Skip to main content

Quickstart

This walkthrough takes about five minutes. By the end you'll have asked a governed question, read a governance decision, and grounded an answer in a document — the whole ThreatLens loop.

Prerequisites

You need a ThreatLens account and a sign-in link from your administrator. If your organization uses single sign-on, you'll sign in with your work identity (Microsoft Entra ID or Google Workspace).

1. Sign in

Open your ThreatLens URL and sign in with your work account. You'll land in the Workspace — a chat experience built for governed AI.

2. Ask your first question

In the composer, type a normal question — for example:

Summarize the main risks of adopting generative AI in a regulated business.

Before the answer streams in, look at the Decision Banner at the top of the response. For an everyday question, it reads Allowed · Public — ThreatLens classified the request as non-sensitive and let it through.

Read the banner first

The banner always shows the decision before the answer: the classification, the action taken, the destination, and the trust level. Make a habit of reading it — it tells you exactly how your request was governed.

3. Pick an intent (optional)

Use the intent selector under the composer to tell ThreatLens what kind of task this is — General chat, Research, Document analysis, or Code assistance. You pick the purpose; ThreatLens picks the right approved model.

4. Ground an answer in a document

Attach a document so the answer is based on your real content:

  1. Open the M365 source picker in the composer.
  2. Choose a source (OneDrive or SharePoint) and pick a file — it attaches as a chip.
  3. Ask a question about it, such as "What are the key points in this document?"

ThreatLens retrieves the file only if you're allowed to access it, runs it through data-leak protection, and grounds the answer in the permitted content. If a file is withheld, the banner tells you why.

5. See a protected decision

Try attaching a document that contains sensitive data (your administrator can provide a safe sample). You'll see the difference:

  • Sensitive values are redacted before anything is sent.
  • Confidential data is routed only to an approved model.
  • Secrets are blocked entirely — and the banner says so.

What just happened

Every one of those requests was classified, governed by your organization's policy, and recorded in the audit log. That's the ThreatLens loop — and it ran automatically.

Next: understand the model behind it in Core concepts.