1 00:00:03,030 --> 00:00:06,180 Not all generative AI is created equal. 2 00:00:06,180 --> 00:00:09,090 In fact, if data security or privacy-related concerns 3 00:00:09,090 --> 00:00:10,950 are holding your organization back, 4 00:00:10,950 --> 00:00:12,780 today I'll show you how the combination 5 00:00:12,780 --> 00:00:16,410 of Microsoft 365 Copilot and the data security controls 6 00:00:16,410 --> 00:00:19,560 in Microsoft Purview provide an enterprise-ready platform 7 00:00:19,560 --> 00:00:21,480 for GenAI in your organization. 8 00:00:21,480 --> 00:00:24,660 This way, GenAI is seamlessly integrated into your workflow 9 00:00:24,660 --> 00:00:26,647 across familiar apps and experiences, 10 00:00:26,647 --> 00:00:29,040 all backed by unmatched data security 11 00:00:29,040 --> 00:00:32,820 and visibility to minimize data risk and prevent data loss. 12 00:00:32,820 --> 00:00:35,550 First, let's level set on a few Copilot security 13 00:00:35,550 --> 00:00:37,200 and privacy basics. 14 00:00:37,200 --> 00:00:39,240 Whether you're using the free Copilot Chat 15 00:00:39,240 --> 00:00:41,640 that's included with Microsoft 365 16 00:00:41,640 --> 00:00:44,430 or have a Microsoft 365 Copilot license, 17 00:00:44,430 --> 00:00:46,800 they both honor your existing access permissions 18 00:00:46,800 --> 00:00:49,590 to work information in SharePoint and OneDrive, 19 00:00:49,590 --> 00:00:51,960 your Teams meetings and your email, 20 00:00:51,960 --> 00:00:53,820 meaning generated AI responses 21 00:00:53,820 --> 00:00:56,763 can only be based on information that you have access to. 22 00:00:57,600 --> 00:00:59,880 Importantly, after you submit a prompt, 23 00:00:59,880 --> 00:01:02,310 Copilot will retrieve relevant index data 24 00:01:02,310 --> 00:01:03,720 to generate a response. 25 00:01:03,720 --> 00:01:04,890 The data only stays 26 00:01:04,890 --> 00:01:08,100 within your Microsoft 365 service trust boundary 27 00:01:08,100 --> 00:01:09,660 and doesn't move out of it. 28 00:01:09,660 --> 00:01:11,130 Even when the data is presented 29 00:01:11,130 --> 00:01:13,950 to the large language models to generate a response, 30 00:01:13,950 --> 00:01:15,900 information is kept separate to the model, 31 00:01:15,900 --> 00:01:17,430 and is not used to train it. 32 00:01:17,430 --> 00:01:19,500 This is in contrast to consumer apps, 33 00:01:19,500 --> 00:01:22,050 especially the free ones, which are often designed 34 00:01:22,050 --> 00:01:23,490 to collect training data. 35 00:01:23,490 --> 00:01:25,200 As users upload files into them 36 00:01:25,200 --> 00:01:27,000 or paste content into their prompts, 37 00:01:27,000 --> 00:01:30,180 including sensitive data, the data is now duplicated 38 00:01:30,180 --> 00:01:31,920 and stored in a location outside 39 00:01:31,920 --> 00:01:35,130 of your Microsoft 365 service trust boundary, 40 00:01:35,130 --> 00:01:36,900 removing any file access controls 41 00:01:36,900 --> 00:01:39,420 or classifications you've applied in the process, 42 00:01:39,420 --> 00:01:41,640 placing your data at greater risk. 43 00:01:41,640 --> 00:01:43,500 And beyond being stored there for indexing 44 00:01:43,500 --> 00:01:45,120 or reasoning, it can be used 45 00:01:45,120 --> 00:01:47,520 to retrain the underlying model. 