Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Use Data Security Posture Management (DSPM) to quickly identify unprotected sensitive data assets and potentially risky user activities in your organization. Complete the steps in this article to get started with the DSPM workflow.
Subscriptions and licensing
Before getting started with DSPM, confirm your Microsoft 365 subscription and any add-ons. Depending on the licensing and subscriptions for your organization, you can access other data security and risk and compliance solutions in the Microsoft Purview portal.
To access and use DSPM, you need a Microsoft 365 E5 or Microsoft Purview Suite (formerly known as Microsoft 365 E5 Compliance) license. Administrators need to verify that their organization has a supported subscription and assign the appropriate licenses to users. For more information about subscriptions and licensing, see the subscription requirements for DSPM.
Step 1: Assign permissions
Important
If your permissions are restricted in specific administrative units in your organization, you can't access DSPM.
To continue with these configuration steps, you must be assigned to one of the following roles or role groups:
- Data Security Management role group
- Data Security Viewer role. If the DSPM dashboard is opted in, this role grants permission to view all the insights. This role is required to use Security Copilot in DSPM.
- Insider Risk Management Admins role
- Microsoft Entra ID Global Administrator role
- Microsoft Entra Compliance Administrator role
Important
Microsoft recommends that you use roles with the fewest permissions. Minimizing the number of users with the Global Administrator role helps improve security for your organization. Learn more about Microsoft Purview roles and permissions.
Step 2: Opt in to analytics processing and scanning
To get started with DSPM, you need to enable analytics in Insider Risk Management and data loss prevention (DLP). When you opt into DSPM, the system automatically enables analytics in Insider Risk Management and analytics in DLP if they're not already active. If you enable analytics in Insider Risk Management and analytics in DLP, the system automatically enables DSPM.
For more information about analytics in these solutions, see:
When you complete the opt-in process, the system starts an automated scan of data and user activities for your organization. Scanning times vary based on the size of your organization and the amount of data and activities that need processing. It might take up to three days for this processing to complete.
Step 3: Configure Security Copilot
To access Copilot in DSPM, you must configure your organization for Security Copilot. For step by step guidance, see Get started with Microsoft Copilot for Security.
Step 4: Evaluate insights and take action
Review and take action with recommendations
DSPM generates recommendations directly from the processed data, user activities, and current state of unprotected assets in your organization. Specific recommendations let you take action and quickly create data loss prevention (DLP) and Insider Risk Management policies to help you mitigate data security risks.
For more information about recommendations, see Take action with Data Security Posture Management recommendations.
Use Microsoft Security Copilot investigate data security details
Use Security Copilot promptbooks and custom prompts to quick dive into the details and get answers about unprotected sensitive data assets and potentially risky user activities in your organization. Data security insights are generated from scanned data across data loss prevention (DLP), information protection, and Insider Risk Management solutions.
For more information about using Security Copilot, see Use Microsoft Security Copilot with Data Security Posture Management.
Step 5: Review analytics and trends to track your data security posture
DSPM analytics trends and reports help you quickly see the unprotected and protected sensitive assets and potentially risky user activities in your organization.
For more information about using trends and reports, see Use Data Security Posture Management analytics trends and reports.