All Episodes

September 25, 2025 36 mins
Welcome back to another episode of the Microsoft Cloud IT Pro Podcast! In this episode, we dive deep into one of Microsoft Purview's AI monitoring and protection capabilities: Data Security Posture Management (DSPM) for AI - your secret weapon for monitoring and securing AI usage across your organization. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Learn about Data Security Posture Management Learn about Data Security Posture Management (DSPM) for AI Governing AI Shadow IT with the Microsoft Purview Browser Extension Get started with the Microsoft Purview extension for Chrome Considerations for DSPM for AI to manage data security and compliance protections for AI interactions Learn about Microsoft Purview billing models List of AI sites supported by Microsoft Purview Data Security Posture Management for AI About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
Mark as Played
Transcript

Episode Transcript

Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:03):
Welcome to episode 411
of the Microsoft Cloud IT Pro podcast recorded
live on 09/24/2025.
This is a show about Microsoft three sixty
five and Azure from the perspective of IT
pros and end users, where we discuss a
topic or recent news and how it relates
to you. In this episode, we circle back

(00:23):
to our conversation around preparing for Microsoft three
sixty five Copilot
and, frankly, all AI in a conversation about
data security posture management. We discuss what's available
to you within DSPM for AI and Microsoft
Purview, what you need to do in order
to get started with it, and how you
can leverage this tool within your company to

(00:44):
keep your sensitive data in Microsoft three sixty
five safe and secure from AI.
Let's dive in.
Scott, it feels like forever since we've talked.
I think this might be the longest we've
gone in a while without talking.
Well, that's because you went to a conference,
and

(01:05):
you let Jay and Joy take over the
podcast Saturday. That was a mistake. That's fine.
Nah. It was all good. Oh. Don't you
go back and listen to that one if
they haven't? Joy and Jay take over and
talk change management, episode
four ten Four ten. Of the Microsoft Cloud
IT Pro podcast. Yes. That was a good
one. We need to get you back to
a conference,

(01:26):
Scott. I was at a conference last week.
I was just at a different conference. Which
conference were you at? I was at the
storage developer conference
out in Santa Clara, California. Oh, how are
storage developers these days?
They keep on developing things. I had a
talk on retrieval augmented generation and object storage.

(01:46):
So where does object storage fit into
the
kinda AI pipeline when you think about an
end to end spectrum
of AI training all the way through to
AI inference
and actively, like, serving
these workloads and LLMs and things like that
are on it. But my talk was a

(02:07):
little bit kind of about, like, the three
quarters of the way through the AI pipeline
with fine tuning and retrieval augmented generation. Got
it. Interesting. I was gonna say, because you
probably need storage, like, at every step of
the pipeline. I mean, AI kinda depends on
data a little bit, which kinda depends on
storage.
Yeah. If you're training a foundational model, you

(02:28):
require petabytes and petabytes or exabytes of storage.
If you're just doing fine tuning,
you might be in the petabyte range, or
you could be smaller. You could be down
in the terabyte range and taking a very
specific dataset to
teach a model the new set of skills
along the way. But it turns out that
object storage platforms

(02:50):
are super important
when it comes to retrieval augmented generation as
well, because you've got this thing where you
have to effectively
kinda rather than teaching new skills like you
would fine tuning, you have to teach new
facts. Like, hey. Here's something that is going
to augment your knowledge. So if you think
about, like, Copilot notebook, for example. So we've

(03:10):
talked about those in the past. So you
could go into a Copilot notebook, and you
can put whatever it is, ten, twenty documents
in there. When you put those documents into
the notebook,
Copilot
and the underlying
LOM that's serving the response back to you,
they're not actually reading that document, like, as
a document. Like, they don't open up a
Word document or a PDF and read it
page by page. They have to go ahead

(03:33):
and
generate embeddings. So effectively, they take that PDF
for that Word document, and they turn it
into a bunch of chunks, so and or
embeddings. Those embeddings go to a vector database
and
vectorize,
which means then you need a
a vector search mechanism that can augment the
LLM response. But object storage is kind of

