Microsoft Redefines Data Security with the New Purview DSPM Experience

Have you noticed what’s really happening in your Microsoft 365 environment lately? It’s no longer just users handling your data. There’s a new “colleague” in the mix: AI agents. These agents don’t just access information; They analyze it, interact with it, and even generate new content from it at massive scale. As a result, the attack surface isn’t just growing… it’s accelerating.

But the solution isn’t to lock everything down. Admins need to secure sensitive data dynamically, protecting it from both humans and AI agents across Microsoft 365 and beyond. This is why Microsoft is enhancing Purview Data Security Posture Management (DSPM).

The new DSPM experience is smarter, stronger, and custom-built for the AI-powered era. It’s designed to ensure your data remains comprehensively safe, no matter where it travels or which agent touches it.

The newly enhanced Data Security Posture Management experience is an AI-powered, centralized solution that focuses on your organization’s key data security goals. It integrates data from external platforms outside Microsoft 365, extends risk assessments, delivers actionable insights, and brings in Security Copilot agents. This helps you strengthen protection across your environment and confidently adopt AI apps and agents.

The new DSPM experience helps you focus on the right data security objectives by clearly showing the key risks to address, the actions to take, and your progress over time. For example, if you aim to prevent sensitive data exfiltration, DSPM identifies how many sensitive files are at risk in your organization. It also points out files shared with personal or external services and guides you with actions such as Data Loss Prevention or Insider Risk Management policy creation.

With this, organizations no longer need to guess what insights mean or what to do next. They can simply select the data security objective they want to prioritize. DSPM then highlights the key metrics, associated risks, and recommended action plan, along with the expected impact of those actions.

Collaboration doesn’t end with Microsoft 365, and your sensitive data doesn’t either. It often extends into external cloud platforms. To give security teams full visibility, the new DSPM experience expands coverage through the Purview partner ecosystem. It brings in third-party signals from platforms Salesforce (provided by Varonis), Databricks (provided by BigID), Snowflake (provided by Cyera), and Google Cloud Platform (provided by OneTrust) via Microsoft Sentinel Data Lake.

You can evaluate external data asset details, including permissions, locations, and sensitive information types. This unified visibility helps eliminate blind spots across both Microsoft and external environments, while simplifying data security operations in one streamlined experience.

DSPM now includes advanced reports that deliver instant visibility into key metrics like sensitivity label coverage, DLP policy activity, and posture trends over time. With powerful filters and drilldowns, security teams can quickly pinpoint gaps in protection, monitor label and policy performance, and surface emerging risks. These insights make monitoring more efficient and support precise policy adjustments, helping teams move from reactive responses to proactive data-driven security.

Microsoft Purview DSPM now enhances Data Risk Assessments with item-level visibility and automated remediation. This includes remediation actions like bulk disabling overshared SharePoint links and directly activating protection policies. You can quickly fix sensitive data exposure by controlling sharing links and updating sensitivity labels—now with bulk manual labeling from search.

In addition to Microsoft 365, Microsoft Fabric assets can also be proactively protected using DLP policies and sensitivity labels.

With AI agents operating autonomously and accessing large volumes of sensitive data, the risks have grown beyond what traditional security can manage. To address this challenge, the new DSPM experience introduces AI Observability for Agents — a modern approach to AI governance.

DSPM now treats agents created in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry as first-class entities in your data security posture. It delivers a unified inventory of all AI agents in your environment, including third-party ones, and evaluates each agent’s insider risk level based on behavior, posture metrics, and activity trends. This deeper visibility and control help organizations confidently scale AI adoption while keeping sensitive data secure.

Finally, Microsoft is addressing AI-driven data risks by harnessing the power of AI itself. The new Data Security Posture Agent in DSPM uses large language models (LLM) to understand context, analyze selected files, and surface sensitive insights such as merger & acquisition details or Purchase Order numbers. You can view proactive insights and launch a Data Security Investigation directly from DSPM to analyze those data risks in detail. Then, you can apply labels, update policies, and take immediate action.

This leads to faster remediation, improved visibility into sensitive data, and a stronger compliance posture — all with less time and operational effort.

The worldwide public preview begins in early December 2025 and runs through early April 2026. The general availability rollout starts in early April 2026 and completes by early May 2026.

There are a few helpful things to know:

• The current DSPM (classic) and DSPM for AI (classic) experiences will remain available.
• The new DSPM experience will be added alongside your current capabilities without affecting your existing policies or configurations.
• No default policy changes will occur, and onboarding steps from classic experiences continue to apply.

With this update, Microsoft Purview’s new Data Security Posture Management takes a major leap forward in helping organizations secure data in an AI-powered world. I hope this blog gives you a clear overview of the new DSPM experience and how it will strengthen data security moving forward. Happy reading!