Author Archives: Jo SNAI

Podcast Episode: Microsoft Purview DSPM now includes a new data security agent to strengthen your data protection posture

Posted on by

Pip: When your data security posture needs managing, the last thing you want is to piece together risk signals manually — like assembling furniture with no instructions and half the screws missing.

Mara: Jo SNAI has a post on that exact problem — Microsoft Purview’s DSPM moving to general availability, and what the new Data Security Posture Agent actually changes for security and compliance teams. Let’s start with what that shift means in practice.

Microsoft Purview DSPM Reaches General Availability

Pip: The core question here is what changes when a security feature moves from preview to general availability — and whether GA status actually signals something meaningful for teams already managing data risk in Microsoft 365.

Mara: The post frames the value proposition directly: “Instead of piecing things together manually, you get clear insights, risk signals, and practical recommendations to help improve your overall data security posture.”

Pip: So the upshot is consolidation — one centralized view replacing a fragmented manual process, which for compliance teams managing large Microsoft 365 environments is genuinely significant.

Mara: The headline addition in this release is the Data Security Posture Agent, now fully available. It gives teams a centralized view of data risks, surfaces gaps in their security posture, and provides actionable recommendations with direct remediation steps — not just a dashboard to stare at.

Pip: The rollout window runs from late May through late June 2026, so depending on your organization’s Purview deployment timing, you may already have access or it’s arriving soon.

Mara: One detail worth flagging for teams nervous about migration headaches: the transition from preview is seamless. Existing configurations carry over intact — no policy reconfiguration required.

Pip: Which is a small but real thing. New capability with zero forced rework is not the default in enterprise security tooling.

Mara: The post identifies IT admins, security teams, and compliance professionals as the primary audience — essentially anyone responsible for data protection within Microsoft 365. And notably, no action is required to enable the feature. The recommendation is to explore the new DSPM capabilities, review how the Data Security Posture Agent fits your existing strategy, and brief your compliance teams on what’s now available.

Pip: GA status, seamless rollout, no manual toggle — the barrier to actually using this is now just knowing it exists.

Mara: Which is exactly the kind of update worth surfacing.

Pip: Visibility into data risk without rebuilding your configuration from scratch — that’s a reasonable ask, and apparently now a delivered one.

Mara: More on how these posture tools evolve in practice next time.

Microsoft Purview DSPM now includes a new data security agent to strengthen your data protection posture

Posted on by

Microsoft has officially moved Data Security Posture Management (DSPM) in Microsoft Purview from preview to general availability (GA) and that’s a big step forward for organizations looking to strengthen how they protect sensitive data.

At its core, DSPM helps you understand where your data risks really are, giving you better visibility across your Microsoft 365 environment. Instead of piecing things together manually, you get clear insights, risk signals, and practical recommendations to help improve your overall data security posture.

This release is part of Microsoft’s ongoing investment in enterprise-grade security and compliance tools, making it easier to protect data at scale without added complexity.

What’s New

One of the key additions in this GA release is the Data Security Posture Agent, now fully available.

With it, you can:

  • Get a centralized view of data risks across your environment
  • Identify potential gaps in your security posture
  • Access actionable recommendations to improve protection
  • Take direct steps to remediate risks

The transition from preview to GA is seamless—your existing configurations stay as they are, and there’s no need to reconfigure policies or settings.

Rollout Timeline
  • General Availability (Worldwide): Late May 2026 – Late June 2026

The feature will become available based on your organization’s Microsoft Purview deployment timing.

Who Should Pay Attention

This update is especially relevant for:

  • IT admins
  • Security teams
  • Compliance professionals

Basically anyone responsible for managing or protecting data within Microsoft 365 using Microsoft Purview.

What This Means for You

Good news, no action is required to enable this feature.

That said, it’s a great opportunity to take advantage of what DSPM offers. You might want to:

  • Explore the new DSPM capabilities and see how they fit into your security strategy
  • Learn how to set up and use the Data Security Posture Agent
  • Start using DSPM insights to prioritize and reduce data risks
  • Inform your security and compliance teams about the update
  • Update any internal documentation that references Purview DSPM

Smarter Role Group Management in Microsoft Purview

Posted on by

Managing permissions in Microsoft Purview is about to get a lot easier.

