Skip to content

Control 1.5: Data Loss Prevention (DLP) and Sensitivity Labels

Overview

Control ID: 1.5 Control Name: Data Loss Prevention (DLP) and Sensitivity Labels Regulatory Reference: FINRA 4511, SEC Reg S-P, GLBA 501(b), SOX 404 Setup Time: 2-4 hours

Purpose

Prevent sensitive financial data from unauthorized exposure through AI agents by implementing DLP policies that detect and block sensitive information in agent knowledge sources, user prompts, and agent responses. This control helps protect customer PII, financial data, and trading information when accessed or processed by Microsoft 365 Copilot and Copilot Studio agents.

Description

Data Loss Prevention policies protect sensitive information from unauthorized exposure through AI agents. When combined with sensitivity labels, DLP provides comprehensive data protection across Microsoft 365 Copilot, Copilot Studio agents, and other AI applications. Integration with DSPM for AI enables oversharing detection and AI-specific policy enforcement.

US-only scope note

This control implementation guidance is U.S.-only:

  • Use U.S. identifiers (e.g., SSN, ITIN, U.S. bank account/routing formats, CUSIP, FINRA CRD) and organization-specific internal identifiers.
  • Avoid non-U.S. examples or patterns. If your organization operates outside the U.S., create a separate addendum with jurisdiction-specific DLP policies, SITs, and validation steps.

Dependency: Sensitive Information Types (Control 1.13)

DLP effectiveness depends on Sensitive Information Types (SITs). Implement and validate SITs per Control 1.13 before enforcing DLP in AI scenarios.

See DLP for M365 Copilot for AI-specific DLP capabilities.

DLP Enforcement Status Update (2025)

DLP Enforcement Now Enabled by Default

As of early 2025, data policy enforcement for Copilot Studio is enabled by default for all tenants (per Microsoft message center alert MC973179). Organizations no longer need to manually enable DLP enforcement. (Source)

This means:

  • New tenants automatically have DLP enforcement active for Copilot Studio
  • Existing tenants were migrated to enabled status in early 2025
  • DLP policies targeting Copilot Studio connectors are now enforced immediately

Copilot Studio Channel Connectors (6 Total)

DLP policies can control which publishing channels Copilot Studio agents can use. Microsoft supports 6 channel connectors:

# Channel Connector Description
1 Direct Line channels Web chat, custom apps via Direct Line API
2 Microsoft Teams + M365 Teams chat and M365 surfaces
3 Facebook Facebook Messenger integration
4 Omnichannel Dynamics 365 Omnichannel for Customer Service
5 SharePoint SharePoint site embedding
6 WhatsApp WhatsApp Business integration

Blocking Agent Publishing

To prevent agents from being deployed (while still allowing creation), block ALL 6 channel connectors via DLP. If no channels are allowed, agents cannot be published to any audience. See Control 1.1 for the "Sterile Default Environment Strategy."

Source: DLP Example 6 - Channel Control

Key Capabilities

Capability Description FSI Relevance
AI-aware DLP policies Policies targeting AI applications Prevent sensitive data in AI
Sensitivity label enforcement Block/warn based on labels Classification-based protection
Oversharing assessment Identify data exposure risks Risk identification
DSPM integration Unified AI data protection Comprehensive visibility

DLP for AI Applications

AI-Specific DLP Policies

DLP policies can specifically target AI applications:

Policy Type Description Use Case
Detect sensitive info added to AI sites Monitor sensitive data in AI knowledge sources Prevent exposure via grounding data
Detect sensitive info shared in AI prompts Monitor user prompts for sensitive content Prevent data leakage in queries
Block sensitive info in agent responses Prevent agents from returning sensitive data Response filtering

Configuring AI DLP Policies

  1. Open Microsoft Purview
  2. Navigate to Data loss prevention → Policies
  3. Create or modify a policy (start in Test with notifications when possible)
  4. Select only the in-scope AI locations:
    • Microsoft 365 Copilot (prompts and responses)
    • Copilot Studio (agent interactions)
    • Optional: SharePoint/OneDrive/Teams/Exchange only if you intend to control those workloads as well
    • Optional (endpoints): Devices if your tenant uses Purview Endpoint DLP and you want endpoint enforcement for AI-related exfiltration paths
  5. Configure conditions using SITs (see Control 1.13) and/or sensitivity labels
  6. Choose actions appropriate to the governance tier (Audit, Warn, Block)
  7. Save, publish, and allow time for propagation before declaring pass/fail test results

AI DLP setup steps (Copilot prompts/responses)

Use these steps to validate that AI-specific DLP is correctly targeted and producing audit-ready outputs before enforcement.

