Services
Affected Platforms
Summary
The Data Security Posture Agent, available in public preview from December 24, 2025, uses LLMs to discover sensitive data and assess risks in Microsoft Purview. It offers GenAI summaries, risk insights, and requires admin setup. General availability begins late May 2026.
Details
Updated March 23, 2026: We have updated the timeline. Thank you for your patience.Â
Introduction
We’re introducing the Data Security Posture Agent, available in public preview December 24, 2025. This agent helps data security admins proactively discover sensitive data across your organization’s data estate and assess associated risks. By leveraging large language models (LLMs), it goes beyond traditional keyword-based analysis to understand the purpose and context of content, enabling more accurate risk identification and actionable insights.
This message is associated with Roadmap IDÂ 542188.
When this will happen:
- Public Preview (Worldwide): Rollout begins mid-December 2025 and completes by late December 2026.
- General Availability (Worldwide): Rollout begins late May 2026 (previously mid-March) and completes by end of May 2026 (previously late March).
How this affects your organization:
Who is affected: Admins managing data security and compliance in Microsoft Purview.
What will happen:
- A new Data Security Posture Agent will be available in Microsoft Purview under the Explore Agent tab.
- The agent uses LLM-powered natural language discovery to:
- Search documents, emails, and messages for sensitive data.
- Assess risks based on context and intent, not just keywords.
- Provides:
- GenAI-generated summaries.
- LLM-assisted job completion tasks.
- Actionable recommendations to improve security posture.
- Default setting: The feature requires admin setup; it is not enabled automatically.
What you can do to prepare:
- Set up the agent in Microsoft Purview > Explore Agent using the required admin roles.
- Review your organization’s data security policies and ensure admins have appropriate permissions.
- Communicate this change to your security and compliance teams.
Learn more:Â
- Security Copilot Agents in Microsoft Purview overview (preview) | Microsoft Learn (will be updated before rollout)
Compliance considerations:
| Question | Explanation |
|---|---|
| Does the change alter how existing customer data is processed, stored, or accessed? | The agent analyzes documents, emails, and messages to identify sensitive data and assess risk. |
| Does the change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data? | Introduces LLM-powered discovery and risk assessment. |
| Does the change provide end users any new way of interacting with generative AI? | Â Admins receive GenAI-generated summaries and LLM-assisted tasks. |
| Does the change include an admin control and can it be controlled through Entra ID group membership? | Setup requires admin roles in Microsoft Purview. |