Securing your journey to Copilot for Microsoft 365

As organisations increasingly leverage AI to enhance productivity, Microsoft 365 Copilot is quickly becoming a game-changer. But before flipping the switch, it's crucial to ensure your environment is ready. This guide walks you through the essential steps to secure your journey to Copilot, from initial assessments to advanced configurations, ensuring your deployment is as seamless and secure as possible. 

Step 1: Optimisation assessment 

The first step to secure your journey to Copilot is to do an optimisation assessment with a partner like CPS. An optimisation assessment is a comprehensive review of your Microsoft 365 environment, including your configuration, usage, and governance. It will help you identify any gaps, risks, or opportunities for improvement in your cloud journey. 

An optimisation assessment will also give you recommendations on whether you are ready to turn on Copilot or not. Copilot requires certain prerequisites, such as SharePoint Online, OneDrive for Business, and Exchange Online. It also works best with the latest version of Microsoft 365 apps, such as Word, PowerPoint, and Outlook. The assessment will help you verify that you have met these requirements and that your Microsoft 365 environment is up to date and secure. 

Step 2: Implement Restricted Search in SharePoint Online 

The next step to secure your journey to Copilot is to review the restricted SharePoint search feature. Restricted search is a setting that allows administrators to control which sites and content can show up in Copilot. You can use it to limit the scope of Copilot to only the sites and content that you trust and approve. 

You're able to add a maximum of 100 sites to the restricted search list, which includes users’ OneDrive files and content as well. If you enable restricted search, users can still go into sites that you don't have on that list as long as they have permission, they can still access their files. But those sites and content will not be suggested by Copilot.  

Restricted search is a useful feature to protect your sensitive or confidential information from being exposed or misused by Copilot. It can also help you avoid any duplication or inconsistency in your content. By using restricted search, you can ensure that Copilot only suggests relevant and approved content for your work. 

Step 3: Turn on Copilot 

With your environment optimised and restricted search configured, you’re ready to activate Microsoft 365 Copilot. But the journey doesn’t end here—this is where the real work begins. 

Step 4: Core activities 

After you turn on Copilot, you need to complete some core activities to secure and manage your Copilot experience. These activities include setting up conditional access policies, sensitivity labels, and data loss prevention policies. These are some of the key security and compliance features in Microsoft 365 that work with Copilot to protect your data and content. 

• Conditional access policies are rules that control who can access what and when in your Microsoft 365 environment. You can use them to restrict or allow access to Copilot based on factors such as user identity, device, location, or app. For example, you can require multi-factor authentication or device compliance for users who want to use Copilot. 

• Sensitivity labels are tags that classify your data and content based on their level of sensitivity. You can use them to apply protection and governance actions, such as encryption, watermarking, or retention. When a user asks Copilot to create new content or references existing files, it will inherit the sensitivity labels of the source material. For example, if Copilot references a file labelled "Confidential," the new content will also be labelled as "Confidential," ensuring that data is consistently protected. 

• Data loss prevention policies are rules that detect and prevent the leakage of sensitive information, such as credit card numbers, social security numbers, or health records. You can use them to monitor and block the sharing of such information via Copilot. For example, you can prevent a user from sending an email with a credit card number via Copilot. 

These core activities will help you secure and manage your Copilot experience, and ensure that you comply with your organisational policies and regulations. They will also help Copilot understand your data and content better, and provide more accurate and relevant suggestions. 

Step 5: Best-in-class practices 

The final step to secure your journey to Copilot is to move on to the best-in-class practices. These are the advanced features and capabilities that can enhance your Copilot experience even further. They include turning on automatic sensitivity labels that come with E5, and looking at SharePoint advanced management that gives even more features. 

• Automatic sensitivity labels are a feature that automatically applies sensitivity labels to your data and content based on predefined conditions. You can use them to save time and effort in labeling your data and content manually. For example, you can automatically label a document as confidential if it contains a certain keyword or phrase. 

• Another best-in-class practice that we recommend is to prevent data loss with Microsoft Purview Data Loss Prevention (DLP). This feature enables you to protect your sensitive data from being exposed to third-party AI applications, such as GenAI. You can use it to prevent users from pasting sensitive data into GenAI prompts within supported browsers. For example, if a user tries to paste a credit card number or a social security number into a GenAI prompt, the DLP policy will block the action and show a warning message. 

• SharePoint Advanced Management (SAM) provides best-in-class security features that significantly enhance your organisation's ability to protect data when using Microsoft 365 Copilot. With SAM, you gain advanced capabilities such as multi-stage disposition reviews, enhanced access controls, and advanced auditing, which help safeguard sensitive information and ensure compliance. However, it's important to note that SharePoint Advanced Management requires an additional licence fee on top of your existing Microsoft 365 subscriptions. 

These best-in-class practices will help you optimise and enhance your Copilot experience, and leverage the full potential of Microsoft 365. They will also help Copilot provide more intelligent and personalised suggestions for your work. 

Conclusion 

Copilot is a powerful and innovative feature in Microsoft 365 that can help you create content faster and smarter. But before you start using Copilot, you need to make sure that your Microsoft 365 environment is secure and compliant. That's why we recommend that you follow a structured approach to secure your journey to Copilot, with the help of a trusted partner like CPS. 

If you want to learn more about Copilot, or need any assistance with securing your journey to Copilot, please contact us at CPS. We are a leading Microsoft partner with extensive experience and expertise in Microsoft 365. We can help you with any of these activities, and more. We can help you transform your cloud experience with Copilot.