  1. Confirm prerequisites:
    • Required roles are assigned (see Prerequisites)
    • Unified audit logging is enabled (see Dependencies)
    • SITs are validated per Control 1.13
  2. Create a dedicated policy for AI interactions first (avoid combining with broad workload DLP until stable).
  3. Ensure the policy scope includes only the intended AI locations:
    • Microsoft 365 Copilot (prompts and responses)
    • Copilot Studio (agent interactions)
  4. Start in Test with notifications:
    • Enable user notification where appropriate for the tier (Warn/Block)
    • Enable incident reports for Tier 2-3 scenarios that require evidence
  5. Execute the U.S.-only test cases in this document and confirm:
    • Expected Warn/Block behavior occurs
    • Events appear in audit/incident reporting within expected propagation time
  6. Only after the test suite passes, switch the policy to Enforce for Tier 3 use cases.

See Create DLP policies for detailed steps.

DSPM for AI Integration

DLP policies integrate with DSPM for AI for unified management:

Viewing DLP Policies in DSPM

  1. Navigate to DSPM for AI → Policies
  2. Expand Data Loss Prevention section
  3. View AI-related DLP policies and status

Example AI DLP Policies

Policy Name Solution Purpose
DSPM for AI: Detect sensitive info added to AI sites Data Loss Prevention Monitor knowledge sources
DSPM for AI - Detect sensitive info shared in AI prompts in Edge DSPM for AI Browser-based protection

Oversharing Assessments

What is Oversharing?

Oversharing occurs when sensitive data is accessible to more users than necessary, creating risk when AI agents access that data as grounding content.

DSPM Oversharing Detection

DSPM for AI provides oversharing assessments:

  1. Navigate to DSPM for AI → Data risk assessments
  2. Review Assess and prevent oversharing section
  3. Follow three-step process:
  4. Identify: Review weekly assessment results
  5. Protect: Apply labels and retention policies
  6. Monitor: Conduct access reviews

Custom Oversharing Assessments

Create targeted assessments for agent knowledge sources:

  1. Click + Create custom assessment
  2. Select data sources (SharePoint sites used by agents)
  3. Define user scope
  4. Review overshared items count
  5. Remediate excessive permissions

Sensitivity Labels

Label-Based Protection for Agents

Label Agent Access Recommendation
Public Full access All governance tiers
Internal Full access All governance tiers
Confidential Restricted Team/enterprise agents only
Highly Confidential Blocked Block from all agents

Define a small, auditable taxonomy first; add optional sub-labels only when you can enforce and measure them.

Label What it means Typical content Default AI/DLP posture
Public Approved for public release Marketing content, public disclosures Allow; audit optional
Internal Business-use only; low sensitivity Internal procedures, org charts Allow; audit recommended
Confidential Customer NPI / regulated internal data Customer contact details, KYC docs, account metadata Warn or block depending on workflow; always log
Highly Confidential High impact if exposed Full customer PII sets, trading strategies/MNPI, privileged security data Block by default; incident report

Taxonomy rules (recommended):

  • Use consistent naming and avoid jurisdiction-mixing (this document is U.S.-only).
  • Decide who can apply labels (manual vs auto-labeling) and document the decision.
  • Publish labels to:
    • Users who create or handle the content
    • Owners/operators of agents that can access labeled knowledge sources
    • Compliance/SecOps roles who investigate DLP events

Configuring Label-Based DLP

  1. Create sensitivity labels in Purview
  2. Apply labels to content
  3. Create DLP policy with label conditions
  4. Configure actions:
  5. Highly Confidential: Block agent access
  6. Confidential: Warn user, log access
  7. Internal/Public: Allow access