(03:54):
important, or if you think about, like, putting
a new document into a Copilot notebook, something
like that Yep. Because it's gotta be chunked,
and it has to be generated, and embeddings
need to be generated, and those embeddings need
to be pushed over to a vector database.
Well, that means anytime I upload a new
document, if I put a new document or
I take a document out of my Copilot
notebook, anything like that, you actually need to

(04:15):
kinda kick off back end process for data
freshness. So having things like at least in
our platform on the Azure storage side or
the object storage side, we have things like
change feed, which can
be leveraged by these systems to kinda give
them a proactive notification and say, hey. There's
a new object here. Go and run whatever
you need to run on top of this.

(04:35):
For example, maybe you integrate Azure AI search
into your workflow, so you pump a bunch
of documents into a storage account. AI search
can actually respond to the change feed notifications
that are coming out, and it can automatically
do the
chunking, embedding, and store those embeddings in the
vector database

(04:56):
just based on the virtue of having the
ability to notify in, like, a durable ordered
list with something like a change feed along
the way. It's kinda super interesting because I
don't think folks really think about the back
end of these things too much. Right? If
you're playing with a Copilot notebook and you're
putting documents in there, it's all just kinda
like magic
that all of a sudden it can reason

(05:17):
over my document in really near real time.
It doesn't it doesn't take too long to
generate those embeddings, especially with smaller documents and
smaller datasets, which is what most people are
using in things like Copilot notebooks today. But
there's a lot of moving pieces on the
back end to get that all going and
get it to where it needs to be.

(05:39):
Yeah. So anyway, I had a session on
that. That'll be up on YouTube. I'll I
can share it in a couple of months
once once those come out for public consumption.
And then I also spent a couple days
at a a plug fest.
So SNIA
and the broader
storage developer conference, they organize effectively these hackathons
that bring a bunch of vendors together under

(06:01):
NDAs so that we can go and do
interop testing with each other and
kinda do debugging in real time.
So there's a bunch of those plug fests
that's needed hosts. They host one for Swordfish.
They host one
for SMB for, like, vendors to test their
SMB implementations
that might live outside of Windows or things

(06:23):
like that. And then the one that I
did was an object storage plug fest. So
we have focused on, like, restful API surfaces
for object storage vendors of which Microsoft is
one
with Azure storage, and then you've got s
three protocols, which are kind of the elephant
to the room as s three is not
only an s three, but, you know, Google

(06:43):
supports s three as a protocol. And they're
a cloud object storage platform, Alibaba,
Backblaze, and then a whole ton of on
prem vendors, IBM Cloud Object Storage,
Oracle,
both their on prem offering,
OCI as well, and their cloud infrastructure offers
an s three protocol. So spent a couple
days kinda hacking away at that and

(07:04):
then seeing if we can get some of
our products
that we have that talk to s three.
Like, while Azure Storage does not have a
native s three service, we definitely have products
that talk s three, especially
for data management, data movement scenarios.
So things like like AZCopy,
StorageMover,
you pick up one of our SDKs,
we absolutely allow you, and we've got some

(07:26):
great enabling APIs to help you move your
data from S3 over to us. Got it.
Very cool. Well, hopefully we'll get you at
a, at another conference yet this year, Scott,
because we have Ignite coming up
in November, November.
So hopefully doing podcast stuff there again.
I actually have a couple I have one
before that too. I'm going down to Orlando

(07:47):
too. It was dev intersections,
and now they're also doing, like, co locating
dev intersections with cybersecurity intersection
and the Next Gen AI conference. So I
have a couple talks,
presentations Oh, nice. At cybersecurity intersections. And then
I'm actually doing a couple more, two in
December in Dallas at Workplace Ninjas.

