Summary of "How to secure your data while using Microsoft 365 Copilot"

How to Secure Your Data While Using [Microsoft 365](https://www.amazon.com/dp/1804611921?tag=dtdgstoreid08-20) Copilot

The video titled “How to secure your data while using Microsoft 365 Copilot“ provides a detailed analysis of data security concerns and solutions related to [Microsoft 365](https://www.amazon.com/dp/1804611921?tag=dtdgstoreid08-20) Copilot, an AI assistant integrated with Microsoft 365 services. The key focus is on how organizations can prevent unintended data exposure (“oversharing”) when using Copilot, which leverages user-permitted access to surface contextual business data.

---

Key Technological Concepts and Product Features

1. [Microsoft 365](https://www.amazon.com/dp/1804611921?tag=dtdgstoreid08-20) Copilot Data Access Model

• Copilot accesses data strictly within the permissions of the individual user in the Microsoft 365 tenant.
• It respects existing security controls such as permissions, sensitivity labels, and public/private content distinctions.
• Copilot’s responses are grounded in the user’s accessible data, leveraging an advanced form of Microsoft Search.

2. Oversharing Problem

• Occurs when data is made available to a broader audience than necessary.
• Often a result of overly permissive access controls in the tenant rather than a Copilot-specific issue.
• Copilot amplifies existing permission settings but does not create new access.

3. Microsoft Tools to Restrict Copilot Data Access

• Restricted SharePoint Search (RSS):

  • Creates an allow list of up to 100 SharePoint sites that Copilot and Microsoft Search can access.
  • Limits tenant-wide indexing to only these sites, excluding others from search results and Copilot responses.
  • Does not affect personal indexes (files users have interacted with).
  • Setup requires PowerShell; no GUI interface.
  • A blunt tool impacting all users, licensed or not, and can restrict legitimate access if not carefully managed.

• Restricted Content Discovery:

  • Works as a deny list to exclude specific sensitive SharePoint sites from Copilot and search indexing.
  • Part of SharePoint Advanced Management (SAM) add-on license, being rolled out to all Copilot users by Q1 2025.
  • Stops content from appearing in tenant-wide search or Copilot unless directly accessed by the user.
  • More targeted than RSS, useful for highly sensitive sites.

• Site-Level Search Indexing Control:

  • Allows turning off search indexing on specific SharePoint sites, achieving a similar effect to restricted content discovery for smaller scale needs.

4. Microsoft Purview Data Loss Prevention (DLP) Policy for Copilot (Preview)

• Enables applying sensitivity labels to content that prevent Copilot from processing (e.g., summarizing) that content.
• Copilot can still show such content in search results but cannot use it in AI-generated summaries.
• Currently limited to sensitivity labels and does not cover all Copilot integrations (e.g., Word).
• Represents a more nuanced, long-term approach aligned with Microsoft’s data lifecycle governance best practices.

---

Analysis and Recommendations

• Copilot does not inherently increase data risk but can reveal existing data governance weaknesses.
• Oversharing is primarily a permissions and data governance issue requiring proper rights management and sensitivity labeling.
• RSS and restricted content discovery are interim tools to mitigate risks while organizations improve their data governance.
• The new DLP policy for Copilot is a promising step towards fine-grained control but is still in preview.
• Organizations should balance risk assessment and usability; overly restrictive controls may limit Copilot’s usefulness.
• Emerging AI-specific risks like prompt injection and data exfiltration require attention beyond just access control.
• Microsoft’s recently published blueprint offers a phased approach to managing oversharing and securing Copilot use.
• The video encourages a strategic, balanced approach to AI adoption, combining better data governance with ongoing vigilance for new AI-related threats.

---

Guides and Tutorials Highlighted

• Explanation of setting up Restricted SharePoint Search via PowerShell.
• Overview of Restricted Content Discovery and its licensing requirements.
• How to disable search indexing on individual SharePoint sites.
• Introduction to the Microsoft Purview DLP policy for Copilot and its current capabilities.

---

Main Speaker

Nick Dorsi Independent consultant specializing in AI adoption for small and medium businesses, Microsoft MVP for [Microsoft 365](https://www.amazon.com/dp/1804611921?tag=dtdgstoreid08-20) Copilot, providing advisory services on AI and Microsoft 365 integration.

---

Summary

The video offers a comprehensive guide to securing data while using [Microsoft 365](https://www.amazon.com/dp/1804611921?tag=dtdgstoreid08-20) Copilot by understanding its data access model and leveraging Microsoft’s tools like Restricted SharePoint Search, Restricted Content Discovery, and Purview DLP policies. It emphasizes improving data governance and adopting a balanced, informed approach to mitigate risks without compromising AI utility.

Category

Technology

Share this summary

Share on X/Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Share on Telegram

Featured Products

Microsoft 365 Personal | 12-Month Subscription, 1 person | Word, Excel, PowerPoint | 1TB OneDrive cloud storage | PC/Mac Instant Download | Activation Required

Rating: 4.3 ⭐

SharePoint records management and metadata: Digital archiving in Office 365

Rating: 4.3 ⭐

Microsoft 365 Security, Compliance, and Identity Administration: Plan and implement security and compliance strategies for Microsoft 365 and hybrid environments

Rating: 4.8 ⭐

Video