Microsoft is improving the Role groups experience in the Purview compliance portal, introducing a more intuitive interface that helps admins quickly understand and validate permissions—something many of us have struggled with at some point.

What’s new?

Based on customer feedback, the updated UI adds new ways to view role group assignments so you can find what you need faster and with less guesswork.

Instead of digging through multiple layers, admins can now look up permissions from three different perspectives:

  • By Role – see who has specific roles assigned
  • By Member – check which roles a particular user belongs to
  • My permissions – quickly understand your own access and responsibilities

These views are designed to reduce troubleshooting time and give admins clearer visibility into how permissions are structured.

When is this rolling out?
  • Public Preview: Mid-June 2026 → Mid-July 2026
  • General Availability (Worldwide, GCC, GCC High, DoD): Mid-July 2026 → Mid-August 2026

Roadmap ID: 562033

Why this is useful

This update makes it much easier for admins to see who has access to what—without wasting time searching.

Here’s what that means in practice:

  • Faster answers – Instead of clicking around, you can quickly find permissions by role, user, or your own access
  • Less confusion – It’s clearer how permissions are set up, so fewer mistakes or misunderstandings
  • Easier troubleshooting – When someone doesn’t have access (or has too much), you can figure out why much faster
  • Better for audits – You can easily review and confirm permissions when needed
  • No learning curve – Nothing changes in how things work—just a clearer view of what’s already there
How this improves security

This update doesn’t change permissions—but it makes it much easier to spot problems and fix them quickly, which directly improves security.

Here’s how:

  • Better visibility = fewer hidden risks
    You can clearly see who has access to what, making it easier to catch over-permissioned users or unnecessary roles.
  • Faster detection of mistakes
    If someone has access they shouldn’t (or is missing access), you can identify and correct it much faster.
  • Stronger least-privilege control
    It’s easier to ensure people only have the access they actually need—nothing more.
  • Simpler audits and reviews
    During security or compliance checks, you can quickly validate permissions instead of manually piecing things together.
  • Reduced risk of accidental exposure
    Clearer role assignments help prevent misconfigurations that could lead to data leaks or unauthorized access.

Microsoft Purview DSI Gets Smarter with OCR

Posted on by

Microsoft is continuing to strengthen Purview Data Security Investigations (DSI) by adding AI‑powered Optical Character Recognition (OCR) capabilities. This new enhancement allows DSI to read and analyze text that appears inside images, something traditional investigations often miss.

With OCR built in, DSI can now surface sensitive information hidden in screenshots, scanned documents, and embedded visuals within files. The result? Deeper investigations, better context, and more accurate risk detection across your organization.

This update is tracked under Microsoft 365 Roadmap ID 561489.

When is this rolling out?
  • Public Preview (Worldwide):
    Rolling out in late May 2026, with completion expected by early June 2026
  • General Availability (Worldwide):
    Rolling out in mid‑July 2026, with completion expected by late July 2026
Who is impacted?

This update is relevant for:

  • Admins and security analysts using Microsoft Purview Data Security Investigations
  • Organizations investigating data security risks with Purview
What’s changing?

Once OCR is enabled (and it will be on by default), DSI will automatically:

  • Extract text from image‑based content, including:
    • Images
    • Screenshots
    • Visuals embedded in documents
  • Add the extracted text to investigation datasets
  • Improve search, analysis, and risk detection using this newly visible content

The good news?
No workflow changes are required. Existing investigations will continue to work as they do today—just with richer insights.

Even better, all existing Purview controls and protections still apply. Sensitivity labels, DLP policies, and other compliance settings continue to be fully respected.

Why this matters

Sensitive information doesn’t always live in plain text. Credentials, personal data, or confidential details often end up in screenshots or images—especially in collaboration tools. OCR helps close that gap and gives security teams greater visibility into data risks that were previously hard to detect.

What do you need to do?

No action is required before rollout. However, you may want to:

  • Inform your security and compliance teams about the improved image‑based detection
  • Update internal investigation procedures to account for OCR‑driven findings
  • Refresh training materials or documentation that reference DSI capabilities

Microsoft Purview DLP Gets Smarter Troubleshooting with Guided Diagnostics

Posted on by

If you’ve ever tried to troubleshoot why a Data Loss Prevention (DLP) policy behaved the way it did, you’ll know it’s not always obvious what happened behind the scenes. Microsoft is looking to change that.