(08:08):
So Cool. I've got two more coming up.
Well, three more coming up, hopefully Ignite, and
hopefully we can get you out to Ignite
too. Yeah. We'll see. Pump it out on
the socials. You can always find Ben on
LinkedIn. You can find the podcast on LinkedIn.
Can you find me on LinkedIn as well?
Yeah. I think it's becoming one of our
preferred communication method
mechanisms for the podcast here. I would say
LinkedIn is absolutely becoming

(08:30):
the preferred one.
All of the other ones. This is not
just a any social media. Like, all of
the other ones I have had to turn
into looking at them all as just pure
entertainment.
There is nothing of the state of the
world. Yeah. Not much of value that I
have found on many of the other social
platforms. So LinkedIn is absolutely becoming
that preferred social media for

(08:52):
the podcast,
although we are still on all the other
ones. But speaking of AI and storage and
data, we should probably dive into
this is like the second part of episode
four zero nine
when we started talking about preparing for Copilot
in Microsoft March,
getting ready for it. And we didn't quite

(09:14):
get to kind of the last
point that I covered in the presentation I
gave
wherever I was for that one, Branson, Missouri
around
kind of diving into one of the, I
would say, very quickly growing product in purview
or a
solution technically in Purview or doing a lot
of the management, controlling,

(09:36):
monitoring,
copilot,
and really other AI usages is the data
security
posture management or d
DSPM for AI
that exists in Purview. We should kind of
talk through this one. It was a little
bit of an interesting new area for me.

(09:56):
Yeah. So if you haven't looked at it,
I definitely recommend if you're doing anything with
Copilot or really anything at all and you
care about your dating, keeping it safe from
AI, because there's aspects of this that don't
apply to just Copilot. You should go check
this out. So it's in Purview. And once
you go into
Purview,
you'll just start on, like, a general

(10:18):
overview,
typical to a lot of the different admin
centers that gives you some things to get
started with. So there's kind of four
big aspects
to this whole data security posture management for
AI that you need to enable that are
required to really get going in terms of
monitoring
your data, because this is all about discovering

(10:41):
what are people doing, securing AI activity.
So in order to
secure it, discover it, know what people are
doing, you you kinda have to be able
to look at the data. So there's Turns
out. Yeah. So there's a whole just first,
just activate Microsoft Purview audit. This is really
just that audit log that we've had for
years. That's both security center compliance center. It

(11:03):
used to be the unified auto log. Now
it's just audit, but then there's also in,
I don't even remember when this came out.
I don't remember ever talking about it, seeing
it in the news. There's a Purview
browser extension
that you can deploy now, and it really
doesn't
I would say it doesn't do much. There's
nothing really for end users to interact with.

(11:24):
It's one of those that you can install
and just kinda keep it hidden in the
background.
There's no reason to show it in your
task bar, but it is really just watching
browser activity. Install it there so it can
see what are you doing within your edge
browser. I think there's I think the extension
also exists for Chrome. And if I remember
right, the edge one may actually just be

(11:44):
in the Chrome store. I have it for
Firefox too. So edge Chrome, Firefox
to really just help watch signals of what
are people doing in the browser with data.
Again, this kind of ties into, are people
going to other AI sites, going to chat
GPT, going to claw, going to some of
those.
So that's the next step. Just get that

(12:05):
browser extension deployed.
There's guides on, you can go do this
with Intune,
whatever solutions you kind of use to manage
end user devices, leverage those to deploy Purview.
And then after that, or along with that,
is also onboarding devices to Purview. So this
is one too that I've actually seen some
people

(12:25):
miss Scott is that
just because you've onboarded the device into
Intune
or into other,
enrolled it and enter ID joined it to
enter ID. There's a whole nother aspect of
actually onboarding devices
into Purview as well. So you can have
a device in Intune, have a device in
Entra, and not have it

(12:47):
onboarded into Purview. Yeah. I wonder
can we take a step back? So Yeah.
I'm I'm just kinda, like, watching your screen
as it's up. So when you go look
at Microsoft documentation and you say, hey,
these two folks are talking about data security
posture managements, and maybe you just go Google
for that or Bing or DuckDuckGo or you
search for TPSM,