Agent Knowledge Source Labels

For SharePoint sites used as agent knowledge sources:

Content Type Recommended Label DLP Action
Customer PII Confidential Warn + Log
Financial data Highly Confidential Block
Internal docs Internal Allow
Public content Public Allow

Prerequisites

Primary Owner Admin Role: Purview Compliance Admin Supporting Roles: Purview Info Protection Admin

Licenses Required

License Purpose Required For
Microsoft 365 E5 Full DLP and sensitivity labels All governance levels
Microsoft 365 E5 Compliance Standalone compliance suite Alternative to E5
Microsoft Purview Data Loss Prevention DLP capabilities Level 2+
Microsoft Purview Information Protection Sensitivity labels All levels

Permissions Required

Role Purpose Assignment Method
Compliance Administrator Create and manage DLP policies Entra ID
Information Protection Admin Manage sensitivity labels Entra ID
Security Administrator View DLP reports and alerts Entra ID
Compliance Data Administrator Access compliance data Purview RBAC

Dependencies

Dependency Description Verification
Microsoft Purview portal DLP management interface Access https://purview.microsoft.com
Sensitive Information Types (SITs) SITs power DLP detection and tuning Implement Control 1.13
Sensitivity labels Labels must be created and published Check Purview → Information protection
Unified audit logging Required for DLP event logging Verify in Purview → Audit
DSPM for AI Optional but recommended Check DSPM availability in tenant
Purview Endpoint DLP (optional) Extends enforcement to Windows endpoints for exfiltration paths Verify Data loss prevention → Endpoint DLP settings

Pre-Setup Checklist

  • [ ] E5 or E5 Compliance licenses assigned to users
  • [ ] Sensitivity label taxonomy defined for organization
  • [ ] Labels published to target users and groups
  • [ ] DLP administrator access verified
  • [ ] Agent inventory completed (know what agents access which data)
  • [ ] Control 1.13 SITs implemented and validated (built-in + any required custom SITs)
  • [ ] Sensitive information types selected for this DLP policy scope (e.g., SSN, ABA routing, U.S. bank account)
  • [ ] Decide whether Endpoint DLP is in-scope for AI-related exfiltration paths (optional)

Governance Levels

Level 1 - Baseline

Requirement Configuration
Basic DLP Policies for common sensitive info types
Labels defined Sensitivity label taxonomy created
Agent awareness Identify what data agents can access

Minimum requirements:

  • DLP policies for PII, financial data
  • Sensitivity labels published
  • Document agent data access patterns
Requirement Configuration
AI-specific DLP Policies targeting AI applications
Label enforcement DLP conditions based on labels
Oversharing review Quarterly DSPM assessments
DSPM integration DLP policies visible in DSPM

FSI recommendations:

  • Enable "Detect sensitive info added to AI sites" policy
  • Configure label-based blocking for Highly Confidential
  • Quarterly oversharing assessments for agent knowledge sources
  • Weekly review of DLP alerts related to AI

Level 4 - Regulated/High-Risk

Requirement Configuration
Comprehensive DLP All AI touchpoints covered
Mandatory labels Auto-labeling for sensitive content
Real-time blocking Block mode for enterprise-managed agents
Continuous assessment Monthly custom oversharing assessments

FSI requirements:

  • Block enterprise-managed agents from Highly Confidential content
  • Auto-labeling for customer data repositories
  • Real-time DLP alerts to SOC
  • Monthly oversharing assessments with remediation tracking
  • Integration with DSPM for unified reporting

Setup & Configuration

Governance Tier DLP Configuration

Tier DLP Mode Label Requirement Oversharing Review
Tier 1 Audit only Optional Annual
Tier 2 Warn Recommended Quarterly
Tier 3 Block Mandatory Monthly

SIT foundation (Dependency: Control 1.13)

Before enforcing DLP for AI interactions, confirm SIT readiness:

  1. Review the SIT inventory in Purview (Data classification → Classifiers → Sensitive info types).
  2. Validate key U.S.-only SITs with a small set of sanitized test data (see Control 1.13).
  3. If you use custom SITs (e.g., internal account identifiers), validate and document:
    • Regex/pattern logic
    • Supporting keywords
    • False-positive exclusions
    • The minimum count/confidence you will require in DLP rules

If SITs are not validated first, DLP “false negative” troubleshooting becomes guesswork.