Microsoft is rolling out a new guided diagnostics experience in Microsoft Purview Data Loss Prevention (DLP), designed to help administrators quickly understand, diagnose, and resolve DLP policy issues. The goal is simple: make DLP behavior easier to explain, easier to fix, and easier to optimize.

This update is tracked under Microsoft 365 Roadmap ID 561032.

When is this coming?
  • Public Preview: Mid‑May 2026 to Mid‑June 2026
  • General Availability (Worldwide): Late June 2026 to July 2026
Who does this affect?

This update is primarily aimed at:

  • Microsoft 365 administrators managing DLP policies in Microsoft Purview
  • Commercial Microsoft 365 tenants

If your organization has Microsoft 365 E5 and Copilot licensing, you’ll also benefit from Security Copilot‑powered insights, which add intelligent recommendations during troubleshooting.

What’s changing?

A new guided diagnostics experience will appear directly in the Microsoft Purview portal, making it much easier to understand what your DLP policies are doing and why.

With this experience, admins can:

  • See the order in which DLP policies are evaluated
  • Understand which conditions were matched
  • Clearly identify what action was taken (allow, block, or audit)

In other words, instead of guessing or piecing together logs, you’ll get a clearer, step‑by‑step explanation of how a DLP decision was made.

Security Copilot‑powered insights (for eligible tenants)

For organizations with the right licensing, Microsoft brings Copilot into the experience to help:

  • Spot potential policy misconfigurations
  • Speed up DLP troubleshooting
  • Get recommendations for improving and optimizing policies
What’s not changing?
  • Existing DLP policies continue to work exactly as they do today
  • Enforcement behavior is unchanged
  • There is no impact on end‑user workflows

This update is purely about visibility and diagnostics, not policy enforcement.

That said, you may want to:

  • Update internal DLP troubleshooting documentation to reference the new guided diagnostics experience
  • Make sure your security and compliance teams are aware of the new diagnostics flow in the Purview portal
  • Review your Copilot and E5 licensing to understand whether Security Copilot‑powered insights will be available in your tenant

Meet the New Cyber Heroes Crew: Morgi & Spot 🐾

Posted on by

🟣 Morgi: The AI Superhero

Morgi is the thinker of the Cyber Heroes Crew, the one who’s always quietly paying attention. Curious, clever, and powered by AI, she has a gift for noticing patterns that others overlook and figuring out what they mean before something goes wrong.

With her softly glowing purple shield by her side, Morgi keeps an eye on the digital world, catching phishing tricks, malware, and even deepfakes in seconds. She doesn’t just spot danger, she explains it in a way people can understand, helping them feel confident instead of overwhelmed.

At heart, Morgi wants everyone to feel safe and informed online. Her mission is simple: make technology smarter, friendlier, and safer for everyone who uses it.

Superpower: Seeing Ahead

Morgi’s strength comes from understanding, reading signals, connecting dots, and knowing what’s likely to happen next. By thinking ahead, she helps everyone stay one step ahead too.

🐾 When Morgi is watching, clarity replaces confusion.

🔵 Spot: The Cybersecurity Hero

Spot is the one who looks out for you when you’re busy, distracted, or just trying to get through your day. Quietly observant and steady by nature, Spot stays close, keeping watch over your data and devices so you don’t have to worry about every little thing online.

With his familiar blue shield always nearby, Spot steps in when something doesn’t feel right, blocking phishing attempts, stopping ransomware, and protecting personal information before it’s ever at risk. He doesn’t make a fuss about it. He just does what needs to be done.

Spot believes safety starts with small moments of awareness. A pause before clicking. A second look at an email. A gentle reminder that it’s okay to slow down. That simple “think before you click” mindset is how Spot helps people stay safe without feeling stressed or overwhelmed.

At the heart of it all, Spot’s role is simple and reassuring:
to stand beside you, quietly protecting your digital world, every step of the way.