(13:08):
you're going to end up
in one section
of the Purview
documentation.
So you're gonna end up in a section
around
data security solutions.
But as you've got the portal up, and
if you kinda keep, like, Google being DuckDuckGo
search engine of choice,
you end up on

(13:30):
a different page, which is DPSM
for AI,
and then starts talking about the specific considerations
for that, onboarding to the additional set of
capabilities,
the co pilots,
and things that come with that. So can
you help me, like, disambiguate the two? DPSM,
DPSM for AI? AI. So DSPM,

(13:53):
this is one I haven't done a lot
with yet. I actually click over to data.
I don't know that I have
full access into it. I do have some
of it in mind. Where I would say
DSPM
is just really overall
data security. Right? You're gonna go in and
look at and if you go into the
portal and look at it, it's risky user

(14:14):
investigation.
Are users doing performing risky behaviors with their
data? Or
where is that sensitive data? So this ties
a little bit more into what I would
say of information protection or even
a little bit maybe it's not even information
protection, it's a little bit higher. So you
just have, like, what is my overall

(14:37):
posture when it comes to keeping my data
safe? It could include some of the information
protection. It could include insider risk management.
It could include, like, one of the other
related solutions that shows up in Purview is
data security investigations.
It's broader, I would say, is how you
look at data security posture management. The DSPM
for AI really

(14:57):
drills into
then taking that data security posture management. How
am I securing my data? Now let's look
at it just through the lens of how
am I securing it when it comes to
interacting with AI. So that's things like your
co pilots, maybe your agents that are out
there, like your declarative agents, knowledge agents, and

(15:18):
Yep. The co pilot portal or teams.
It's basically like a superset of capabilities or
a double click to go and monitor
AI workloads specifically?
Yeah. That's exactly it and guidance around it.
Like, even if you go into the data
security posture management portal in Purview, not the
AI one, Really, it just talks about, like,

(15:40):
there's some stuff here around risky user investigation,
sensitive data, but it's really just an overview.
You've got some reports around users performing
risk related activities
on unprotected sensitive assets. So I'm going into
SharePoint files where
I have
credit card numbers, I have PII,
I have

(16:00):
IP addresses, I have connection strings,
and there's people interacting with that sensitive data
in some way. It doesn't necessarily have to
be AI.
It could be creating a sharing link to
it. It could be emailing it to external
users, some of that information protection type stuff.
And it just kind of gives you an
overview and some reports there, a few recommendations,

(16:22):
but there's, I would say, DSPM, there's really
not much there. It's more of a reporting
and a little bit more monitoring. It's not
it doesn't have many features in it, quite
honestly. This is where, like when you mentioned
the monitoring and some of those things, so
this is the other areas, like, I think
it's hard. If you don't find specifically the
DPSM for AI section in the docs and

(16:42):
you just end up on DSPM,
you're gonna get, like, two different sets of
guidance for onboarding Yep. Or, like, how far
you
should go and what you should turn on.
So some of those things that you mentioned,
like, if you're
trying to specifically monitor
AI usage within your organization,
and maybe that includes things like third party

(17:03):
gen AI sites, that could be OpenAI,
Claude, Perplexity,
things like that, Google, Gemini, things like that
that are out there, then you do have
to make sure that your devices are onboarded
to Purview. So you gotta go through, like,
that whole flow. You might need DLP
in place. That browser extension becomes super important
Yep. To put out there and make sure

(17:25):
that's all good. The auditing piece, like, yeah,
you gotta go turn all of that stuff
on. And then there's always that pesky, like,
little licensing consideration.
So it looks like for some reason for,
like, Copilot in fabric or the security Copilot,
then you need the enterprise version of Microsoft
Purview data governance, which then lights up a

(17:46):
new set of APIs and a new set
of capabilities
behind it. So there's definitely, like, a lot
of reading with this one, I think, just
to figure out how it composes.
And then what are you gonna go turn
on? And then like you said, because it's
primarily a reporting thing. And to a certain
degree, like, remediation. Right? You're gonna use these
reports to drive new behaviors in your organization,

