Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
09 3154 6677
Most powerful knowledge management solutions

Solu Digital provides knowledge management and analysis models for today’s complex businesses.

Ensure data security before rolling out Copilot


Successfully rolling out Microsoft Copilot for Microsoft 365 with emphasis on data security, compliance, and access to information.

Getting the basics of data security right

Microsoft Copilot for Microsoft 365 is ready to be deployed in businesses large and small, but how prepared are businesses? Microsoft recommends checking data security, compliance are access before implementing Copilot. What does that mean in practice?

Zero trust thinking assumes that any data connection or service request may originate from an uncontrolled part of the network and that every connection and request should be handled accordingly with zero trust. As the name suggests, this strategy directs us to always verify the origins of each information or request. In practice, information environment administrators are required to control that:

  • users’ identity and access rights are always verified,
  • user rights are assigned only for an actual need and only for as short a time as is necessary,
  • data access reports and security tools available are utilized continuously and as comprehensively as possible.

Since Microsoft Copilot for Microsoft 365 opens a new view of the entire organization’s information capital, it is worth ensuring that the above-mentioned basic information security issues have been considered before implementation.

The Dall-E language model-based AI solution created this image of Zero Trust according to my prompt.

Access to content

Like an evolved search service, Copilot offers the organization new perspectives and routes to information. Although the information has been there all along, it may have been hidden from many before Copilot, and with that, the information gets new audiences, i.e., new users.

Sharing links made from the content of SharePoint and Teams groups with the entire organization is usually known or used by only a few users. Nevertheless, access is given to all users of the whole organization. Copilot finds the content behind such links and bases its user-specific responses on them as well.

A broad setting, “Company Xyz people”, has been used as the default value for sharing in many SharePoint Online sites for years, and neither users nor admins have noticed to check the settings. In most cases, it has been enough that the link works for its intended users.

Now is the time to change the way you operate, pay attention to the default sharing settings, and when implementing Copilot, find out if sharing links have been made to content that should be less widely discoverable and exploitable with artificial intelligence.

SharePoint Advanced Management (SAM) provides reports that can be used to identify the sites where sharing links can be found. However, these reports do not reveal individual documents where unnecessary sharing has been used. Such links can be easily identified using a PowerShell script and then asking the content owners to fix the links.

SharePoint Advanced Management (SAM) belongs to the entity formerly known as Microsoft Syntex, a large part of which is now known as SharePoint Premium.

As the name suggests, SAM contains various controls and reports for efficiently managing the SharePoint environment, including policies to block file downloads, SharePoint site-level change history reports, default values for SharePoint library confidentiality tags, and SharePoint site lifecycle management, to name a few.

It is worth noting that SAM is a tool based on an additional license that expands the features included in the Microsoft 365 subscription and offers completely new ones in addition to them. A SAM license is required for all users in the organization, although it does not need to be assigned to everyone.

Confidential information and data compliance in general, can be enforced and monitored with Microsoft Purview sensitivity labels and policies.

Another challenge for accessing information may be that only some necessary information is within Copilot’s reach, which can be because the information is outside Microsoft 365. Content migration to Microsoft 365 is sometimes required and wise if, at the same time, we get rid of outdated system versions. However, it is not a necessary condition for using Copilot with external data sources:

  • Graph Connectors make it easy to bring external data sources within the reach of Microsoft search indexing and Copilot.
  • With the help of plugins, Copilot can be effectively extended to utilize external data sources over ready-made programming interfaces.

Goals, experience, and tools, to support deployment

The driver for introducing Copilot is often a need experienced and expressed by knowledge workers. According to Microsoft, some 64% of knowledge workers feel they lack the time and resources to accomplish all the tasks they have been given. 70% say they are ready to delegate as many tasks as possible to artificial intelligence.

These goals of the organization deploying Copilot may seem self-evident in the light of these statistics, but it may still be good to stop for a moment and ask where the aim of deploying Copilot is, and how this could be possible to reach.

Copilot deployment for the entire organization should be ensured by securing in advance, even if informally, the support of senior management, those responsible for legal affairs, IT services, and business management.

It is a good idea to dismantle previously implemented pilot with Copilot and analyze all available metrics and reporting. It is a good idea to raise any problems and doubts that may have been detected within your organization. If at this point no pilot deployment is under your belt, it’s worth starting there.

Copilot advocates in your organization may need to be asked for support, help, and advise others, for example, with writing prompts. Copilot for Microsoft 365 lab is a handy tool for training safe interaction with Copilot. Microsoft’s AI Help and Learning site offers tips on how to use Copilot for Microsoft 365 and other Copilots efficiently.

Read more about artificial intelligence:

Contact us and we’ll help ensure your organization is ready to adopt Copilot smoothly!

Henry Scheinin
Leading consultant, Partner

Subscribe to our newsletter

Subscribe to our newsletter digested from our experts' articles.


Copyright © 2024 Solu Digital