💡 Our Technical Review in summary
Summary
- Microsoft is introducing the Data Security Posture Agent, a new AI-powered tool within Microsoft Purview designed to proactively discover sensitive data and assess organizational risk.
- Unlike traditional discovery tools that rely on keyword matching, this agent utilizes Large Language Models (LLMs) to understand the context, intent, and purpose of content across documents, emails, and messages.
- Key features include GenAI-generated summaries of data risks, LLM-assisted task completion, and actionable security recommendations.
- The Public Preview is scheduled to begin rollout in mid-December 2025, with General Availability (GA) expected in March 2026.
Impact
- Enhanced Discovery: Security and compliance admins can identify sensitive information with higher accuracy by leveraging natural language processing instead of rigid keyword queries.
- Administrative Efficiency: The agent provides summaries and step-by-step assistance for security tasks, reducing the time required to interpret complex data estates.
- Operational Control: The feature is not enabled by default. It requires manual setup by an administrator, ensuring no immediate changes to existing workflows without oversight.
- Privacy & Processing: The agent will analyze organizational data (emails, files, and messages) to identify risks, which may require a review of internal data processing and AI governance policies.
Action Required
- Assign Permissions: Ensure that relevant security and compliance staff are assigned the necessary admin roles within Microsoft Purview to access the “Explore Agent” tab.
- Configuration: Once the rollout reaches your tenant, navigate to Microsoft Purview > Explore Agent to set up and initialize the Data Security Posture Agent.
- Policy Review: Update internal data security and AI usage policies to reflect the use of LLM-powered agents for data discovery and risk assessment.
- Internal Training: Brief your security operations and compliance teams on how to interpret GenAI-generated summaries and act on the agent’s recommendations.
- Documentation: Monitor the official Microsoft Learn documentation for the “Security Copilot Agents in Microsoft Purview” for technical updates prior to the mid-December rollout.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
[Introduction]
We’re introducing the Data Security Posture Agent, available in public preview December 24, 2025. This agent helps data security admins proactively discover sensitive data across your organization’s data estate and assess associated risks. By leveraging large language models (LLMs), it goes beyond traditional keyword-based analysis to understand the purpose and context of content, enabling more accurate risk identification and actionable insights.
This message is associated with Roadmap ID 542188.
[When this will happen:]
- Public Preview (Worldwide): Rollout begins mid-December 2025 and completes by late December 2026.
- General Availability (Worldwide): Rollout begins mid-March 2026 and completes by late March 2026.
[How this affects your organization:]
Who is affected: Admins managing data security and compliance in Microsoft Purview.
What will happen:
- A new Data Security Posture Agent will be available in Microsoft Purview under the Explore Agent tab.
- The agent uses LLM-powered natural language discovery to:
- Search documents, emails, and messages for sensitive data.
- Assess risks based on context and intent, not just keywords.
- Provides:
- GenAI-generated summaries.
- LLM-assisted job completion tasks.
- Actionable recommendations to improve security posture.
- Default setting: The feature requires admin setup; it is not enabled automatically.
[What you can do to prepare:]
- Set up the agent in Microsoft Purview > Explore Agent using the required admin roles.
- Review your organization’s data security policies and ensure admins have appropriate permissions.
- Communicate this change to your security and compliance teams.
Learn more:
- Security Copilot Agents in Microsoft Purview overview (preview) | Microsoft Learn (will be updated before rollout)
[Compliance considerations:]
| Question | Explanation |
|---|---|
| Does the change alter how existing customer data is processed, stored, or accessed? | The agent analyzes documents, emails, and messages to identify sensitive data and assess risk. |
| Does the change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data? | Introduces LLM-powered discovery and risk assessment. |
| Does the change provide end users any new way of interacting with generative AI? | Admins receive GenAI-generated summaries and LLM-assisted tasks. |
| Does the change include an admin control and can it be controlled through Entra ID group membership? | Setup requires admin roles in Microsoft Purview. |
