Protecting Data in Microsoft Copilot - MS Copilot

Microsoft’s long-awaited AI (artificial intelligence) solution has arrived!

Microsoft Copilot is a powerful AI-powered productivity tool that can help enhance creative and collaborative projects, whilst honing skills and focus. As the name infers, ‘Co-Pilot’ works alongside you in Microsoft 365 applications, including every favourite, Word, Excel, PowerPoint, and Outlook. Microsoft’s new AI tool supports with efficient project management by undertaking tasks such as drafting documents, summarising text, and finding information on the user’s behalf.

But it is critical that businesses keep in mind what data is being used. Copilot will utilise Office 365 data, extracting from sources such as SharePoint, OneDrive, and even busy inboxes. With potentially sensitive, private, or confidential data spread across your O365 suite, there’s a costly risk that even with the best intentions AI could expose protected information.

So, how does your business ensure that its data remains secure while taking advantage of this innovative technology? In this post, CSI’s Azure specialists explore how to protect your data when using Microsoft Copilot, focusing on key Microsoft products like Azure Information Protection (AIP), data governance, and data loss prevention (DLP).

Understanding Microsoft Copilot

Microsoft Copilot is an AI-powered productivity tool that uses large language models to help you with tasks in Microsoft 365 apps.

Microsoft’s AI can perform tasks like text generation or language translation. Copilot can even ‘write’ different kinds of creative content, such as company updates or client-facing blogs. A more common, everyday use, sees Copilot answering routine questions, helping to locate the right information quickly.

CSI delivers CoPilot

Classifying and Protecting Your Data with Azure Information Protection (AIP)

One of the first critical steps in protecting your data when using Copilot is to identify what kind of data you have and how sensitive it is. This is where Azure Information Protection becomes key in understanding your types of data. AIP is a cloud-based solution that helps you discover, classify, label, and protect your data across different locations and devices.

By using AIP, a business can ensure that its data is properly labelled and protected, helping to comply with various regulations such as HIPAA (Health Insurance Portability and Accountability Act, 1996) and GDPR (General Data Protection Regulation).

As a key example, a business could use AIP to classify customer data as “confidential” and then apply a set of security controls to that data set, such as requiring users to enter a password before they can access it. These technical controls create a kind of security baseline, controlling the ebb and flow of your O365 data and supporting confidentiality, privacy and all-round guarding data that requires strict levels of compliance.

Implementing Data Governance Policies and Processes

Data governance is the set of policies and processes that ensure the effective and efficient use of information in your organisation. It covers aspects such as data quality, data security, data privacy, and data lifecycle.
By implementing data governance in your organisation, you can manage the risks associated with data, such as breaches, leaks, errors, or misuse. It also helps you optimise the value of data by enabling better decision-making, innovation, and performance.

For example, administrators can create a data governance policy that requires all employees to use Microsoft Copilot in a secure fashion. This policy could include requirements such as using strong passwords, not sharing Copilot-generated content with unauthorised users, and deleting Copilot-generated content when it is no longer needed.

Protect your data with MS CoPilot.

Applying Data Loss Prevention (DLP) Rules and Actions

Data loss prevention (DLP) is a technology that helps you prevent your data from being leaked, stolen, or misused by unauthorised parties. DLP can help you detect and block sensitive data from leaving your organisation, alert users, or administrators when a potential data breach occurs, and enforce remediation actions such as deleting, quarantining, or encrypting the data.

For example, you can create a DLP rule that prevents users from exporting confidential customer data from Microsoft Copilot. This rule would be triggered if a user tries to export a document that is classified as “confidential” to a USB drive or email.

Monitoring and Auditing Your Data Activities

Monitoring and auditing your data activities is crucial to data security. It helps you detect and respond to any anomalies or threats that may compromise your data, investigate, and resolve any data breaches or incidents that may occur, and identify and address any gaps or weaknesses in your data security posture.

For example, you can enable logging and auditing for your Microsoft 365 environment to track all user activity in Copilot. This will allow you to see who is using Copilot, what they are doing with it, and when they are doing it.

By following these steps, you can ensure that your data is secure while using Microsoft Copilot. With a little planning and effort, you can harness the power of AI without compromising your data security.

CSI’s Copilot Capabilities Bring AI to Your Business

Microsoft Copilot is an exciting, powerful use of artificial intelligence that can meaningfully and beneficially improve an organisation’s ability to collaborate, create and manage its O365 workflows. It’s even possible to think of Microsoft’s Copilot beyond a content engine, as a kind of smart assistance that can help employees regain better focus and tackle time-sensitive, demanding workloads.

However, onboarding a new AI resource also requires a business to take precautions in protecting data from unauthorised access, use, or disclosure.

Get in touch with CSI today to see how we can help you secure your environment whilst deploying Copilot. As your competitors start to embrace new technologies, get your business ready for the future with AI and gain a competitive edge!

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_cfuvid	session	Description is currently not available.
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.

How to Protect Your Data When Using Microsoft Copilot