What Makes Spot Special

Spot’s strength isn’t flash or noise—it’s presence. He’s patient, dependable, and always paying attention, so you can move through the online world with confidence.

🐾 When Spot is around, you’re not facing the internet alone.

Together

Morgi analyzes. Spot protects.
Side by side, they form the ultimate cybersecurity duo, keeping Jo SNAI’s digital world secure, intelligent, and one step ahead of every threat.

🚀 Stay tuned as Morgi & Spot dive into their next cyber adventure! 🐾🐾

Copilot Cowork is now available in Frontier

Posted on by

Copilot Cowork has officially landed in Frontier for Microsoft 365 Copilot (Premium) users. This release brings a more collaborative way for Copilot to work across apps, handling multi‑step tasks while keeping you in control.

With Copilot Cowork, tasks can span multiple Microsoft 365 apps, with clear user approvals along the way and built‑in progress tracking so you always know what’s happening. It’s designed to feel less like a single command and more like a coworker helping you get things done.

To use Copilot Cowork, users need to be enrolled in Frontier. It currently works with Microsoft‑built agents and uses Anthropic as a subprocessor. For customers in the EU, data boundary controls are in place to help meet regional compliance requirements.

The good news? No admin action is required to get started eligible users can simply explore the experience once Frontier is enabled.

When is this happening?

Copilot Cowork is already rolling out and is available today in Frontier.
General availability for all customers will be announced later—Microsoft will share details once it’s ready for broader release.

What this means for your organization

This update introduces a new way for Copilot to work alongside users—taking on longer, multi‑step tasks across Microsoft 365 apps while keeping people firmly in control. Think of it as Copilot stepping up from quick help to ongoing collaboration.

Who can use Copilot Cowork?

Copilot Cowork is available to:

  • Users with a Microsoft 365 Copilot (Premium) license
  • Users who are enabled for Frontier
  • English‑language users (for now)
Prerequisites and controls to be aware of

Before Copilot Cowork can be used, a few requirements need to be in place:

  • The tenant must be enrolled in the Frontier program
  • Microsoft‑built agents must be enabled
  • Anthropic must be enabled as a subprocessor (this is on by default)

For organizations based in the European Union (EU):

  • Anthropic is turned off by default to meet EU Data Boundary requirements
  • It must be explicitly enabled for Copilot Cowork to function
  • If Anthropic remains off, users may see Copilot Cowork listed but won’t be able to use it

Admins also need to be enrolled in Frontier to see Copilot Cowork listed in the Agent Inventory.

What users can expect

Once available, users can:

  • Install Copilot Cowork directly from the Agent Store in the Microsoft 365 Copilot app
  • Pin it to the left rail for easy access

From there, users can simply describe what they want to achieve—in plain, natural language—and Copilot Cowork will:

  • Create a multi‑step plan based on the user’s Microsoft 365 context
  • Coordinate work across apps like Word, PowerPoint, Outlook, and more
  • Continue working over time, with clear checkpoints and progress tracking

Importantly, Copilot Cowork never acts without permission. It will always propose actions first and wait for explicit user approval before doing things like:

  • Sending emails or Teams messages
  • Scheduling, declining, or rescheduling meetings
  • Editing, moving, or organizing files

Users stay in control at all times—they can pause, adjust, or stop execution whenever they want, and come back later to review progress.

Default behavior and governance

For eligible tenants, Copilot Cowork is enabled by default and respects existing Microsoft 365 permissions and policies. The only exception is where EU Data Boundary settings apply, which may limit functionality unless explicitly configured.

(Updated) Microsoft 365 Copilot: Graph APIs for agent and app management

Posted on by

Microsoft is rolling out two new Microsoft Graph APIs that make it much easier for administrators to discover, monitor, and manage Copilot agents and apps across their organization.

Instead of relying on manual checks through the admin UI, these new APIs allow admins to programmatically access a complete inventory of agents and apps. This opens the door to richer reporting, automation, and seamless integration with existing tools and workflows.

This update is tracked under Microsoft 365 Roadmap ID 502875.

When is this happening?
  • Frontier (Preview): Available now
  • General Availability (Worldwide):
    Deployment will start in mid‑April 2026 (previously end of March) and is expected to complete by early May 2026 (previously end of February).
How does this affect your organization?
Who is impacted?

