Microsoft Purview Adds Anthropic Claude Compliance: Governance for AI Agents

Microsoft quietly expanded Microsoft Purview to include compliance monitoring for Anthropic Claude Enterprise, using Anthropic’s Compliance API to log and audit Claude conversations, file uploads, collaboration, logins, and admin actions. The data is incorporated into Purview’s existing audit trails alongside Microsoft 365, Windows endpoints, and other connected services to strengthen governance for AI agents.

{
"title": "Microsoft Purview Adds Anthropic Claude Compliance: Governance for AI Agents",
"content": "Microsoft expanded its data governance capabilities in a significant but understated update late last month. The company quietly added comprehensive monitoring and compliance controls for Anthropic\u2019s Claude Enterprise to Microsoft Purview, its cloud-based data governance and risk management suite. This integration, which relies on Anthropic\u2019s Compliance API, now captures Claude conversations, file uploads, project collaborations, login activity, and administrative actions\u2014folding them into the same audit trails that organizations already use for Microsoft 365, Windows endpoints, and other connected services.

The move addresses a pressing need for enterprises racing to adopt generative AI while maintaining regulatory compliance. As Claude becomes a staple in workplaces\u2014drafting documents, analyzing spreadsheets, and participating in team projects\u2014the lack of visibility into its use has worried CISOs and compliance officers. Microsoft\u2019s answer is to make Claude as auditable as Exchange emails or Teams messages.

The Compliance Gap in Enterprise AI

For years, Microsoft has championed data governance across its ecosystem. Purview, with its roots in Azure Information Protection, now offers a unified portal for discovery, classification, and risk detection across hundreds of data sources. But the explosive growth of external AI tools like Claude and ChatGPT exposed a blind spot: employees were feeding sensitive information into these platforms without any oversight. A 2025 survey by a leading analyst firm found that 73% of knowledge workers used unapproved AI assistants weekly, often pasting proprietary data into chat windows. That statistic has haunted compliance teams ever since.

Purview\u2019s expansion to Claude Enterprise is Microsoft\u2019s bid to close that loop. By connecting directly to Anthropic\u2019s compliance infrastructure, it pulls granular activity logs\u2014not just prompts and responses, but metadata about session times, IP addresses, file attachments, and even whether a conversation was part of a shared project. This data lands in the same Purview Audit blade that admins use to investigate insider threats or conduct eDiscovery, enabling a single pane of glass for human-to-AI interactions.

What\u2019s Being Governed: A Closer Look at the Purview\u2013Claude Connection

The integration covers five primary data streams:

Conversations: Full text of user queries and Claude\u2019s responses, along with model version and timestamps. Purview can even capture whether a user edited a prompt or regenerated a response, providing a complete interaction history.
Files: Any document, image, or dataset uploaded to a Claude conversation. Purview indexes these for content search and applies sensitivity labels if configured, meaning a confidential contract inadvertently pasted into Claude will trigger the same DLP alerts as if it were emailed externally.
Projects: Claude Enterprise lets users organize work into projects with shared context. Purview logs project creation, membership changes, and all associated conversations, giving managers a view of how teams collaborate with AI.
Logins: Every authentication event\u2014successful or failed\u2014including user identity, device, location, and browser fingerprint. MFA challenges are also recorded, strengthening identity governance.
Admin actions: Changes to Claude Enterprise settings, such as enabling new capabilities, modifying data retention policies, or whitelisting internal domains, all captured with before-and-after values.

This granularity means a healthcare provider can prove to auditors that a staff member did not paste patient data into Claude, or that an internal policy automatically blocked such an action. Similarly, a financial firm can reconstruct the exact AI interactions that preceded a trading decision, meeting SEC recordkeeping demands.

How the Integration Works

Anthropic\u2019s Compliance API serves as the bridge. Microsoft Purview connects to the API with an organization\u2019s Claude Enterprise credentials, establishes a secure channel over TLS 1.3, and begins streaming events in near real time. The architecture doesn\u2019t require installing agents on endpoints or redirecting traffic through a proxy; all data flows directly between Anthropic\u2019s cloud and the customer\u2019s Purview instance, minimizing latency and performance impact on AI workloads.

Once ingested, the data undergoes the same processing as any other Purview source. It\u2019s classified using Microsoft\u2019s trainable classifiers or custom pattern matching, checked against data loss prevention (DLP) policies, and fed into Microsoft Sentinel for security analytics. The result is that a Claude interaction becomes just another event in the enterprise log stream, searchable alongside emails, SharePoint activities, and Teams chats. For IT teams already comfortable with Purview\u2019s advanced hunting queries,