The new agents in Microsoft Purview are AI-powered helpers designed to streamline your daily data security work so you can focus on real risks instead of chasing noise. There are two main agents: 1. **Data Security Triage Agent** - Helps you work through alert overload from Insider Risk Management and Data Loss Prevention (DLP). - Filters out likely false positives so you can quickly see which incidents actually need attention. - Provides clear, contextual reasoning for each alert, so you understand *why* something is risky. - Can automate user outreach, helping you follow up with employees directly from the workflow. 2. **Data Security Posture Agent** - Lets you uncover hidden risks using natural-language queries (you can ask questions in plain English instead of building complex queries). - When it finds issues, you can apply sensitivity labels and trigger security policies right from the insight, helping you proactively prevent data loss. Both agents are powered by Security Copilot and are built to give security and compliance teams a faster, more efficient way to manage data security inside Microsoft Purview.

The Data Security Triage Agent is designed to help your team rethink how you handle Insider Risk and DLP alerts by reducing noise and surfacing what truly needs action. Here’s how it helps: - **Cuts through alert overload**: Instead of manually reviewing a long list of alerts, the agent analyzes them for you and highlights the ones that are most likely to represent real risk. - **Eliminates many false positives**: By using context around user behavior and data activity, it can deprioritize alerts that are unlikely to be problematic, so your analysts spend less time on non-issues. - **Explains the “why” behind alerts**: Each prioritized alert comes with clear, contextual reasoning, so your team can quickly understand what happened and why it matters. - **Supports automated user outreach**: You can stay in control of the process while using the agent to automate parts of user communication, such as asking for clarification or reminding users of policies. The result is a more focused triage process where your team spends time on the incidents that are most likely to impact your organization, instead of getting stuck in a backlog of low-value alerts.

The Data Security Posture Agent helps you reimagine how you discover and address data risks by making it easier to ask questions about your environment and act on the answers. Key capabilities include: - **Natural-language risk discovery**: You can use plain-language queries (for example, “Show me data at risk in our finance department”) to uncover risks that might be hard to find with traditional, rule-based searches. - **Context-aware insights**: The agent looks at the context around data—such as where it’s stored, how it’s accessed, and by whom—to surface issues that might otherwise stay hidden. - **Inline remediation**: When the agent identifies a risk, you can immediately apply sensitivity labels or trigger security policies directly from the insight, without switching tools or building new rules from scratch. - **Proactive data loss prevention**: By continuously uncovering and addressing posture issues, you move from reacting to incidents to proactively reducing the chances of data loss. Because it’s powered by Security Copilot and integrated into Microsoft Purview, the Data Security Posture Agent helps your security and compliance teams work more efficiently while tightening your overall data protection posture.