(18:07):
things like that. But you kinda have to
decide
what you wanna report on out there. Like,
if you wanna report on usage of cloud
in your organization, then you've gotta go down,
like, this, like, wild path of kinda turning
everything on. Yes. And you'll find and we
can talk about some of this too. There
is even some functionality in here that is
pay as you go, where you end up

(18:28):
having to go in and connect your Purview
instance to an Azure subscription
or some of the pay as you go
functionality as well. I did see that. So
there's this little note, Riley, here, like a
little bullet that says, hey. For AI apps
other than Copilot and Facilitator, you have to
set up pay as you go billing for
your organization.

(18:48):
And they do guide you into
kinda, like, where in the UI
to turn it on and things. But it's
a little weird because Purview has multiple billing
models. It's got the per user billing model,
and then you're blending the PAYGo model on
top of it. It's not like one or
the other.
You've gotta get out there and kinda figure
out what he uses

(19:11):
what. Yeah.
Yeah. And you might be there already. Like,
that's the other thing I think that I
noticed that I saw was
remembering, like, my days of Purview. Like, we
we already had customers who were doing things
like monitoring AWS usage,
And we were going out and deploying the
proxies
and the monitoring solutions and things like that.

(19:31):
Those are all out there. Like, if so
if you already have, say, like, AWS monitoring
in place, you're probably a PayGo customer already,
and you've probably already configured the PayGo PayGo
billing. It was a little surprising to me
to see, like, Azure services fall into the
PayGo thing as well. I can understand why,
like, Amazon or Dropbox, Google, things like that,
but there's stuff like Microsoft Fabric that requires

(19:53):
PayGo,
monitoring
Azure Data Lake Storage or Azure SQL
data sources, that all requires PAYGo. It was
kind of a a interesting list to look
at. I'll make sure to put a look
at the the billing docs and the billing
considerations
in the show notes. Yeah.

(20:13):
Do you feel overwhelmed by trying to manage
your Office three sixty five environment? Are you
facing unexpected issues that disrupt your company's productivity?
Intelligink is here to help. Much like you
take your car to the mechanic that has
specialized knowledge on how to best keep your
car running, Intelligink helps you with your Microsoft
cloud environment because that's their expertise.
Intelligent keeps up with the latest updates in

(20:35):
the Microsoft cloud to help keep your business
running smoothly and ahead of the curve. Whether
you are a small organization with just a
few users up to an organization of several
thousand employees,
They want to partner with you to implement
and administer your Microsoft cloud technology.
Visit them at inteligync.com/podcast.
That's intelligink.com/podcast

(21:02):
for more information or to schedule a thirty
minute call to get started with them today.
Remember, Intelligink focuses on the Microsoft cloud so
you can focus on your business.
The one thing I would say when I
started doing this, they do make it fairly
straightforward
to get going. So what I did, like,
I went through that overview,

(21:23):
turned on those those four required things, the
auditing, the onboarding devices,
extending insights
was one of them, and then the browser
extension. But even some of these, like when
you click on, okay, we need to discover
sensitive information,
a lot of
what DSPM is
policy driven off of other areas

(21:46):
within Purview. So when you click to start
extending your insights for data discovery, what it
gives you is
what the three policies are. And I already
have them turned on in mind, but if
they're not turned on, it's like this is
the PayGo policy or this is
free depending on those interactions
in just a one click button to deploy

(22:07):
it. And then once you deploy it, you
can always go in and look at policy
details.
So
for extending that data discovery, like, again, the
first part of this is what are people
doing is like, are people putting sensitive information
in AI prompts in Edge or in your
browser? And
this policy
is actually a data loss prevention policy

(22:30):
that sits in the collection policies
in DLP. So when you click it, it's
just going out and creating this. And when
you would go into data loss prevention and
your collection policies,
you'll see all those DSPM policies that you've
created, and you can go in and look
at what those policies are doing. You can
tweak them, turn them on or off.

