The new agents in Microsoft Purview are AI-powered helpers designed to streamline your daily data security work so you can focus on real risks instead of chasing noise. They’re powered by Security Copilot and currently include: 1. **Data Security Triage Agent** – Helps you manage and prioritize Insider Risk and Data Loss Prevention (DLP) alerts. 2. **Data Security Posture Agent** – Helps you uncover hidden data security risks and improve your overall data security posture. In practice, these agents sit inside your existing Purview experience and: - Cut down alert overload so you can see which incidents actually need attention. - Provide clear, contextual reasoning behind alerts so you understand the “why,” not just the “what.” - Let you take action directly from insights, such as applying labels or triggering security policies. The goal is to reimagine how you manage data security: less time sorting through alerts, more time addressing the issues that matter.

The **Data Security Triage Agent** is built to help you manage the constant stream of Insider Risk and DLP alerts without getting buried in them. Here’s how it helps: - **Cuts through alert overload:** It analyzes incoming alerts and surfaces the ones that are most likely to represent real risk, so you don’t spend time on low-value or duplicate signals. - **Eliminates many false positives:** By using context and AI-driven analysis, it filters out alerts that are unlikely to be true issues, reducing the noise your team has to review manually. - **Explains the reasoning:** For each alert it highlights, it provides clear, contextual reasoning so you can quickly understand why it matters and what’s driving the risk. - **Automates user outreach:** It can help you stay in control by supporting automated communication with users involved in incidents, so you can follow up faster and more consistently. The net effect is a more focused triage process: your analysts spend less time sorting alerts and more time investigating and resolving the incidents that actually impact your organization.

The **Data Security Posture Agent** is designed to help you proactively improve your data security posture, not just react to alerts. Key capabilities include: - **Natural-language risk discovery:** You can use everyday language to ask questions like “Where are we exposed to potential data loss in our collaboration tools?” The agent interprets these queries and surfaces relevant risks that might be hard to spot with traditional filters. - **Context-aware insights:** It looks beyond simple rule matches to understand the context around data usage and access, helping you uncover risks that might otherwise stay hidden. - **Direct action from insights:** When the agent identifies an issue, you can apply sensitivity labels or trigger security policies directly from the insight, without jumping between multiple tools. Instead of only responding when alerts fire, the Data Security Posture Agent helps you rethink your approach by continuously looking for weak spots and giving you a straightforward way to address them before they turn into incidents.