The new agents in Microsoft Purview are AI-powered helpers designed to streamline your daily data security work so you can focus on real risks instead of sifting through noise. There are two key agents: 1. **Data Security Triage Agent** - Helps you manage Insider Risk and Data Loss Prevention (DLP) alerts. - Cuts through alert overload by highlighting which incidents actually need your attention. - Reduces false positives so you spend less time chasing non-issues. - Provides clear, contextual reasoning behind each alert, so you understand *why* something is risky. - Can automate user outreach, helping you follow up with employees directly from the workflow. 2. **Data Security Posture Agent** - Helps you uncover risks that are hard to see with traditional rules alone. - Uses natural-language queries, so you can ask questions about your data security posture in plain English. - When it finds issues, you can apply sensitivity labels and trigger security policies right from the insight. Both agents are powered by Security Copilot and are built to reimagine how you manage data security: less manual triage, more targeted action, and a clearer view of where your real risks are.

The Data Security Triage Agent is designed to make your alert handling more manageable and more accurate. Here’s how it helps: - **Prioritizes real risks**: Instead of presenting every alert at the same level, the agent surfaces the Insider Risk and DLP incidents that are most likely to matter, so your team can focus on what’s truly important. - **Reduces false positives**: By using context and AI-driven analysis, it filters out many of the alerts that don’t represent real risk, cutting down on time spent investigating non-issues. - **Explains the “why” behind alerts**: Each alert comes with clear, contextual reasoning, so analysts can quickly understand what triggered it and whether it needs action. - **Automates user outreach**: When appropriate, the agent can help you initiate communication with users involved in an incident, keeping you in control while reducing manual follow-up. In practice, this means your security team spends less time triaging noise and more time resolving the incidents that actually impact your organization’s data security.

The Data Security Posture Agent extends your existing DLP and data security capabilities by helping you uncover and act on risks that are harder to see with static rules alone. Key capabilities include: - **Natural-language risk discovery**: You can ask questions about your data security posture in everyday language (for example, about where sensitive data is concentrated or how it’s being accessed), instead of building complex queries. - **Context-aware insights**: The agent looks at context around data usage and access patterns to highlight potential risks that might not be obvious from simple policy matches. - **Direct action from insights**: When the agent identifies an issue, you can immediately apply sensitivity labels or trigger security policies from the same view, reducing the gap between detection and response. - **Proactive prevention**: By continuously surfacing posture issues, it helps you address weaknesses before they turn into data loss incidents. Powered by Security Copilot, the Data Security Posture Agent helps you rethink how you monitor and improve your overall data security posture—moving from reactive incident handling to more proactive risk management.