(22:52):
So while it is like a one click,
just deploy it, I would also say go
in and look at some of these policies
because it might also
highlight some additional functionality that's available
within these different platforms that is I would
say they've almost kind of snuck in there.
Like these collections I mean, you're paying for
it. Right. It's it's out there. And these

(23:12):
collection policies, some of the newer ones that
are out here now are like network and
browser based. So this one was sensitive information
shared in the browser, but now it's also
detecting sensitive information
shared via AI over
the network.
So not only just what am I doing
in the browser, but watching my
browsers, my applications,

(23:33):
API calls, add ins,
watching my different network traffic
from my devices
for sensitive information going to other
AI sites. You brought up licensing. It does
require the
A little bit. Global secure access, the secure
edge
licensing as well. So you will start running

(23:54):
into,
Hey, now I want to start capturing just
network data. Guess what? You need some solution
to actually capture that network data. So you
have some policies there just around data collection,
but then this is where you also have
a bunch of policies if you go into
recommendations
after you start doing data collection,
and you can go in and start creating

(24:16):
different policies
around
then detecting that risk information.
If you're using ChatGPT
Enterprise,
there's built in policies here for
discovering and governing interactions with ChatGPT
Enterprise,
using Copilot and agents to improve your data
security,
and

(24:36):
a lot of different
functionality
around creating these different policies to prevent,
monitor, alert
on where's my sensitive information going when it
relates, again, specifically to AI in this particular
solution. Yeah. Yeah. We should probably spend the
last couple of minutes here and kinda talk
about

(24:56):
once you've got the insights, what do you
do with them? Yeah. So say you're out
there. You've got,
like you said, your DLP in place.
You've got this solution that's doing this monitoring
for you. And then what are you gonna
do with the information?
And how do you leverage those rest of
the tools for remediation?
You know, I I think about, like, that

(25:18):
proxy that gets deployed, like you said, like,
the global secure access thing. Well, you can
block stuff through that. Yep. You wanna take
this report and maybe go turn those kinds
of things on. And I think the biggest
one here when I start talking to clients
and working on it is once you have
the detection to your point, what are you
gonna do about it, is going in and
building out those data loss prevention policies.

(25:39):
One of them that
kind of comes out of this, you don't
need the SPM to do it, but it
walks you through getting everything in place for
it, is just protecting sensitive information
in your own environment from Copilot. And this
is an example I give to clients is
up until
deploying this with DLP,
the only option to, like, prevent

(26:01):
data from going into
Copilot was to disable the index,
which doesn't impact just Copilot, but also index
impacts your search index, or it's to remove
permissions to it. There may be things, Scott,
like,
I need to get to all of the
data in my tenant. I need to work
with that. I need to work with, I
have w nines out there. If I have

(26:21):
bank statements out there, like,
this is my data. There is going to
be sensitive information out there that I'm gonna
need access to, and that I may wanna
search, but I may not want Copilot
necessarily processing that returning it. So, by going
in and starting to apply sensitivity labels to
it and then using this protect sensitive information
from Copilot,
I still have

(26:54):
Yeah. I Yeah. I think over time, that
granularity is gonna continue to change, like because
you're gonna have subsets of people who might
need to work on things, and they might
need Gen AI and Copilot for them. And
then you might have people who don't.
So you're back to kind of just the
regular,
hey, let me make sure this stuff is
secure. But it's also funny, I think, how

(27:15):
things do
leak in Copilot
just because organizations
that largely haven't kept up, I think, with
having a big corpus of data that lives
in SharePoint. And they never really figured out
the whole security trimmed search thing, let alone
the security trimmed AI search thing and how
that comes together. Yeah. And then I would

(27:36):
say some of the other ones is like
going back to the other AI sites.
Once you're starting to capture it and depending
on your licenses and what you have turned
on, it's not just, yeah, I don't want
Copilot to process this, but you know what?
I can't,
I can't, don't want, however you wanna phrase
it, my users going in
and using sensitive information

