?? Microsoft 365 Copilot – Management and Protection Controls Multi-Layered Approach

Navigating the whole management and protection controls for Microsoft 365 Copilot can be a complex task, even with the extensive documentation provided by Microsoft at Microsoft Learn. Despite the comprehensive resources available, I found it challenging to present an integrated overview to my clients in a clear and cohesive manner.

To address this, I developed this multi-layered approach that follows the user's flow within Microsoft 365, making it simpler to explain and visualize the various controls through a single slider.

In this article we will explore this multi-layered approach of how to manage and protect your Microsoft 365 Copilot deployment across Identity, License & Features, Endpoint, Service, Container, and Item levels, providing a robust defense for your organization’s use of Microsoft 365 Copilot.

?This living approach will be continually updated as Microsoft introduces new controls.

?? Version History

v1.2 - 28.11.2024:

• Update to the Conditional Access Policies support for Microsoft 365 Copilot
• Update to the Web Content plugin admin control
• Introducing the Data Loss Prevention (DLP) with “Prevent Copilot from processing content” policy

v1.1 - 19.09.2024:

• Update to the Web Content plugin admin control

v1.0 - 23.07.2024:

• Initial Release

1) Identity Layer

While not directly related to Copilot for Microsoft 365, but to prevent malicious users from using Copilot for Microsoft 365 to discover and access sensitive data, the first step is to prevent them from gaining access by protecting the Identity Layer.

The available controls in this layer are:

Conditional Access Policies

Microsoft Entra Conditional Access brings signals together, to make decisions, and enforce organizational policies. Conditional Access is Microsoft's Zero Trust policy engine taking signals from various sources into account when enforcing policy decisions.

Many organizations have common access concerns that Conditional Access policies can help with such as:

• Requiring multifactor authentication for users with administrative roles
• Require multifactor authentication for all users
• Requiring multifactor authentication for Azure management tasks
• Blocking sign-ins for users attempting to use legacy authentication protocols
• Requiring trusted locations for security information registration
• Blocking or granting access from specific locations
• Blocking risky sign-in behaviors
• Requiring organization-managed devices for specific applications

For more information – Microsoft Learn: Microsoft Entra Conditional Access documentation

Protect Microsoft 365 Copilot with Conditional Access policy

Previously, Microsoft 365 Copilot was not available in the Conditional Access apps/resources picker. However, now, both Microsoft 365 Copilot and Microsoft Copilot for Security are now enabled for Conditional Access.

How to enable and create the Conditional Access policy for Microsoft 365 Copilot:

1- Create targetable service principals for the service Enterprise Copilot Platform (Microsoft 365 Copilot) using PowerShell

New-MgServicePrincipal -AppId fb8d773d-7ef8-4ec0-a117-179f88add510        

2- Create the Conditional Access policy

Under Target resources > Resources (formerly cloud apps) > Include > Select resources, select:

Enterprise Copilot Platform fb8d773d-7ef8-4ec0-a117-179f88add510 (Microsoft 365 Copilot)

3- Finalize your Conditional Access policy configuration.

For more information – My Post: Make Microsoft 365 Copilot more secure with Conditional Access policy

For more information – Microsoft Learn: Protect AI with Conditional Access policy

Privileged Identity Management (PIM)

Privileged Identity Management (PIM) provides a time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions to important resources. These resources include resources in Microsoft Entra ID, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.

For more information – Microsoft Learn: Privileged Identity Management documentation

Microsoft Purview Privileged Access Management

Microsoft Purview Privileged Access Management helps protect your organization from breaches and helps to meet compliance best practices by limiting standing access to sensitive data or access to critical configuration settings. Enabling privileged access management for Exchange Online in Microsoft 365 allows your organization to operate with zero standing privileges and provide a layer of defense against standing administrative access vulnerabilities.

?Privileged access management will be available in other Office 365 workloads beyond Exchange in the future.

For more information – Microsoft Learn: Privileged access management

2) License & Features Layer

At this layer you can manage the Copilot for Microsoft 365 license service plans, and feature controls to enable/disable components of the Copilot for Microsoft 365 experience for your end users.

The available controls in this layer are:

Copilot for Microsoft 365 License & Service Plans

The Copilot for Microsoft 365 license contains various service plans, where every service plan control specific part of the Copilot for Microsoft 365 experience. When a user is assigned a license, all Copilot for Microsoft 365 service plans are made available to the user from that license. Admins can control parts of the Copilot for Microsoft 365 experience by removing the specific service plan from the user.