Create an AI-scoped DLP policy (Purview UI)

Use the smallest policy surface area that meets the requirement.

  1. Purview → Data loss prevention → Policies+ Create policy
  2. Choose a template closest to your need (Financial/Privacy) or start from Custom
  3. Name the policy with an auditable convention (example): FSI-AI-DLP-Data-Protection
  4. Select locations:
    • Microsoft 365 Copilot
    • Copilot Studio
    • Optional: Devices (Endpoint DLP) if in scope
  5. Add rules using:
    • SIT-based conditions (preferred for detection)
    • Label-based conditions (preferred for enforcement posture)
  6. Configure actions by tier (Audit/Warn/Block), enable user notifications if appropriate, and configure incident reports
  7. Run in Test with notifications first, execute the test cases in this document, then move to Enforce when results are acceptable

Extend to endpoints (optional; avoid overreach)

If your risk model includes endpoint exfiltration (copy/paste, print, USB, browser uploads), use Purview Endpoint DLP targeted to:

  • The specific devices/groups that use AI tools for work
  • The specific sensitive content scope (SITs/labels)

Avoid tenant-wide device blocking unless the organization has explicitly approved that operational impact.

Policy Templates for FSI

Customer Data Protection

Policy: Protect Customer PII in AI
Locations: M365 Copilot, Copilot Studio
Conditions:

- Sensitive info types: SSN, Account Numbers, Credit Card
- OR Sensitivity label: Confidential, Highly Confidential
Actions:

- Tier 1-2: Warn user, log event
- Tier 3: Block access, notify compliance

Financial Data Protection

Policy: Block Financial Data in AI Responses
Locations: Copilot Studio agents
Conditions:

- Sensitive info types: Financial statements, Trading data
- Sensitivity label: Highly Confidential
Actions:

- Tier 2: Warn, log event, incident report (as configured)
- Tier 3: Block, notify security team (incident report)

PowerShell Configuration

Connect to Security & Compliance Center

# Install module if needed
Install-Module -Name ExchangeOnlineManagement -Force

# Connect to Security & Compliance Center
Connect-IPPSSession -UserPrincipalName admin@contoso.com

# Verify connection
Get-DlpCompliancePolicy | Select-Object Name, Mode, Enabled

Create AI-Focused DLP Policy

# Create DLP policy for AI applications
$policyParams = @{
    Name = "FSI-AI-Data-Protection"
    Comment = "Protect sensitive data in AI applications"
    Mode = "Enable"  # Use "TestWithNotifications" for testing
    Priority = 1
    ExchangeLocation = "All"
    SharePointLocation = "All"
    OneDriveLocation = "All"
    TeamsLocation = "All"
}

$policy = New-DlpCompliancePolicy @policyParams

# Create rule for SSN protection
$ruleParams = @{
    Name = "Block SSN in AI Interactions"
    Policy = "FSI-AI-Data-Protection"
    ContentContainsSensitiveInformation = @{
        Name = "U.S. Social Security Number (SSN)"
        minCount = 1
    }
    BlockAccess = $true
    NotifyUser = "SiteAdmin"
    GenerateIncidentReport = "SiteAdmin"
}

New-DlpComplianceRule @ruleParams

Create Sensitivity Label-Based DLP Rule

# Rule to block Highly Confidential content in AI
$labelRuleParams = @{
    Name = "Block Highly Confidential from AI"
    Policy = "FSI-AI-Data-Protection"
    ContentPropertyContainsWords = @{
        "Document.SensitivityLabel" = "Highly Confidential"
    }
    BlockAccess = $true
    NotifyUser = "SiteAdmin,LastModifier"
    NotifyEndpointUser = "NotifyUser"
    GenerateIncidentReport = "SiteAdmin"
    IncidentReportContent = "All"
}

