--- name: DSPM for AI Remediation description: Turns Microsoft Purview DSPM for AI oversharing findings into an owner-assigned remediation plan mapped to sensitivity labels, DLP, and ISM evidence. --- # DSPM for AI Remediation > **TL;DR:** This skill reads a Microsoft Purview Data Security Posture Management for AI oversharing report and converts the findings into an owner-assigned remediation checklist mapped to sensitivity labels, DLP policies, and SharePoint cleanups, with ISM-traceable evidence. ## How does the DSPM for AI Remediation skill turn oversharing telemetry into action? This skill takes a Microsoft Purview Data Security Posture Management (DSPM) for AI report and converts it into a structured remediation plan. For each oversharing finding it names the owner, the target SharePoint site, the recommended Microsoft Purview sensitivity label to apply, the data loss prevention (DLP) rule to extend, and the verification steps. Each remediation is tied to ISM-traceable evidence, framing the work for a Microsoft 365 Copilot rollout where Agentic AI can surface overshared content. It supports Essential Eight ML2 evidence for Control 5 and ISM data-repository controls. ## When should you run this skill? - "Build a DSPM for AI remediation plan" - "Turn DSPM findings into actions" - "Plan oversharing cleanup for Copilot rollout" - "Map Purview AI findings to ISM evidence" ## How this skill works, step by step 1. Ingest the DSPM for AI report (CSV or JSON export) 2. Group findings by site, then by sensitivity tier of the exposed content 3. For each group propose: label to apply, DLP rule to extend, SharePoint sharing setting to tighten 4. Assign an owner (site owner where present, otherwise the data steward) 5. Set a target completion date based on severity: Critical 7 days, High 30 days, Medium 90 days 6. Record the evidence pointer (ISM control family) each remediation satisfies 7. Produce the remediation checklist below ## Output format | Finding | Site | Sensitivity | Action | Owner | Due | ISM Evidence | Followed by: - Total findings: N - Critical: N (7-day SLA) - High: N (30-day SLA) - Estimated effort by team ## Scope and safety Read-only by default — this skill produces the plan only. It does NOT: - Apply labels or modify DLP (read-only — produces the plan only) - Reassign site ownership - Replace formal change control ## Licensing and permissions ### Licences and add-ons | Capability used | Minimum licence | | --- | --- | | Microsoft Purview DSPM for AI oversharing reports | Microsoft 365 E5 or E5 Compliance | | Microsoft Purview sensitivity labels and DLP referenced in remediations | Microsoft 365 E5 or E5 Compliance | ### Least-privilege roles - Global Reader — read-only access to DSPM for AI reports and posture findings - Compliance Data Administrator — where deeper read access to Purview data security signals is required ### Microsoft Graph permissions (read-only) DSPM for AI is administered through the Microsoft Purview portal rather than Microsoft Graph, so this skill works from a DSPM for AI report export (CSV or JSON) and does not call Graph for the findings themselves. Where you correlate evidence with related activity, the following read-only scope genuinely applies: - `AuditLog.Read.All` — reads unified audit log entries to corroborate access and sharing activity behind a finding ## Sources and compliance - Microsoft Purview DSPM for AI reached GA in 2026 - Supports E8 ML2 evidence for Control 5 (Restrict Administrative Privileges) and ISM data-repository controls - Reference: [https://learn.microsoft.com/en-us/purview/ai-microsoft-purview](https://learn.microsoft.com/en-us/purview/ai-microsoft-purview) - Pair with SharePoint Oversharing Audit for ongoing baselining - Output in Australian English