Configuring Microsoft Purview for Data Protection in Third-Party LLMs

Configuring Microsoft Purview for Data Protection in Third-Party LLMs

February 18, 2026

Introduction: The Challenge of Data Governance in the Era of External LLMs

By 2026, the adoption of Large Language Models (LLMs) and generative Artificial Intelligence (AI) tools has become a reality in many organizations. While native solutions like Microsoft 365 Copilot offer secure integrations and data governance, many companies also leverage a variety of other third-party LLMs, accessible via the web or APIs. This proliferation of external AI tools, while beneficial for innovation and productivity, introduces a significant risk: the unintentional or malicious exposure of sensitive data [1].

Employees, in the pursuit of efficiency or curiosity, may inadvertently paste trade secrets, customer information, financial data, or intellectual property into public AI chat interfaces or third-party LLMs that do not have the same security and privacy guarantees as enterprise solutions. This behavior can lead to massive data leaks, compliance violations, and severe reputational damage. The risk of employees "training" public AI models with sensitive company data is one of the biggest data security and governance concerns in 2026 [2].

To address this challenge, Microsoft Purview in 2026 significantly expanded its Data Loss Prevention (DLP) capabilities. Purview now acts as an "AI security gateway", monitoring and blocking the sending of sensitive data to unauthorized external AI tools in real time. It inspects outbound traffic, identifies sensitive data patterns, and enforces policies to prevent exfiltration, ensuring that AI innovation does not compromise data security and compliance [3].

This technical and educational article is intended to guide compliance administrators, security analysts, and IT leaders in understanding the risks associated with third-party LLMs and configuring Microsoft Purview defenses to protect sensitive data. We'll cover the underlying principles, prerequisites, and a detailed step-by-step guide for implementing specific DLP policies for AI services.

The Risks of Third-Party LLMs and the Need for Governance

The ease of access and power of third-party LLMs can be a double-edged sword. While they offer benefits, they also present substantial risks to corporate data security:

  • Unintentional Data Exfiltration: Employees may, without malice, copy and paste sensitive data into external LLM prompts to summarize, analyze, or generate content, without realizing that this data may be stored or used to train the AI model, making it public or accessible to third parties.

  • Malicious Data Exfiltration: A malicious employee could use a third-party LLM as a conduit to exfiltrate sensitive data, bypassing traditional security controls.

  • Compliance Violations: Sending regulated data (such as PII, PHI, PCI) to external LLMs may violate data privacy laws (GDPR, LGPD) and industry-specific regulations, resulting in heavy fines and reputational damage.

  • Intellectual Property: Trade secrets, proprietary source codes and business plans can be exposed if they are inserted into third-party LLMs.

  • Lack of Visibility and Control: Without the appropriate tools, organizations lack visibility into which third-party LLMs are being used, what data is being shared, and whether these services comply with internal security policies.

Microsoft Purview addresses these risks by extending its DLP capabilities into the AI ​​services domain. It allows organizations to identify, monitor and control the flow of sensitive data to these services, ensuring that data governance policies are applied consistently across the digital ecosystem [4].

Data Protection Principles for AI in Microsoft Purview

Effective protection of sensitive data in third-party LLMs in Microsoft Purview is based on the following principles:

  1. AI Discovery and Classification: Identify which third-party AI services are being accessed on the network and classify their levelof risk. This allows DLP policies to be targeted and effective.

  2. Real-Time Sensitive Data Detection: Inspect outbound traffic in real-time to identify the presence of sensitive information (such as credit card numbers, social security numbers, health data) before it reaches an external LLM.

  3. Access Control and Blocking: Apply policies to block or alert on attempts to share sensitive data with unauthorized LLMs, ensuring that only approved channels are used.

  4. User Awareness: Provide immediate feedback to users about policy violations, educating them about the safe use of AI tools and the risks associated with sharing sensitive data.

  5. Audit and Reporting: Maintain a detailed record of all attempted policy violations and provide reports for analysis and continuous improvement of security posture.

Prerequisites for Implementation

To configure Microsoft Purview protections for third-party LLMs, you will need the following elements:

  • Microsoft 365 E5 or Microsoft Purview Compliance Suite Licensing: These plans include the required advanced DLP and AI governance capabilities.

  • Administrative Access: Accounts with Compliance Administrator, Security Administrator, or Global Administrator permissions on the Microsoft Purview compliance portal (compliance.microsoft.com).

  • Knowledge of Data Policies: Familiarity with your organization's sensitive data types and internal compliance policies.

  • DLP Agent Deployment: For endpoint monitoring, Microsoft Purview DLP agents must be deployed on users' devices.

Step-by-Step Guide: Configuring DLP Policies for AI in Microsoft Purview

Setting up protections against sending sensitive data to third-party LLMs involves identifying risky AI applications and creating targeted DLP policies.

Step 1: Identifying Risky AI Applications

The first step is to gain visibility into which third-party AI services are being accessed on your network and assess their risk.

  1. Access the Microsoft Purview Compliance Portal: Open your browser and navigate to compliance.microsoft.com. Log in with an account that has the necessary administrative permissions.

  2. Navigate to AI Hub: In the left navigation pane, go to AI Hub > Discovery. AI Hub is the new section introduced in 2026 to manage AI security and compliance.