For more information – Microsoft Learn: Service Plans for Copilot for Microsoft 365

Office Connected Experiences

If you turn off connected experiences that analyze content for Microsoft 365 Apps on Windows or Mac devices in your organization, Microsoft Copilot for Microsoft 365 features won’t be available to your users in the following apps:

• Excel
• PowerPoint
• OneNote
• Word

For more information – Microsoft Learn: Microsoft Copilot for Microsoft 365 and policy settings for connected experiences

Web Content Plugin Control

When the web content plugin is enabled, Microsoft 365 Copilot may fetch information from the Bing Search service when information from the web will help provide a better, more grounded response.

The primary way IT admins can control web search access using the “Allow web search in Copilot” policy in Cloud Policy service for Microsoft 365. This policy enables turning web search on or off for users or groups, ensuring compliance with organizational policies and data privacy laws.

If the IT admin enables the Allow web search in Copilot policy, they have three options for web search in Copilot:

1. Enabled in Microsoft 365 Copilot and Microsoft Copilot
2. Disabled in Microsoft 365 Copilot and Microsoft Copilot
3. Disabled in Microsoft 365 Copilot Work mode; Enabled in Microsoft 365 Copilot Web mode and Microsoft Copilot

If the IT admin doesn’t configure the?“Allow web search in Copilot”?policy, the status of web search in Microsoft 365 Copilot and Microsoft Copilot is determined by the "Allow the use of additional optional connected experiences in Office" policy.

?If both policies are configured, the “Allow web search in Copilot” policy will override and take precedence over the "Allow the use of additional optional connected experiences in Office" policy.

?? Disabling the optional connected experiences restricts Microsoft Copilot, Microsoft 365 Copilot, and multiple experiences across Microsoft 365.

If the IT admin turns on web search for Microsoft 365 Copilot users, those users still have the option to turn off web search by using the Web content toggle. The Web content toggle isn’t available as part of the Microsoft Copilot experience.

For more information – Microsoft Learn: Data, privacy, and security for web queries in Copilot for Microsoft 365

3) Endpoint Layer

To prevent malicious users from compromising devices or using compromised devices to gain access to Copilot for Microsoft 365 you should also secure your endpoint/devices. This covers both the device and the applications that users interact with on the device.

The available controls in this layer are:

Microsoft Intune

Microsoft Intune is a cloud-based service that falls under the umbrella of Mobile Device Management (MDM). It’s designed to help organizations manage and secure their devices, including phones, tablets, and PCs running various operating systems like Windows, iOS, macOS, Android, and Chrome OS1. Intune allows for the management of device features, deployment of software, enforcement of policies, and monitoring of devices to ensure they are secure, up-to-date, and compliant with organizational policies.

Intune Mobile Device Management (MDM)

The process that enables device management for a device is called device enrollment. The device enrollment process establishes a relationship between the user, the device, and the Microsoft Intune service. Using Microsoft Intune as a standalone service enables you to use a single web-based administration console to manage Windows PCs, macOS, and the most popular mobile device platforms.

For more information – Microsoft Learn: Manage your devices and control device features in Microsoft Intune

Intune App Protection Policies (APP)

Intune App Protection Policies (APP), sometimes referred to as Mobile Application Management (MAM), protect corporate data even if a device itself is not managed. This allows you to enable bring-your-own (BYO) and personal devices at work where users may be reluctant to “enroll” their device into management. APP ensure corporate data in the apps you specify cannot be copied and pasted to other apps on the device.

? Intune App Protection Policies (APP) can stop the accidental or deliberate copying of content generated by Copilot to apps that are not on the list of allowed apps on a device. APP can reduce the potential damage of an attacker who uses a compromised device.

For more information – Microsoft Learn: Manage your apps and app data in Microsoft Intune

Microsoft Defender XDR

Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Microsoft Defender XDR helps security teams protect and detect their organizations by using information from other Microsoft security products, including:

• Microsoft Defender for Endpoint
• Microsoft Defender for Office 365
• Microsoft Defender for Identity
• Microsoft Defender for Cloud Apps
• Microsoft Defender Vulnerability Management
• Microsoft Entra ID Protection
• Microsoft Data Loss Prevention
• App Governance

Microsoft Defender for Cloud Apps delivers full protection for SaaS applications, helping you monitor and protect your cloud app including Generative AI Apps.

For more information – Microsoft Blog: Discover, monitor and protect the use of Generative AI apps

By enabling the integration with Defender for Endpoint, you can seamlessly block access to unsanctioned apps with a single click in the Defender for Cloud Apps portal.

With this you will be able to block any Generative AI Apps or even Microsoft Copilot (Copilot in Bing).

For more information – Microsoft Learn: Integrate Microsoft Defender for Endpoint with Microsoft Defender for Cloud Apps

Microsoft Purview Data Loss Prevention can help organizations create policies that prevent their users from pasting sensitive data to Generative AI Apps/specific websites.