New-DlpComplianceRule @labelRuleParams

Audit DLP Policies

# Get all DLP policies and their status
Get-DlpCompliancePolicy | Format-Table Name, Mode, Enabled, CreatedBy, WhenCreated

# Get DLP rules for a specific policy
Get-DlpComplianceRule -Policy "FSI-AI-Data-Protection" |
    Select-Object Name, Priority, BlockAccess, Disabled

# Get DLP policy details
Get-DlpCompliancePolicy -Identity "FSI-AI-Data-Protection" |
    Select-Object * | Format-List

# Export policy configuration for documentation
Get-DlpCompliancePolicy |
    Select-Object Name, Mode, Enabled, SharePointLocation, TeamsLocation, ExchangeLocation |
    Export-Csv -Path "DLP-Policies-Report.csv" -NoTypeInformation

Monitor DLP Alerts

# Search audit log for DLP events
$startDate = (Get-Date).AddDays(-30)
$endDate = Get-Date

Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate `
    -RecordType DLP -ResultSize 5000 |
    Select-Object CreationDate, UserIds, Operations, AuditData |
    Export-Csv -Path "DLP-Audit-Log.csv" -NoTypeInformation

# Parse DLP events for AI-related incidents
$dlpEvents = Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate `
    -RecordType DLP -ResultSize 1000

foreach ($event in $dlpEvents) {
    $data = $event.AuditData | ConvertFrom-Json
    if ($data.Workload -match "Copilot|Agent") {
        Write-Host "AI DLP Event: $($data.Operation) - $($data.ObjectId)"
    }
}

Get Sensitivity Label Statistics

# Connect to Microsoft Graph for label info
Connect-MgGraph -Scopes "InformationProtectionPolicy.Read.All"

# Get sensitivity labels
Get-MgBetaInformationProtectionSensitivityPolicyLabel |
    Select-Object Id, Name, Description, IsDefault |
    Format-Table

# Check label usage via compliance search
$labelSearch = New-ComplianceSearch -Name "Highly-Confidential-Content" `
    -ContentMatchQuery 'SensitivityLabelId:<label-guid>' `
    -ExchangeLocation All -SharePointLocation All

Start-ComplianceSearch -Identity "Highly-Confidential-Content"

Financial Sector Considerations

Regulatory Mapping

Regulation DLP Requirement Control Implementation
FINRA 4511 Protect customer records Block customer PII in AI responses
SEC Reg S-P Privacy protection Sensitivity labels on customer data
GLBA 501(b) Safeguard customer information DLP for financial account numbers
SOX 404 IT controls for data protection Audit logging of DLP events
FFIEC Guidelines Data classification Label-based access control

Governance Tier DLP Configuration

Tier DLP Mode SIT Blocking Label Enforcement Alert Response
Tier 1 Audit Only Log only Optional Weekly review
Tier 2 Warn User notification Recommended Daily review
Tier 3 Block Real-time blocking Mandatory Immediate escalation

FSI-Specific Sensitive Information Types

SIT FSI Use Case DLP Action
U.S. SSN Customer identification Tier 3: Block; Tier 2: Warn + log
ABA Routing Number Bank routing Tier 3: Block; Tier 2: Warn + log
Credit Card Number Payment data (PCI) Tier 3: Block; Tier 2: Warn + log
U.S. Bank Account Number Account data Tier 3: Block; Tier 2: Warn + log
Custom: Internal Account Identifier Internal account format Tier 3: Block; Tier 2: Warn + log

FSI Example: Trading Desk Agent Protection

Agent: Trading-Desk-Assistant (Enterprise Managed)
Classification: Critical - Trading Data Exposure Risk
DLP Requirements:
  - Block all credit card numbers
  - Block SSNs and account numbers
  - Block content labeled "Highly Confidential"
  - Warn on "Confidential" content access
  - Real-time alerts to compliance team
  - Audit all data access requests