(27:58):
in other sites. So some of these DLP
policies then that you can apply to devices
is auditing that sensitive data that is
shared to
other sites. And I'm pulling up what these
are, like uploaded over the network or one
of these policies. It's not this one that
I just pulled up is

(28:19):
looking specifically for people adding it to
BARD or to ChatGPT.
Because now that you are auditing it, you
can see people are pasting
PII or pasting social security numbers
into these other third party Gen AI sites.
And frankly, we just can't have that and
need to prevent that from even happening or

(28:41):
prevent it from even occurring. Yeah. I think
it's one of those rabbit holes. Yeah. You
start going down. I mean, DLP policies in
general
are their own rabbit hole. I do like
having kind of the enabler of the policies
are canned and kind of pre baked, and
then you can tweak them from there. But
there's a whole bunch, I think, to go
figure out. And then products like these are

(29:01):
so easy to just get caught in the
the charts and the reports. But I think
figuring out how you
actually
get it wired up in your environment
and get it to where it needs to
be, that's another story and another thing that
needs to be taken care of. Yeah. Then
the other thing I would say is just
the activities
explore in the last few minutes. If you,

(29:21):
you can see, Scott, even some of the
stuff that I've done is
AI interactions
start showing up now in your activity explorer
alongside
emails,
alongside
working with files in SharePoint, and it allows
you to start even monitoring and alerting on
what are users doing. So it will you
wanna get super big brother, Scott.

(29:43):
Like, your Microsoft three sixty five tenants, your
employers, they can spy on you all they
want to, and the ability is here. It
starts pulling in. I can go in and
look at any prompt that I've done in
Copilot, what that response was,
any additional responses to it, going and looking
through, again, just that audit log, having that
audit history of AI interaction, which, I mean,

(30:04):
I think this does become more and more
important as people are using AI for their
jobs, for generating
documents, for generating
emails.
Let's face it, we all do it. There
is going to start being instances
where there may be cases that arise that
you need to go figure out
where this certain employee misbehaved

(30:25):
with
AI. And having that audit log, that Activity
Explorer,
well, yes, it does feel big brotherish by
an employer. From a legal perspective, compliance perspective,
I think this is absolutely
necessary as well. So, yeah, all of that
gets built in there. And then there's some
data risk assessments. If you want to go
run some assessments

(30:45):
around
the amount of sensitive data,
links
that have gotten shared,
how many links have been created
in the
last
100 or the last 30 or so. There's
also some of that. It's similar to what's
like in the SharePoint,
the data access governance reports in SharePoint. Some
of these data risk assessments around

(31:07):
what types of links and sensitive data have
been shared
across my environment so that I can go
in and
respond,
maybe have user training because
it's highlighting some bad behaviors of employees.
But being able to run some of that
reporting and assessment around where are people sharing
data and how much sensitive data is out

(31:28):
there? Where are they sharing data more than
you think? How much is out there also
more than you think? A 100%.
The other interesting thing, Aaron, I wonder if
you've run into this just, like, with any
of your customers,
is
some of the Gen AI platforms don't actually
run their own things. So, like, if you're
a perplexity customer coming through a perplexity API,

(31:49):
then you're actually using an underlying model from,
like, an anthropic or OpenAI or something on
the back end. So there there's all these
weird little change. I I would also encourage
folks, like, if you are looking at this,
like and some of the stuff we talked
about, like, hey, this thing can monitor AI
sites. That's, like, a fixed list of sites
that come out. So so they'd is very

(32:11):
comprehensive.
Like, I I will say, like, if you
go through, like, the list of sites that
the it does cover, it's a lot. Like,
I hadn't even heard of, like, 90% of
them easy. But, you know, if there's something
out there where you're like, oh, this is
a new Gen AI tool
or AI products that my organization uses, it
might not be on the list. You gotta

(32:31):
go figure that stuff out too. Yes. Microsoft
does work to keep it updated, but, yeah,
I mean, you or I could go stand
up a site on Azure, give it some
random domain name tied into
some LLM on the back end, and all
of a sudden, there's a new Gen AI
site out there hosted by the podcast.
Is that what you wanna do? No. That
is not what I wanna do. But we

(32:51):
could. Enough, it does monitor.
So it does monitor for azure.microsoft.com
and specifically the OpenAI service product page. So,
like, the page that would tell you about,
not the learn docs and, how to use
it, but more like the marketing page with
the pricing and things like that on there.

