and should be reviewed as part of a broad AI governance program.Copilot for Microsoft 365 thrives on data and is most impactful when leveraging access to unstructured data throughout the organisation, therefore successful deployment and utilisation requires access to current and relevant data. However, most organisations already struggle with data proliferation, management and protection. As organisations move forward to adopt AI, critical focus must be applied to ensure strong data management across the enterprise. This includes removing stale and outdated data, protecting critical and sensitive data and proactively identifying inappropriate use. Microsoft Purview Data Lifecycle and Records Management capabilities enable organisations to defensibly dispose of data that is no longer needed. By leveraging policies and labels within these tools, organisations can stay compliant with regulations for data retention, reduce their attack surface by disposing of data that is no longer needed and enable Copilot for Microsoft 365 to access the most relevant and up-to-date information to provide the most relevant and useful responses.Microsoft Purview eDiscovery Premium enables eDiscovery and legal teams to discover what types of information users are entering into Copilot for Microsoft 365 prompts, and what types of responses they are receiving. This is an essential capability when investigating potential malicious use of AI in organisations or performing compliance assessments on how information is being shared through generative AI.AI Hub in Purview, along with Purview data protection capabilities, provides a new way to manage AI assets responsibly with a focus on security and compliance.To learn more about our Microsoft consulting solutions, contact us. Featured insights BLOGS Building a Business Case for Copilot for Microsoft 365 – A Game-Changer for Business Efficiency With the rapid rise in artificial intelligence (AI) tools, companies are updating technologies and processes as quickly as budgets allow. Industries are transforming rapidly as the drivers for economic growth are evolving. BLOGS Improving Financial Services’ Efficiency with Copilot for Microsoft 365 In an era of rapid technological advancement, businesses are increasingly turning to artificial intelligence (AI) to enhance productivity, streamline processes and improve decision-making. One such tool making waves in the financial services sector... BLOGS Building an Accessibility Culture with Copilot for Microsoft 365 Organisations across the U.S. recognise the criticality of accessibility for both consumers and employees. This concern dates to the early 2000s, when several well-known brands were targeted by lawsuits that ultimately changed how e-commerce works.... BLOGS Navigating the GenAI course with Microsoft Copilot Generative artificial intelligence (GenAI) is a hot topic these days, and not just in the IT world. The statistics indicate off-the-charts interest in GenAI’s capabilities, with AI spending predicted to more than double to $300 billion by 2026.... BLOGS Capabilities, limitations of Microsoft’s native SoD tool Segregation of duties (SoD) is a well-known term among auditors and anyone who has ever been audited. SoD is the understanding that no user should have access to two conflicting business functions that would allow a user to commit fraud or error (e.g... BLOGS Creating Read-Only Roles for Microsoft Dynamics 365 Finance and Supply Chain Management This blog post was authored by Sarah Guthrie - Senior Consultant, Enterprise Application Solutions on Protiviti's technology insights blog. In today’s fast-paced business landscape, organisations rely heavily on robust enterprise resource planning... BLOGS Migrating Security from Microsoft Dynamics 365 Finance and Supply Chain Management Microsoft Dynamics 365 Finance and Supply Chain Management (D365 F&SCM) publishes security changes with new code releases. These changes are automatically applied to out-of-the-box security roles, duties and privileges when the code is upgraded... Button Button