Policy Configuration:
  Mode: Block (Enforce)
  Locations: M365 Copilot, Copilot Studio
  Conditions:
    - Any of: SSN, Credit Card, ABA, Account Number
    - OR: Label = Highly Confidential
  Actions:
    - Block access
    - Notify: compliance@contoso.com
    - Create incident
    - Log to audit

Regulatory Context

Primary Regulations: FINRA 4511, SEC Reg S-P, GLBA 501(b), SOX 404

Regulation DLP Support
FINRA 4511 Protect customer records from AI exposure
SEC Reg S-P Privacy protection in AI systems
GLBA 501(b) Safeguard customer information
SOX 404 IT controls for data protection

Examination Considerations

Regulators may request:

  • DLP policy configuration documentation
  • Evidence of AI-specific protections
  • Oversharing assessment results
  • DLP violation reports and remediation
  • Sensitivity label deployment evidence

Zone-Specific Configuration

Zone 1 (Personal Productivity):

  • Apply a baseline minimum of DLP policies and sensitivity labels that impacts tenant-wide safety (where applicable), and document any exceptions for personal agents.
  • Avoid expanding scope beyond the user’s own data unless explicitly justified.
  • Rationale: reduces risk from personal use while keeping friction low; legal/compliance can tighten later.

Zone 2 (Team Collaboration):

  • Apply DLP to AI locations (Copilot/M365, Copilot Studio) and label-conditioned rules for shared agents and shared data sources; require an identified owner and an approval trail.
  • Validate configuration in a pilot environment before broader rollout; retain policy export + test prompts/results.
  • Rationale: shared agents increase blast radius; controls must be consistently applied and provable.

Zone 3 (Enterprise Managed):

  • Require the strictest configuration for DLP policies and sensitivity labels and enforce it via policy where possible (not manual-only).
  • Treat changes as controlled (change ticket + documented testing); retain policy export + test prompts/results.
  • Rationale: enterprise agents handle the most sensitive content and are the highest audit/regulatory risk.

Verification & Testing

Step Action Expected Result
1 Navigate to Purview → DLP → Policies Policies listed
2 Verify AI locations selected Copilot/Copilot Studio included
3 Confirm SIT readiness (Control 1.13) SITs exist and match sanitized test data
4 Create sanitized test content + apply labels Files/messages prepared; labels applied
5 Run AI test prompts and agent scenarios Blocked/warned/audited per tier
6 (Optional) Run Endpoint DLP tests Endpoint actions enforce as configured
7 Check DSPM for AI → Policies AI-related DLP policies visible (if DSPM enabled)
8 Check audit logs / incident reports DLP events and reports captured

Test cases (Copilot/agent; U.S.-only)

Use non-production, sanitized data. Do not use real customer data.

Test ID Scenario Input Expected
AI-01 Prompt includes SSN Prompt text includes an SSN-formatted value Tier 2: user warning + log; Tier 3: block + incident report
AI-02 Prompt includes ABA routing Prompt includes a routing-formatted value Same as AI-01
AI-03 Retrieval from labeled content Agent grounds on a SharePoint file labeled Highly Confidential Block (per label-based rule); event logged
AI-04 Retrieval from Confidential content Agent grounds on Confidential content Warn or allow-with-audit (per policy); event logged
AI-05 Attempted sensitive output Ask agent to summarize a document containing U.S. bank account numbers Output blocked/redacted as configured; event logged

Test cases (Endpoint DLP; optional)

Run only if Devices/Endpoint DLP is in scope.

Test ID Scenario Action Expected
EP-01 Copy/paste exfiltration Copy text containing SSN and paste into an AI prompt in a browser Block or warn per endpoint rule; event logged
EP-02 File exfiltration Attempt to upload a Highly Confidential labeled file to an AI web experience Block or warn per endpoint rule; event logged
EP-03 Removable media Copy a file containing U.S. bank account numbers to USB Block or warn per endpoint rule; event logged

Evidence to retain (audit-ready)