This change is relevant for admins who manage Copilot agents and apps within Microsoft 365 environments.

What’s changing?

Microsoft is introducing new Graph API endpoints that provide visibility into all agents and apps in your tenant:

  • Retrieve all agents and apps GET graph.microsoft.com/copilot/admin/catalog/packages Returns a full inventory of Microsoft, External, Shared, and Custom agents and apps.
  • Retrieve details for a specific agent or app GET graph.microsoft.com/copilot/admin/catalog/packages/{id} Returns detailed metadata, including properties and manifest information.

These endpoints enable:

  • Automated reporting
  • Easier integrations with internal tools
  • Better visibility into what’s deployed across your organization
What’s not changing?
  • There are no changes to existing admin UI workflows
  • There are no changes to current policies
  • No additional licenses are required — the APIs are available with an existing Microsoft 365 license

Microsoft Purview | DLP protections to prevent sensitive data from leaving your organization through external web search in Microsoft 365 Copilot and Copilot Chat

Posted on by

Microsoft is rolling out an important enhancement to help organizations use Microsoft 365 Copilot more securely. Starting this year, Microsoft Purview Data Loss Prevention (DLP) will include new protections designed specifically for Copilot and Copilot Chat. The goal: prevent sensitive data from being sent to external web search engines during AI‑assisted interactions.

This update introduces real‑time DLP evaluation for prompts that contain Sensitive Information Types (SITs). When Copilot detects protected data in a user’s prompt, it will block any external web search from taking place. Instead, Copilot will continue responding only with internal Microsoft Graph data provided that the user’s licensing allows it.

This feature corresponds with Microsoft 365 Roadmap ID 548671.

Rollout Timeline

Public Preview
Begins: Late March 2026
Completes: Late April 2026

General Availability (Worldwide)
Begins: Late June 2026
Completes: Late July 2026

What This Means for Your Organization
Who Will Be Affected?

This update is relevant for:

  • Organizations using Microsoft 365 Copilot, Copilot Chat, or Copilot Studio agents published to Microsoft 365.
  • Admins who manage Data Loss Prevention policies in the Microsoft Purview portal.
What’s Changing?
New DLP Control for Copilot Web Search

Admins will soon see a new option when configuring DLP policies: the ability to stop Copilot from using external web search when a prompt includes specific sensitive information types.

When this policy is triggered:

  • Copilot will not send content to external web search providers.
  • Copilot will still respond, drawing exclusively from internal Microsoft Graph data sources (assuming the user’s licensing supports this).

New in Microsoft Purview: Smarter Credential Scanning to Strengthen Your Data Security

Posted on by

Microsoft is rolling out a major update to the Data Security Posture Agent in Microsoft Purview, and it’s a big step forward for organizations looking to stay ahead of credential‑related risks.

The newest addition is a credential scanning capability designed to help you uncover exposed credentials, like Microsoft Entra ID details, private keys, API tokens, and other sensitive access points across your selected data locations. With this update, Purview doesn’t just spot the issues; it also gives you risk scores, AI‑generated insights, confidence levels, and credential categories so you can quickly understand what matters and what needs attention.

All findings are surfaced in one streamlined task board, making it easier than ever to review, confirm, and take action.

This enhancement is listed as Microsoft 365 Roadmap ID 558436.

Rollout Timeline
  • Public Preview: Starts late March 2026, expected to finish by early April 2026
  • General Availability (Worldwide): Starts late June 2026, wrapping up by early July 2026

What This Means for Your Organization

Who will notice the change?

Admins who manage Microsoft Purview and use the Data Security Posture Agent within Microsoft 365 tenants will see the new feature appear under the Explore Agent section.

What’s changing?

A brand‑new credential scanning experience is being introduced, including:

  • LLM-powered detection of exposed credentials across selected data locations
  • Automated identification of:
    • Microsoft Entra ID credentials
    • Private keys
    • API tokens
    • Additional sensitive credential types

Each detection comes with:

  • A risk score
  • AI-generated insights
  • A confidence rating
  • A credential category

And to help you stay organized, Purview provides a task board where you can follow up on findings, track progress, and take recommended actions, all in one place.

How to Prepare