Claude in Microsoft Purview: what the Compliance API shows and hides
Contents
TL;DR
What’s covered Claude Enterprise (Claude.ai Enterprise contract). Claude Platform / API only emits activity events; conversation bodies are out of scope.
What Purview sees ~30 typed audit event types (auth, project ops, SSO config changes, data exports, conversation/file-level metadata), on-demand access to specific conversations and files, selective deletion.
What Purview doesn’t see Prompt and response bodies, which model was invoked, which tools Claude called.
Claude Code path Not the Compliance API — Claude Code emits via OpenTelemetry separately.
Excluded Claude.ai consumer plans, Team, Cowork (desktop), Government / sovereign cloud.
On May 21, Microsoft’s Security blog announced the Anthropic Claude connector for Microsoft Purview.
The surface message is simple — security and compliance teams can now view Claude Enterprise activity alongside other cloud apps in Purview — but what is and isn’t visible matters a lot, so it’s worth reading the announcement against Anthropic’s underlying Compliance API spec.
In particular, treating “auditable in Purview” as “all conversations are visible in Purview” leads to mismatched expectations later. Prompt and response bodies are not included in this API.
Starting from Anthropic’s Compliance API
The underlying API is Anthropic’s Compliance API, which launched in August 2025.
The May 2026 announcement takes that existing API and adds Microsoft Purview as a connector, feeding into Purview’s DSPM for AI.
Anthropic’s parallel announcement (covered via Help Net Security) frames this as a 28-vendor security and compliance integration push; Microsoft Purview is one of those 28.
Others include Cloudflare, CrowdStrike, Datadog, Netskope, Okta, Palo Alto Networks, Wiz, and Zscaler.
Broad SaaS-security coverage by design.
The Compliance API itself provides three things.
- ~30 typed audit event categories — authentication, account changes, project lifecycle, invitations, SSO config, domain verification, data exports, conversations, file uploads, and so on
- On-demand conversation and file access — pull specific conversations or uploaded files via API
- Selective deletion — for GDPR DSAR (Data Subject Access Request) and right-to-erasure workflows, target specific data and delete it
What Anthropic’s official material explicitly excludes:
- Which prompts were run
- Which model was invoked (Sonnet 4.7 vs Haiku, etc.)
- Which tools Claude called and what they returned
In other words, the Compliance API gives you “Alice started conversation X at 12:34, uploaded file Y, ran export Z” — event-level metadata plus access to the underlying content — not a live feed of “what Alice asked and how Claude answered.”
Anthropic-side data retention is 180 days.
What flows into Purview: Audit and DSPM feed
Microsoft’s blog text says: “Security and compliance teams can now detect and investigate Claude usage alongside other cloud applications in their broader AI ecosystem.” Technical detail is light.
By analogy with the existing ChatGPT Enterprise integration, the Purview-side surfaces are likely:
- Audit — events flow into Purview Audit for user tracking and investigation timelines
- DSPM for AI — events feed the cross-AI-usage dashboard alongside Shadow AI detection
- eDiscovery / Communication Compliance / Data Lifecycle Management — access to conversation/file bodies drives retention, investigation, and deletion workflows
That said, as of this writing (2026-05-26) Microsoft Learn has no Claude-specific page yet.
License-tier requirements (“which Purview SKU? does eDiscovery Premium matter, or is Standard enough?”) aren’t pinned down — waiting on Microsoft documentation.
The ChatGPT Enterprise integration sat in preview for a long time before settling into purview/ai-chatgpt-enterprise on Microsoft Learn.
The Claude integration is likely to follow the same shape, but the GA / preview status from the Microsoft blog isn’t explicit yet.
Which Claude products are in scope
From the Anthropic side, the Compliance API coverage looks like this.
| Product | Compliance API support | Notes |
|---|---|---|
| Claude Enterprise (Claude.ai chat) | Full | audit events + conversation/file bodies |
| Claude Platform / API | Partial | activity events only; no conversation bodies |
| Claude Code | Separate path | uses OpenTelemetry, not Compliance API |
| Claude Cowork (desktop) | Not covered | history stays on the user’s machine |
| Claude.ai consumer plans | Out of scope | |
| Claude.ai Team | Out of scope (Compliance API) | audit-log UI works but no API access |
| Public Sector / Government | Explicitly excluded |
Two practical takeaways.
First, Claude Code is on a separate path.
If you want Purview to see what your engineers do in the CLI, you need to ship Claude Code’s OpenTelemetry into your own observability stack separately — Purview doesn’t directly monitor the coding agent.
Second, Team plans are not covered.
Mid-sized orgs that picked Team “because it was cheaper” can’t use the Compliance-API-backed Purview integration. The Enterprise upgrade economics get decided here.
What it’s good for, what it isn’t
When you say “We can audit Claude in Purview now” internally, here’s the boundary to set.
Good for
- Per-user activity tracking (when they started, what they exported, who changed SSO config)
- Pulling or deleting a departing employee’s or investigation target’s Claude data, DSAR-style
- DSPM for AI dashboards that span ChatGPT + Claude AI usage
- Joining shadow AI detection (Claude use outside SSO) with other telemetry
Not good for
- Real-time monitoring of what prompts users send to Claude
- Alerting on specific keywords (internal codenames, confidential project names) in prompts
- Model-level usage stats (Sonnet 4.7 vs Opus 4.7)
- Tracking what Claude did via code-execution or web-search tools
- Real-time DLP (pre-send blocking)
Real-time prompt monitoring and DLP live in the network path, not the Compliance API.
Microsoft Entra Global Secure Access’s May 2026 addition — file-type filtering for genAI / SaaS — sits on that side and is a different feature path from the Compliance API.
Compared to the ChatGPT Enterprise integration
Purview taking in Claude isn’t a first — it’s a continuation of the ChatGPT Enterprise integration.
The OpenAI side already pushes audit and compliance data into Purview; Microsoft Learn has purview/ai-chatgpt-enterprise.
Orgs that want a parallel ChatGPT + Claude audit/investigation stack end up with both products on Enterprise contracts and both pushing through their respective Compliance APIs.
Anthropic’s 28-vendor announcement makes clear that Microsoft isn’t uniquely positioned — Cloudflare, Netskope, Zscaler and other network-security vendors are integrated in parallel.
Some orgs hub on Purview, some on Zscaler, depending on where their SIEM / SOAR / DSPM already lives.
One residency note.
Compliance API data is retained 180 days on the Anthropic side, and Claude is not inside the Microsoft EU Data Boundary.
”Claude inside M365 Copilot in the EU” and “Claude Enterprise activity into Purview” are separate questions; for the latter, Anthropic’s data-processing terms apply directly.
“We can audit Claude in Purview now” is a useful sentence internally — but pair it with “what’s in / what’s out,” or stakeholders will assume “all conversation content is being watched.”
Especially for dev / research orgs, surface up front that Claude Code is on its own OpenTelemetry path so there’s no surprise later.
I’ve written on this site about Claude’s AFL jailbreak case and similar topics, and the enterprise governance surface for Claude has filled in fast through late 2025 into 2026.
The Compliance API + Purview integration is the most natural entry point for orgs whose IT stack already runs on M365.