For more information – Microsoft Learn: Configure endpoint data loss prevention settings - Browser and domain restrictions to sensitive data

4) Service Layer

Then we reach the service layer, where we can manage how Copilot for Microsoft 365 search and find information within SharePoint and OneDrive for Business.

The available controls in this layer are:

Restricted SharePoint Search

Restricted SharePoint Search is a feature that allows you to disable organization-wide search, and to restrict both Microsoft Search and Copilot experiences to a curated set of SharePoint sites of your choice. Additionally, whether you have enabled Microsoft Search or Restricted SharePoint Search, users in your organization will still be able to interact with files and content they own or that they have previously accessed in Copilot. So, in another word this is a not a security trimming feature!

Microsoft's created the “Restricted SharePoint Search” to give some enterprises the time to review and audit site permissions. It is designed to help you maintain momentum with your Copilot deployment while you implement robust data security solutions. And I appreciate that Microsoft is making it clear that this is a short-term solution.

? My recommendation is to avoid turning on the “Restricted SharePoint Search” and perhaps you can try a different approach by limiting the access to “Microsoft Copilot with Graph-grounded chat” for example as this is where most of the oversharing risk is now.

For more information – My Post: Restricted SharePoint Search - With great power comes great responsibility!

For more information – Microsoft Learn: Restricted SharePoint Search

5) Container Layer

At this layer we will have the controls to allow or prevent end users from utilizing Copilot for Microsoft 365 to have access at the containers level, such as SharePoint sites and OneDrive for Business sites.

The available controls in this layer are:

Standard Access Permissions

Microsoft Copilot for Microsoft 365 only surfaces organizational data to which individual users have at least view permissions. It's respecting the permission models available in Microsoft 365 services, such as SharePoint/OneDrive for Business, to help ensure the right users or groups have the right access to the right content within your organization.

For more information – Microsoft Learn: Sharing and permissions in the SharePoint modern experience

Excluding Content on a Site from Microsoft Search & Copilot for Microsoft 365

As a site owner, you can choose whether the content on your site can appear in search results. By default, all site content can appear in search results. The person who's viewing search results must have permission to view the content.

? Microsoft Search and Copilot for Microsoft 365 support the exclusion of SharePoint online content from the tenant-level index.

For more information – Microsoft Learn: Excluding SharePoint Online Sites

Restricted Content Discoverability (RCD) – “Advanced per Site control”

?SharePoint Advanced Management license required

This control functions like the previous one, except that the site result is not accessible through Copilot for Microsoft 365 & Microsoft Search at the global level. However, you can still search and find files only within the site itself.

For more information: Prepare content for Microsoft Copilot w/ SharePoint Content Governance

SharePoint Advanced Management “Access Restriction Policy”

With Restrict SharePoint site access with Microsoft 365 groups and Entra security groups?- You can restrict the access of a SharePoint site and its content only to the members of Microsoft 365 group (for group-connected sites) or a security group (for non-group connected sites). Users who aren't in the specified groups won't have access to site content even if they previously had site access permissions or a file sharing link.

Also, with Restrict OneDrive content access?- You can limit access to shared content in a user's OneDrive to people in a security group. The OneDrive access restriction policy prevents anyone who is not in the security group from accessing content in that OneDrive even if it's shared with them.

? Copilot for Microsoft 365 fully supports the “Access Restriction Policies” with SharePoint Advanced Management.

For more information – My Article: Microsoft Search & Copilot for Microsoft 365 support for Sensitivity Labels, Data Loss Prevention Policies and Restricted SharePoint sites with SAM

For more information – Microsoft Learn: Microsoft SharePoint Premium - SharePoint Advanced Management overview

6) Item Level

At this layer we will have the controls to allow or prevent end users from utilizing Copilot for Microsoft 365 to have access at the items level, such as SharePoint/OneDrive for Business files and Exchange emails.

The available controls in this layer are:

Standard Access Permissions

Similar to the container layer Microsoft Copilot for Microsoft 365 only surfaces items to which individual users have at least view permissions. It's respecting the permission models available in Microsoft 365 services, such as SharePoint/OneDrive for Business and Exchange online.

When users want to share files and folders in Microsoft 365, they can create a shareable link that gives access to the item. Depending on the type of link, Copilot for Microsoft 365 has different ways of interacting with it.

For more information – My Article: Copilot for Microsoft 365 Data Ready – Where “Everyone except external users” group is more risky than “People in your organization” links!

For more information - Microsoft Learn: How shareable links work in OneDrive and SharePoint in Microsoft 365

Sensitivity Label with Double Key Encryption (DKE)

Double Key Encryption (DKE) enables you to protect your highly sensitive data to meet specialized requirements. DKE lets you maintain control of your encryption keys. It uses two keys to protect data; one key in your control and a second key you store securely in Microsoft Azure.

