EY accelerates secure AI development using Microsoft Purview SDK | Microsoft Customer Stories
When EY needed stronger governance for growing volumes of data, it turned to Microsoft Purview to centralize visibility and control. This customer story shows how bringing fragmented data governance together on one platform creates a stronger foundation for secure AI development. Read the story and connect with BlueTeamAssess LLC to see how a unified data platform can help advance your AI strategy.
How is EY using Microsoft Purview SDK to secure GenAI applications?
EY uses Microsoft Purview SDK as a core part of its GenAI application architecture so that security and compliance are built in from the start rather than added later.
Instead of creating custom safeguards from scratch, EY integrates Purview SDK’s policy-based controls directly into its GenAI platform, EY.ai, and into Dragonfly, EY’s low-code environment for building intelligent agents and AI workflows. Through this integration, EY can:
- Apply sensitivity labels and protection policies to data used by AI agents.
- Enforce policy-based access and protection controls on sensitive content.
- Monitor AI interactions and log activity to support compliance and investigations.
- Centralize visibility of data risks in the Microsoft Purview portal.
This approach helps EY’s clients, many of whom operate in highly regulated industries, adopt GenAI while maintaining control over data security, compliance, and governance. Security and observability are designed into the platform, so AI tools can be deployed more confidently in complex, regulated environments.
What measurable benefits has EY seen from using Purview SDK?
EY reports clear, measurable benefits from using Microsoft Purview SDK in its AI development process.
Key outcomes include:
- **25–30% time savings on secure feature development**: Data security and compliance capabilities that previously took about an extra week to bolt on after initial development are now built during the first deployment cycle. EY estimates a 25–30% reduction in time when building secure features using Purview SDK.
- **Faster rollout of GenAI tools in regulated environments**: Because security and compliance are embedded early, teams experience fewer delays related to risk reviews and remediation, which helps accelerate deployment timelines.
- **Centralized oversight instead of fragmented controls**: By routing AI interaction data from Dragonfly into Purview, EY’s clients gain a single view of data classification, policy enforcement, and risk indicators, simplifying governance and reducing operational friction.
Overall, Purview SDK helps EY move from reactive security add-ons to a proactive, secure-by-design model that shortens development cycles while maintaining compliance expectations.
How does EY’s Dragonfly platform work with Purview to support large enterprises?
Dragonfly is EY’s low-code platform for creating and managing AI agents and workflows on top of its EY.ai GenAI foundation. When combined with Microsoft Purview SDK, it gives large enterprises a way to scale AI while keeping data security and compliance in focus.
Here’s how it works in practice:
- **Integrated security and compliance**: Dragonfly is built with Purview SDK integrated upfront, so every AI agent and workflow can inherit policy-based access controls, sensitivity labels, and protection rules.
- **Data routing and classification**: EY has created a pipeline that routes AI interaction data from Dragonfly into Microsoft Purview. There, the data is classified and stored according to each organization’s requirements.
- **Centralized risk visibility**: Security and compliance teams use Microsoft Purview Data Security Posture Management for AI to see how AI agents are interacting with sensitive data, review logs, and respond to alerts, including insider risk indicators.
- **Support for large, distributed organizations**: One example is a US$100 billion global conglomerate with 17 business units across telecom, retail, metals, and other sectors. The company uses a customized Dragonfly instance called Intellect as a shared AI platform for about 50,000 employees across HR, finance, and operations. Purview’s policy controls help maintain oversight across this diverse environment.
- **Internal and client use cases**: EY’s own teams use Dragonfly to build AI tools for compliance management, contract review, and other transformation initiatives that must meet strict security and compliance standards before entering client environments.
By combining Dragonfly with Purview SDK, EY helps enterprises reimagine how they adopt AI—moving from siloed, ad hoc tools to a shared, policy-driven platform where trust, security, and transparency are part of the design from day one.
EY accelerates secure AI development using Microsoft Purview SDK | Microsoft Customer Stories
published by BlueTeamAssess LLC
I founded BlueTeamAssess LLC to develop and offer actionable and cost effective security solutions to SMBs.
BlueTeamAssess LLC is a veteran-owned Cybersecurity Consulting business based in Onslow County, NC.
My company wants to be the trusted advisor to small businesses for cybersecurity and related information technology needs. We will help you meet compliance requirements for HIPAA, PCI, NC cybersecurity requirements for financial advisors, and NIST 800-171 and CMMC cybersecurity requirements for providing goods and services through DOD contracts.
We help small businesses understand cybersecurity threats and their vulnerability to those threats. We offer affordable products and services to protect their business and their livelihood from those threats.
We use the SAINT Security Suite and its family of assessment products to provide cybersecurity services that assess your exposure to the many threats that can impact your business. And we help you meet compliance requirements for NIST 800-171 cybersecurity requirements for providing goods and services through DOD contracts as well as for HIPAA, PCI, the NC data breach protection law and NC cybersecurity requirements for financial advisors.
We use the CyberSecurity Assessment Tool from QS Solutions to assess the security posture of your Microsoft 365 deployment and help bring your risk score to acceptable levels through our remediation services.
We will help you reduce SPAM, secure your email and defend against ransomware. To help do this, we offer a number of solutions scalable for small business budgets and environments. These include:
- Microsoft 365 email and office software and its extensive security features and advanced threat protection.
- Fortinet security solutions that provide a Security Fabric that knits together protection for your endpoints and servers, your firewalls, your wireless network, security analytics and many other services that protect your organization technology from today’s advanced threats whether the workers are working in the office or remotely from home.
- A backup and recovery solution from Acronis to protect your critical customer and business data when the next storm or other disaster impacts your business.
You can trust BlueTeamAssess LLC be the trusted advisor to small businesses for cybersecurity and related information technology needs.
Sign in with LinkedIn