422334 – Microsoft Purview compliance portal: Communication Compliance – Detect prompt injection attacks and mentions of protected materials in GenAI prompts and responses

Product:

Copilot, Purview, Purview Communication Compliance, Purview compliance portal

Platform:

Web, World tenant

Status:

Launched

Change type:

Links:

MC947833

Details:

In Communication Compliance, we're introducing the ability to detect potentially risky Generative AI interactions using Azure Content Safety's Prompt shields and Protected materials classifiers. Detect risk of jailbreak prompt exploitation by malicious users and identify if GenAI responses contain branded/copyrighted material so organizations can maintain content originality and protect their reputations. Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (e.g. SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
Preview, General Availability

Created:
2024-10-17

updated:
2026-01-21

Public Preview Start Date

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Please, look at the most relevant linked item for details

explanation for non-techies**

Imagine you're a security guard at a museum. Your job is to ensure that nothing inappropriate or unauthorized gets in or out. Similarly, Microsoft Purview's Communication Compliance is like a digital security guard for organizations, particularly when it comes to interactions involving Generative AI (GenAI).

With the rise of AI, people can now use technology to generate text, images, and more. However, just like someone might try to sneak something past a museum guard, there are risks that people might try to exploit AI systems. This is where "prompt injection attacks" come in. Think of it as someone trying to trick the AI into doing something it shouldn't, like giving away sensitive information or creating content that violates rules.

Microsoft Purview uses tools like Azure Content Safety's Prompt shields to detect these kinds of risky interactions. It's like having a special scanner that alerts the security guard if someone tries to smuggle something in or out. This helps organizations keep their digital spaces safe and maintain their reputation.

Additionally, the system can identify if AI-generated content includes copyrighted or branded material. Imagine if someone tried to take a famous painting from the museum and pass it off as their own. The system ensures that organizations can maintain content originality and avoid legal issues.

To protect user privacy, the system is designed with features like pseudonymizing usernames, meaning that user identities are hidden, much like a witness protection program. Only authorized personnel, who have been given specific access by an administrator, can investigate potential issues. This is similar to only allowing certain museum staff to access sensitive areas. Moreover, everything is logged, so there's a record of who accessed what, ensuring accountability.

In summary, Microsoft Purview's Communication Compliance acts as a vigilant guard, ensuring that AI interactions remain safe and compliant, while also respecting user privacy.