  3. Review Discovered AI Services: Purview will list all third-party websites and AI services that have been accessed on your network. For each service, it will assign a "Risk Score" based on factors such as the provider's reputation, known privacy policies, the location of the data, and the type of data the service processes. This helps you identify which third-party LLMs pose the greatest risk to your organization.

  4. Classify Applications: Based on the risk score and internal policies, classify AI applications as "Approved", "Monitored", or "Unauthorized".

Step 2: Creating DLP Blocking Policies for Third-Party LLMs

With risky AI applications identified, you can create DLP policies to control the flow of sensitive data.

  1. Create a New DLP Policy: In the Microsoft Purview compliance portal, go to Data Loss Prevention > Policies. Click + Create policy.

  2. Choose a Template or Customize: You can start with a pre-existing template (e.g. "Financial Data", "Health Data") or create a custom policy. For third-party LLMs, a custom policy offers greater flexibility.

  3. Set Locations: In the locations section, select "AI Services and Chatbots". This is a new option introduced in 2026 that allows you to target policies specifically for interactions with third-party LLMs. You can also include other locations, such as endpoints, to monitor copy/paste.

  4. Define Conditions: Configure the conditions that will trigger the policy. This often involves detecting specific sensitive information types (SITs), such as:

  5. Financial Data: Credit card numberssaid, bank accounts.

  6. Personal Data: CPFs, identity numbers, corporate email addresses.

  7. Intellectual Property: Source code, documents with specific sensitivity labels (e.g. "Confidential").

  8. You can refine conditions to include keywords or regular expressions that indicate proprietary data.

  9. Set the Actions: For unauthorized or high-risk third-party LLMs, set the action to "Block with Policy Tip". The policy tip will inform the user that the action was blocked and why, educating them about the security policy. For monitored LLMs, you can choose to "Audite" or "Block with user override" (allowing the user to justify and proceed).

  10. Save and Activate the Policy: Review the policy and activate it. DLP policies can take some time to be fully applied across your entire environment.

Step 3: Monitoring and Continuous Education

Monitoring is essential to ensure the effectiveness of DLP policies and to identify areas that need additional education.

  1. Use AI Hub Reports: In Microsoft Purview AI Hub, you will find detailed reports on DLP policy violations related to third-party LLMs. These reports will show:

  2. Which third-party LLMs are being used: Identify the most popular services and those that pose the greatest risk.

  3. What sensitive data is being shared: Understand the types of information users are trying to send to external LLMs.

  4. Which users/departments are violating policies: Identify areas that need additional training or awareness.

  5. Incident Investigation: Use Activity Explorer in Purview to investigate DLP incidents in detail, including the user, file, AI service involved, and content that was blocked.

  6. Education and Awareness: Use reporting data to drive AI security awareness training. Explain to employees the risks of sharing sensitive data with third-party LLMs and promote the use of company-approved AI tools.

  7. Periodic Policy Review: The AI ​​landscape is constantly evolving. Regularly review your DLP policies for third-party LLMs to ensure they remain relevant and effective against new threats and emerging AI services.

Additional Considerations and Best Practices

  • Data Classification: Robust data classification is the foundation for effective DLP policies. Use sensitivity labels to automatically or manually classify sensitive data.

  • Clear Communication: Clearly communicate AI usage policies to employees. Explain what is allowed and what is not, and the risks associated with using unauthorized LLMs.

  • Phased Approach: Consider implementing DLP policies in phases, starting with audit mode to understand user behavior before applying hard blocks.

  • SIEM/SOAR Integration: Integrate Microsoft Purview DLP alerts with your SIEM system (such as Microsoft Sentinel) for a centralized view of security incidents and to orchestrate automated responses.

  • AI Vendor Assessment: When considering the use of third-party LLMs, conduct a rigorous security and privacy assessment of the vendors to ensure they meet your compliance requirements.

Conclusion

Protecting sensitive data in a world where third-party LLMs are widely accessible is a critical information security challenge in 2026. Microsoft Purview, with its enhanced DLP and AI governance capabilities, offers a robust solution to mitigate the risks of data exfiltration and compliance violations. By implementing targeted DLP policies, identifying risky AI applications, and educating users, organizations can realize the benefits of artificial intelligence without compromising the security of their most valuable assets. Effectively configuring Microsoft Purview for data protection in third-party LLMs is not just a technical measure, but a fundamental pillar of a comprehensive and proactive AI security strategy.

References

[1] Microsoft Data Security Index 2026." Explorethe future of data security, including emerging innovations and strategies, plus recommendations and best practices." Available at: https://info.microsoft.com/ww-landing-data-security-index-2026.html?lcid=en-us [2] Microsoft Security Blog. "Four priorities for AI-powered identity and network access security in 2026." Available at: [https://www.microsoft.com/en-us/security/blog/2026/01/20/four-priorities-for-ai-powered-identity-and-network-access-security-in-2026/] (https://www.microsoft.com/en-us/security/blog/2026/01/20/four-priorities-for-ai-powered-identity-and-network-access-security-in-2026/) [3] Microsoft 365 Roadmap. "The Microsoft 365 roadmap provides estimated release dates and descriptions for commercial features." Available at: https://www.microsoft.com/microsoft-365/roadmap?featureid=109581 [4] Microsoft Security. "Strengthen identity security with AI." Available at: https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id