As Copilot and AI advance, extending their capabilities within the workplace, businesses are often left wondering how their data and sensitive information are protected and secured.
Microsoft 365 provides tools designed to manage and strengthen data security within your organization. Let's investigate how Copilot works with other Microsoft 365 features to protect your data during and after use.
The Role of Data Security in Microsoft 365 Copilot
Microsoft 365 Copilot assists users in various tasks, from drafting emails to analyzing data. However, its capabilities extend beyond productivity. Microsoft 365 Copilot’s basic architecture is designed to keep your data in your tenant.
Copilot leverages Microsoft’s security controls for file access, labeling, classification, and data loss prevention to provide a secure environment for your operations.
A Real-World Example of how Microsoft 365 Copilot Works
This video highlights an example where two team members do not share the same access rights to specific files despite working together on a project. You’ll see how Copilot will adhere to access controls and leverage those same security features to then automatically label the new content it creates as confidential.
Two colleagues, Violet and Mario, are working together on a project but have different levels of access to a confidential document. Violet, who has been granted access, is able to use Copilot to summarize the document. On the other hand, Mario does not have the required permissions and therefore cannot view or interact with the file through Copilot. If he tries to access the location of the file directly, the folder will appear empty to him because of the existing file permissions.
Security and Compliance Controls
While the security, compliance, and access controls vary (as seen below) between Office E3, Business Premium/ Microsoft 365 E3, and Microsoft 365 E5; Copilot respects the existing data security controls of your files.
Microsoft Purview: Comprehensive Data Governance
Microsoft Purview is a powerful tool that enhances data governance and compliance. It provides a comprehensive view of your data landscape, helping you manage and protect your information effectively. Here’s how it complements Copilot:
- Data Discovery and Classification: Purview automatically discovers and classifies data across your organization. This helps in identifying and protecting sensitive information, ensuring compliance with data protection regulations.
- Risk Management: By identifying potential risks and vulnerabilities, Purview enables you to take proactive measures to mitigate them. This keeps your data secure and compliant with industry standards.
- Audit Trails: Purview maintains detailed audit trails of data activities. This transparency helps in tracking data access and modifications, making it easier to identify and address any security issues.
Microsoft Purview AI Hub: Advanced Data Governance
Microsoft Purview AI Hub provides deeper insights and more granular control over your data. Here’s how it works with Copilot and Purview:
- Advanced Data Classification: Purview AI Hub uses AI to classify data based on its sensitivity and context. This helps in identifying and protecting sensitive information more accurately.
- Enhanced Risk Management: With AI-driven insights, Purview AI Hub identifies potential risks and vulnerabilities more effectively. This allows for more proactive and precise risk mitigation strategies.
- Comprehensive Audit Trails: Purview AI Hub provides even more detailed audit trails, offering a clearer view of data activities and ensuring compliance with stringent data protection regulations.
If you want to start using Copilot while setting up data governance, compliance controls or review/audit site permissions, there are ways to restrict the data that Copilot uses when prompted.
Restricted SharePoint Search: Controlled Access to Information
While meant to be temporary, this solution gives you the time to review and audit site permissions, and when enabled, Copilot experiences and organization-wide searches are limited to:
- A list of curated SharePoint sites (up to 100) set up by admins while honoring existing permissions on the site.
- Users’ OneDrive for Business, chats they’re a part of, emails they send and receive, calendars they have access to, etc.
- Files that are shared with and accessed by users.
- Content from users’ frequently visited sites.
This feature does not affect the site’s index or associated Data Loss Prevention (DLP) and labeling policies.
SharePoint Site-Settings
You may also leverage SharePoint Site Settings to restrict and remove sites from your semantic index, keeping these sites from being searchable. This also applies to SharePoint Search, offering an alternative strategy for managing access.
Conclusion
Microsoft 365 Copilot respects your business’s security controls and when combined with Purview, Purview AI Hub, SharePoint Restricted Search or SharePoint Site-settings, businesses are able to keep their sensitive information even more protected, compliant, and controlled. To learn more about how your company will utilize these advanced functionalities, check out our Copilot and Data Security engagement and request a meeting to discuss.
Access our recent webinar to hear more details on data security with Microsoft 365 solutions and Copilot. We invite you to visit our events page and join one of our future briefings, filled with up-to-date information on protecting your data during the adoption of Copilot and AI.