? Because Double Key Encryption (DKE) is intended for your most sensitive data that is subject to the strictest protection requirements, Copilot can't access this data. As a result, items protected by DKE won't be returned by Copilot, and if a DKE item is open (data in use), you won't be able to use Copilot in the app.

For more information – Microsoft Learn: What is Double Key Encryption (DKE)?

Sensitivity Label with “User-defined permissions”

Copilot can't access unopened documents in SharePoint & OneDrive when they're labeled and encrypted with user-defined permissions. Copilot can access these documents for a user only when they're open in the app (data in use).

For more information – Microsoft Learn: Considerations for Data Security Posture Management for AI & data security and compliance protections for Copilot

Sensitivity Label with “Apply encryption and assign permissions”

When you create a sensitivity label, you can restrict access to content that the label will be applied to (Apply encryption and assign permissions). For example, with the encryption settings for a sensitivity label, you can protect content so that only users within the marketing department can open a confidential document or email.

? Copilot for Microsoft 365 fully supports sensitivity labels. You can only get the files as a result if you have at least view permissions based on the sensitivity labels permission (Combined with SharePoint permissions). And if you don't have the EXTRACT usage right, you might get the file as a part of the Copilot response, but Copilot will not examine the file content and take anything from it to add to the response.

For more information – My Article: Microsoft Search & Copilot for Microsoft 365 support for Sensitivity Labels, Data Loss Prevention Policies and Restricted SharePoint sites with SAM

For more information – Microsoft Learn: Restrict access to content by using sensitivity labels to apply encryption

Sensitivity Label with “BlockContentAnalysisServices”

The setting lets you prevent content in Word, Excel, PowerPoint, and Outlook from being sent to Microsoft for content analysis as a privacy control. When it's set, it means that some services won't work as designed, such as data loss prevention policy tips for Outlook, automatic and recommended labeling, and Copilot for Microsoft 365

You cannot use the Microsoft Purview portal or the Microsoft Purview compliance portal for this configuration. You have to connect to Security & Compliance PowerShell and then use the PowerShell advanced setting BlockContentAnalysisServices with the Set-Label or New-Label cmdlet.

?Although content with the configured sensitivity label will be excluded from Copilot for Microsoft 365 in the named Office apps (Data in use), the content remains available to Copilot for Microsoft 365 for other experiences. For example, in Copilot Chat.

For more information – Microsoft Learn: Manage sensitivity labels in Office apps

Data Loss Prevention (DLP) with “Restrict access or encrypt the content in Microsoft 365 locations”

Microsoft Purview Data Loss Prevention (DLP) protect sensitive information within an organization by implementing policies that identify, monitor, and protect data across Microsoft 365 services, Office applications, endpoints, non-Microsoft cloud apps, and on-premises environments.

? Copilot for Microsoft 365 fully supports Data Loss Prevention Policies. This means that if a file falls under a Data Loss Prevention policy that has the action “Restrict access or encrypt the content in Microsoft 365 locations, Block everyone”, only the owner, the last editor, and the site admin can access the file through SharePoint & Copilot for Microsoft 365.

For more information – My Article: Microsoft Search & Copilot for Microsoft 365 support for Sensitivity Labels, Data Loss Prevention Policies and Restricted SharePoint sites with SAM

For more information – Microsoft Learn: Data Loss Prevention policy reference

Data Loss Prevention (DLP) with “Prevent Copilot from processing content”

Microsoft Purview Data Loss Prevention (DLP) can prevent items with specific sensitivity labels from being used in Microsoft 365 Copilot responses. By creating DLP policies that exclude these items with Content contains > Sensitivity labels condition, their content won't be used in the responses, though they may appear in citations.

For more information – Microsoft Learn: Learn about the Microsoft 365 Copilot policy location

Summary

As you see Copilot for Microsoft 365 has a management and protection controls multi-layered approach. From ensuring the security of the Identity Layer through Conditional Access Policies and Privileged Identity Management (PIM) as a fundamental to preventing unauthorized access. The License & Features Layer allows for detailed control over which aspects of Copilot are accessible, while the Endpoint Layer, managed via Microsoft Intune and Microsoft Defender XDR, secures the devices interacting with Copilot. At the Service Layer, managing search capabilities within SharePoint and OneDrive ensures data remains within designated boundaries. Finally, at the Container and Item Levels, implementing robust access permissions, sensitivity labels, and data loss prevention policies further safeguards organizational data.

By integrating these layers of protection, organizations can effectively mitigate the risks associated with the use of Copilot for Microsoft 365, ensuring a secure and compliant environment.

Sharing Is Caring!

#MicrosoftCopilotTips #ModernWorkplaceAI #CopilotForMicrosoft365