Microsoft Purview in the Age of AI: Securing Copilot with Peter Rising [Microsoft]

As organizations race to adopt Microsoft 365 Copilot, AI Agents, and Generative AI, one critical question continues to emerge: is your data ready for AI? In this episode of M365 FM, Mirko Peters sits down with Peter Rising, Senior Partner Solution Architect at Microsoft, to explore Microsoft Purview, Zero Trust, Data Governance, Compliance, Security, and the growing importance of protecting information in the age of AI. Peter shares his remarkable journey from IT support in the 1990s to becoming one of Microsoft's leading voices on Security, Compliance, Identity, and Microsoft Purview. Having worked with some of Microsoft's most strategic partners across the UK and Ireland, Peter helps organizations securely adopt Microsoft 365 Copilot, Agents, and AI technologies while maintaining strong governance, compliance, and security foundations.WHY AI HAS CHANGED THE SECURITY CONVERSATION For years, organizations focused heavily on identity and endpoint protection through technologies such as Microsoft Entra ID and Microsoft Defender. However, the rise of Microsoft Copilot, AI Agents, and Agentic AI has dramatically increased the importance of understanding and governing organizational data. Peter explains why Microsoft Purview has become one of the most important platforms in the Microsoft ecosystem. AI systems depend on data as their fuel source, meaning organizations must understand, classify, secure, and govern their information before deploying AI at scale. Without proper governance, oversharing, compliance violations, and accidental data exposure become significant risks. Key takeaways:Why AI makes data governance more important than everThe relationship between Copilot and organizational dataSecurity challenges in the era of Generative AIWhy Purview adoption is acceleratingCommon mistakes organizations make before deploying AIUNDERSTANDING ZERO TRUST IN THE REAL WORLD Zero Trust has become one of the most frequently discussed security frameworks, but many organizations still struggle to understand what it actually means in practice. Peter breaks down Microsoft's Zero Trust philosophy into its three core principles: Verify Explicitly, Use Least Privilege, and Assume Breach. He explains why modern organizations can no longer rely on traditional perimeter security and how cloud-first environments require a completely different approach to identity protection, access control, and risk management. The discussion also highlights why small and medium-sized businesses are increasingly targeted by cybercriminals and why security should never be treated as an IT-only responsibility. Topics discussed:Zero Trust fundamentalsMulti-Factor Authentication (MFA)Privileged Identity Management (PIM)Assume Breach methodologyDefense in Depth strategiesBuilding a security-first cultureMICROSOFT PURVIEW EXPLAINED For many Microsoft 365 professionals, Microsoft Purview remains one of the most misunderstood products in the Microsoft portfolio. Peter provides a practical breakdown of Purview and explains why it serves as the foundation for modern data governance, compliance, and information protection. He identifies three core capabilities every organization should prioritize: Sensitivity Labels, Data Loss Prevention (DLP), and Data Lifecycle Management. The conversation explores how these features help organizations classify data, prevent accidental sharing, manage retention requirements, and ensure AI tools like Copilot respect existing security controls and permissions. Key Purview capabilities:Sensitivity LabelsData Loss Prevention (DLP)Data Lifecycle ManagementRetention PoliciesInformation ProtectionCompliance ManagementTHE OVERSHARING PROBLEM IN COPILOT One of the most common concerns surrounding Microsoft Copilot is data oversharing. Peter explains why oversharing is not primarily a Copilot problem but a data governance challenge. Copilot can only access information users already have permission to access. If data is incorrectly stored, poorly classified, or overly exposed, AI simply makes those issues more visible. The discussion explores practical strategies organizations can use to identify oversharing risks before deploying AI, including SharePoint Advanced Management, Data Security Posture Management (DSPM), Microsoft Defender for Cloud Apps, and comprehensive data discovery initiatives. Key takeaways:Oversharing vs governanceData Security Posture Management (DSPM)SharePoint Advanced ManagementDefender for Cloud AppsData discovery and classificationAI readiness assessmentsRESPONSIBLE AI, GOVERNANCE & COMPLIANCE As AI adoption accelerates, organization