(33:11):
So that's on the list, but, azure.com is
not. So like you said, you can go,
potentially spin these things up because you can
absolutely get into the portal. But it had
a lot of, like, I was kind of
impressed. I had like Devon, a lot of
the smaller stuff was baked into there as
well. Along with that, like, just like the,
I think the more like US centric

(33:32):
AI or European offerings, but also
stuff out of Asia Pacific and
China and things like that. So it had
broad coverage, but, you know, you gotta check
the list to make sure your thing is
there. Yep. Yeah. They've done a good job
with it. So I think that's kind of
the last aspect to it. And that's what
I talked about in that presentation is
not only do you need to go in

(33:54):
and
be, let's say, preventative
about where this data is going with some
of the cleaning up security, cleaning up permissions,
starting to get labels on your content, knowing
what content is out there, But then leveraging
something like DSPM where you can do some
of that deal those DLP policies, a lot
of this is just baked in to help

(34:14):
you kinda get there, I would say, quickly.
But then also that kinda ongoing monitoring, like,
going in and looking at the activity explorer
in here and some of the
reports in here to just see,
like, I've had 540
activities in the last thirty days with different
interactions with Copilot and agents.
Going and looking at my total visits to
other AI apps, you can see I do

(34:35):
tend
to favor Copilot, but like Notion and Perplexity
and Suno and some of those other AI
tools that I have used have been showing
up in here. So just being aware of
where are your users
potentially exposing your data to places they shouldn't
be. Yeah. I I think it's, it's an

(34:55):
important one.
Absolutely. But with that, are we supposed to
go back to work now? Is that what's
supposed to happen? We are we are supposed
to go back to work. Oh.
Alright. Go back to work. Before you go
back to work. This far. And you're still
listening.
Feel free to reach out. We have a
contact us page on the website. Let us
know what you'd like to hear about, what
topics are interesting to you. Give us a

(35:16):
ping on LinkedIn.
You can find Ben there. You can find
myself there. You can find the podcast there.
And let us know
what topics,
people, interviews, anything like that would be interesting
to you. Absolutely. We'd love to hear from
you. So
thanks. Alright. Thanks, Ben. As always, I appreciate
it. Definitely. And we'll talk to you later.

(35:38):
If you enjoyed the podcast, go leave us
a five star rating in iTunes. It helps
to get the word out so more IT
pros can learn about Office three sixty five
and Azure.
If you have any questions you want us
to address on the show, or feedback about
the show, feel free to reach out via
our website, Twitter, or Facebook.
Thanks again for listening, and have a great

(35:58):
day.
Advertise With Us

Popular Podcasts

Stuff You Should Know
Cardiac Cowboys

Cardiac Cowboys

The heart was always off-limits to surgeons. Cutting into it spelled instant death for the patient. That is, until a ragtag group of doctors scattered across the Midwest and Texas decided to throw out the rule book. Working in makeshift laboratories and home garages, using medical devices made from scavenged machine parts and beer tubes, these men and women invented the field of open heart surgery. Odds are, someone you know is alive because of them. So why has history left them behind? Presented by Chris Pine, CARDIAC COWBOYS tells the gripping true story behind the birth of heart surgery, and the young, Greatest Generation doctors who made it happen. For years, they competed and feuded, racing to be the first, the best, and the most prolific. Some appeared on the cover of Time Magazine, operated on kings and advised presidents. Others ended up disgraced, penniless, and convicted of felonies. Together, they ignited a revolution in medicine, and changed the world.

The Joe Rogan Experience

The Joe Rogan Experience

The official podcast of comedian Joe Rogan.

Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

© 2025 iHeartMedia, Inc.