  • [ ] DLP policy export (policy + rules) and a change record (ticket or approval)
  • [ ] Screenshot evidence showing AI locations selected and rule conditions (SIT/label)
  • [ ] SIT validation evidence (sanitized test data + outcomes) per Control 1.13
  • [ ] Label taxonomy decision + label publication configuration (who the labels are published to)
  • [ ] Test execution log: test ID, timestamp, account used, expected vs actual outcome
  • [ ] Incident report samples (if enabled) and notification configuration
  • [ ] Unified audit log evidence for representative DLP events (export/query output)
  • [ ] DSPM for AI policy visibility and oversharing assessment outputs (if DSPM is enabled)

Troubleshooting & Validation

Issue: DLP Policy Not Detecting Sensitive Content

Symptoms: Sensitive data flows through AI without triggering DLP alerts

Solutions:

  1. Verify policy is in "Enable" mode (not "Test" mode)
  2. Confirm policy locations include the intended AI locations (Microsoft 365 Copilot / Copilot Studio)
  3. Confirm SIT readiness and scope (see Control 1.13):
    • The SIT exists and is enabled
    • The SIT pattern actually matches your test data
    • Minimum count/confidence thresholds are not too strict
  4. Confirm you are testing a supported content path:
    • For label-based rules, confirm the label is applied to the item (file/message), not only a container
    • For endpoint tests, confirm Devices/Endpoint DLP is enabled and targeted to the test device
  5. Allow for propagation time before re-testing (often hours; in some cases longer)

Issue: False negatives in AI prompts/responses

Symptoms: Some prompts/responses containing sensitive patterns are not detected.

Solutions:

  1. Reduce reliance on a single pattern: add supporting keywords or additional SITs where appropriate
  2. Validate formatting variations (spaces/hyphens/prefixes) in SIT patterns per Control 1.13
  3. Review rule logic (AND/OR) and priority; ensure an allow rule is not bypassing detection
  4. Confirm the AI location is included (a rule scoped to a different workload will not trigger)

Issue: Too Many False Positive DLP Alerts

Symptoms: Legitimate business content triggers DLP blocks

Solutions:

  1. Review SIT confidence levels and minimum count; increase thresholds where justified
  2. Add corroborating context (supporting keywords) to custom SITs and tighten regex patterns (Control 1.13)
  3. Add scoped exceptions only when you can justify and evidence them (specific locations, groups, or workflows)
  4. Prefer "Warn" + audit for ambiguous detections; reserve "Block" for high-confidence or labeled High impact content
  5. Re-run the test suite after tuning and retain evidence of the before/after results

Issue: Sensitivity Labels Not Enforcing in AI

Symptoms: Content with "Highly Confidential" label still accessible to agents

Solutions:

  1. Verify DLP rule includes label-based conditions
  2. Check label is correctly applied to content (not just container)
  3. Confirm label policy is published to affected users
  4. Verify DSPM for AI integration is enabled
  5. Check if agent service account is in label scope

Issue: DSPM Oversharing Assessment Shows No Results

Symptoms: Assessment completes but shows zero overshared items

Solutions:

  1. Verify data sources are correctly specified
  2. Check that content has sensitivity labels applied
  3. Confirm assessment scope includes the correct sites
  4. Wait for assessment processing (can take 24-48 hours)
  5. Verify permissions to access assessment results

Issue: DLP Blocking Legitimate Agent Operations

Symptoms: Agent cannot access required data due to DLP blocks

Solutions:

  1. Review incident details to understand what triggered block
  2. Create exception for agent service account if appropriate
  3. Adjust SIT minimum count thresholds
  4. Use contextual conditions to allow specific scenarios
  5. Consider separate policy for agent service accounts

Additional Resources

Control Relationship
Control 1.6: DSPM for AI AI monitoring and assessment
Control 1.13: Sensitive Information Types SIT configuration
Control 1.3: SharePoint Content Governance Knowledge source protection
Control 4.1: SharePoint IAG Content discovery

Support & Questions

For implementation support or questions about this control, contact:

  • Microsoft Purview Administrator: DLP policy configuration
  • Information Protection Team: Sensitivity label design
  • Compliance Officer: Regulatory requirements and evidence
  • AI Governance Lead: Agent data protection strategy

Updated: Dec 2025
Version: v1.0 Beta (Dec 2025)
UI Verification Status: ❌ Needs verification