Tools to manage sensitive data in M365 Co-pilot
Tomi Miettunen
Security and Modern Workplace Consultant aiming to secure most important assets of the company – Productive work and data. When stepping into Ai era, these things are more important than ever.
In my last article I wrote about managing data and limiting M365 co-pilot search results. There are also tools to monitor and act on sensitive data usage on M365 Co-pilot service.
Most important one that i tackle this time is Communication Compliance, basically a DLP tool to report and review usage, which can then be used as a input for Insider risk management actions if needed. Insider risk management is basically used in the case of M365 account breach or malicious user that is collecting data from the environment.
Policy creation is not too complicated and can be scoped quite tightly for the M365 co-pilot pilot group etc. The key here as in many other security measures is to have the reviewer who is allowed to monitor the data and has time and knowledge to react for the alerts.
After scoping the users you need to scope the locations and conditions what to monitor.
Adjusting the what to monitor is the most complicated task to fit in the needs of the organization but not to create too much noise. You can use Out-Of-The-Box sensitive information types or create your own.
When these are in place just start monitoring. Communication for this type actions to users is highly advisable. Insider risk management actions together with communication compliance create and very effective tool to manage malicious actions automatically.
At this point this does not allow tooltips like regular DLP does to warn user that you are doing things that are not allowed, these are only reactive tools at the moment. Insider risk management can combine different inputs and do actions to prevent worse things happening like data exfiltration in large scale, but I cover that on my next article