SKILL.md— paste into Microsoft 365 Copilot or ClaudeDownload

▸ View skill file

---
name: DSPM for AI Remediation
description: Turns Microsoft Purview DSPM for AI oversharing findings into an owner-assigned remediation plan mapped to sensitivity labels, DLP, and ISM evidence.
---

# DSPM for AI Remediation

> **TL;DR:** This skill reads a Microsoft Purview Data Security Posture Management for AI oversharing report and converts the findings into an owner-assigned remediation checklist mapped to sensitivity labels, DLP policies, and SharePoint cleanups, with ISM-traceable evidence.

## How does the DSPM for AI Remediation skill turn oversharing telemetry into action?

This skill takes a Microsoft Purview Data Security Posture Management (DSPM) for AI report and converts it into a structured remediation plan. For each oversharing finding it names the owner, the target SharePoint site, the recommended Microsoft Purview sensitivity label to apply, the data loss prevention (DLP) rule to extend, and the verification steps. Each remediation is tied to ISM-traceable evidence, framing the work for a Microsoft 365 Copilot rollout where Agentic AI can surface overshared content. It supports Essential Eight ML2 evidence for Control 5 and ISM data-repository controls.

## When should you run this skill?

- "Build a DSPM for AI remediation plan"
- "Turn DSPM findings into actions"
- "Plan oversharing cleanup for Copilot rollout"
- "Map Purview AI findings to ISM evidence"

## How this skill works, step by step

1. Ingest the DSPM for AI report (CSV or JSON export)
2. Group findings by site, then by sensitivity tier of the exposed content
3. For each group propose: label to apply, DLP rule to extend, SharePoint sharing setting to tighten
4. Assign an owner (site owner where present, otherwise the data steward)
5. Set a target completion date based on severity: Critical 7 days, High 30 days, Medium 90 days
6. Record the evidence pointer (ISM control family) each remediation satisfies
7. Produce the remediation checklist below

## Output format

| Finding | Site | Sensitivity | Action | Owner | Due | ISM Evidence |

Followed by:

- Total findings: N
- Critical: N (7-day SLA)
- High: N (30-day SLA)
- Estimated effort by team

## Scope and safety

Read-only by default — this skill produces the plan only. It does NOT:

- Apply labels or modify DLP (read-only — produces the plan only)
- Reassign site ownership
- Replace formal change control

## Licensing and permissions

### Licences and add-ons

| Capability used | Minimum licence |
| --- | --- |
| Microsoft Purview DSPM for AI oversharing reports | Microsoft 365 E5 or E5 Compliance |
| Microsoft Purview sensitivity labels and DLP referenced in remediations | Microsoft 365 E5 or E5 Compliance |

### Least-privilege roles

- Global Reader — read-only access to DSPM for AI reports and posture findings
- Compliance Data Administrator — where deeper read access to Purview data security signals is required

### Microsoft Graph permissions (read-only)

DSPM for AI is administered through the Microsoft Purview portal rather than Microsoft Graph, so this skill works from a DSPM for AI report export (CSV or JSON) and does not call Graph for the findings themselves. Where you correlate evidence with related activity, the following read-only scope genuinely applies:

- `AuditLog.Read.All` — reads unified audit log entries to corroborate access and sharing activity behind a finding

## Sources and compliance

- Microsoft Purview DSPM for AI reached GA in 2026
- Supports E8 ML2 evidence for Control 5 (Restrict Administrative Privileges) and ISM data-repository controls
- Reference: [https://learn.microsoft.com/en-us/purview/ai-microsoft-purview](https://learn.microsoft.com/en-us/purview/ai-microsoft-purview)
- Pair with SharePoint Oversharing Audit for ongoing baselining
- Output in Australian English

How to use this skill

Get the file. Download or copy the SKILL.md from the panel above.
Load it into your host:
- Microsoft 365 Copilot / Copilot Studio — add it as the instructions of a declarative agent or Copilot Studio agent.
- Claude (Cowork / Claude Code) — drop the file into your skills folder; it loads as an Agent Skill automatically.
- Any chat host — paste the file contents as your prompt.
Grant read-only access. Assign the least-privilege roles and Microsoft Graph scopes listed in Licensing and permissions below.
Provide your tenant scope and run it (a site, a collection, or the whole tenant).
Review the report and action the risk-ranked recommendations.

This skill is read-only by default — it inspects and reports, and never changes your tenant.

DSPM for AI Remediation

TL;DR: This skill reads a Microsoft Purview Data Security Posture Management for AI oversharing report and converts the findings into an owner-assigned remediation checklist mapped to sensitivity labels, DLP policies, and SharePoint cleanups, with ISM-traceable evidence.

How does the DSPM for AI Remediation skill turn oversharing telemetry into action?

This skill takes a Microsoft Purview Data Security Posture Management (DSPM) for AI report and converts it into a structured remediation plan. For each oversharing finding it names the owner, the target SharePoint site, the recommended Microsoft Purview sensitivity label to apply, the data loss prevention (DLP) rule to extend, and the verification steps. Each remediation is tied to ISM-traceable evidence, framing the work for a Microsoft 365 Copilot rollout where Agentic AI can surface overshared content. It supports Essential Eight ML2 evidence for Control 5 and ISM data-repository controls.

When should you run this skill?

“Build a DSPM for AI remediation plan”
“Turn DSPM findings into actions”
“Plan oversharing cleanup for Copilot rollout”
“Map Purview AI findings to ISM evidence”

How this skill works, step by step

Ingest the DSPM for AI report (CSV or JSON export)
Group findings by site, then by sensitivity tier of the exposed content
For each group propose: label to apply, DLP rule to extend, SharePoint sharing setting to tighten
Assign an owner (site owner where present, otherwise the data steward)
Set a target completion date based on severity: Critical 7 days, High 30 days, Medium 90 days
Record the evidence pointer (ISM control family) each remediation satisfies
Produce the remediation checklist below

Output format

Followed by:

Total findings: N
Critical: N (7-day SLA)
High: N (30-day SLA)
Estimated effort by team

Scope and safety

Read-only by default — this skill produces the plan only. It does NOT:

Apply labels or modify DLP (read-only — produces the plan only)
Reassign site ownership
Replace formal change control

Licensing and permissions

Licences and add-ons

Capability used	Minimum licence
Microsoft Purview DSPM for AI oversharing reports	Microsoft 365 E5 or E5 Compliance
Microsoft Purview sensitivity labels and DLP referenced in remediations	Microsoft 365 E5 or E5 Compliance

Least-privilege roles

Global Reader — read-only access to DSPM for AI reports and posture findings
Compliance Data Administrator — where deeper read access to Purview data security signals is required

Microsoft Graph permissions (read-only)

DSPM for AI is administered through the Microsoft Purview portal rather than Microsoft Graph, so this skill works from a DSPM for AI report export (CSV or JSON) and does not call Graph for the findings themselves. Where you correlate evidence with related activity, the following read-only scope genuinely applies:

AuditLog.Read.All — reads unified audit log entries to corroborate access and sharing activity behind a finding

Sources and compliance

Microsoft Purview DSPM for AI reached GA in 2026
Supports E8 ML2 evidence for Control 5 (Restrict Administrative Privileges) and ISM data-repository controls
Reference: https://learn.microsoft.com/en-us/purview/ai-microsoft-purview
Pair with SharePoint Oversharing Audit for ongoing baselining
Output in Australian English

Licensed under CC BY 4.0 by Educ4te . Adapted from the open HybridSP skills catalogue.