46 00:01:47,520 --> 00:01:49,710 Next, adding to the foundational protections 47 00:01:49,710 --> 00:01:51,990 of Microsoft 365 Copilot, 48 00:01:51,990 --> 00:01:54,780 Microsoft Purview has activity logging built in 49 00:01:54,780 --> 00:01:55,920 and helps you to discover 50 00:01:55,920 --> 00:01:57,720 and protect sensitive data 51 00:01:57,720 --> 00:01:59,310 where you get visibility into current 52 00:01:59,310 --> 00:02:01,410 and potential risks, such as the use 53 00:02:01,410 --> 00:02:05,430 of unprotected sensitive data in Copilot interactions, 54 00:02:05,430 --> 00:02:06,842 classify and secure data 55 00:02:06,842 --> 00:02:08,940 where information protection helps you 56 00:02:08,940 --> 00:02:11,730 to automatically classify, and apply sensitivity labels 57 00:02:11,730 --> 00:02:15,210 to data, ensuring it remains protected even when it's used 58 00:02:15,210 --> 00:02:18,941 with Copilot, and detect and mitigate insider risks 59 00:02:18,941 --> 00:02:20,220 where you can be alerted 60 00:02:20,220 --> 00:02:22,890 to employee activities with Copilot that pose a risk 61 00:02:22,890 --> 00:02:24,780 to your data, and much more. 62 00:02:24,780 --> 00:02:26,010 Over the next few minutes, 63 00:02:26,010 --> 00:02:28,800 I'll focus on Purview capabilities to get ahead of 64 00:02:28,800 --> 00:02:31,320 and prevent data loss and insider risks. 65 00:02:31,320 --> 00:02:34,140 We'll start in Data Security Posture Management 66 00:02:34,140 --> 00:02:36,390 or DSPM for AI for short. 67 00:02:36,390 --> 00:02:39,270 DSPM for AI is the one place to get a rich 68 00:02:39,270 --> 00:02:42,750 and prioritized bird's eye view on how Copilot is being used 69 00:02:42,750 --> 00:02:44,310 inside your organization 70 00:02:44,310 --> 00:02:46,740 and discover corresponding risks, 71 00:02:46,740 --> 00:02:48,000 along with recommendations 72 00:02:48,000 --> 00:02:49,710 to improve your data security posture 73 00:02:49,710 --> 00:02:52,110 that you can implement right from the solution. 74 00:02:52,110 --> 00:02:54,780 Importantly, this is where you'll find detailed dashboards 75 00:02:54,780 --> 00:02:58,890 for Microsoft 365 Copilot usage, including agents. 76 00:02:58,890 --> 00:03:01,500 Then in Activity Explorer, we make it easy 77 00:03:01,500 --> 00:03:04,156 to see recent activities with AI interactions 78 00:03:04,156 --> 00:03:06,210 that include sensitive information types, 79 00:03:06,210 --> 00:03:09,240 like credit cards, ID numbers or bank accounts. 80 00:03:09,240 --> 00:03:11,760 And you can drill into each activity to see details, 81 00:03:11,760 --> 00:03:15,030 as well as the prompt and response text generated. 82 00:03:15,030 --> 00:03:17,040 One tip here, if you are seeing a lot 83 00:03:17,040 --> 00:03:18,930 of sensitive information exposed, 84 00:03:18,930 --> 00:03:21,450 it points to an information oversharing issue 85 00:03:21,450 --> 00:03:22,590 where people have access 86 00:03:22,590 --> 00:03:25,680 to more information than necessary to do their job. 87 00:03:25,680 --> 00:03:27,750 If you find yourself in this situation, 88 00:03:27,750 --> 00:03:30,630 I recommend you also check out our recent show on the topic 89 00:03:30,630 --> 00:03:33,990 at aka.ms/OversharingMechanics 90 00:03:33,990 --> 00:03:36,300 where I dive into the specific things you should do 91 00:03:36,300 --> 00:03:38,880 to assess your Microsoft 365 environment 92 00:03:38,880 --> 00:03:40,440 for potential oversharing risks 93 00:03:40,440 --> 00:03:43,320 to ensure the right people can access the right information 94 00:03:43,320 --> 00:03:44,790 when using Copilot. 95 00:03:44,790 --> 00:03:48,420 Ultimately, DSPM for AI gives you the visibility you need 96 00:03:48,420 --> 00:03:50,100 to establish a data security baseline 97 00:03:50,100 --> 00:03:52,440 for Copilot usage in your organization, 98 00:03:52,440 --> 00:03:55,740 and helps you put in place preventative measures right away. 99 00:03:55,740 --> 00:03:58,560 In fact, without leaving DSPM for AI 100 00:03:58,560 --> 00:04:00,330 on the recommendations page, 101 00:04:00,330 --> 00:04:02,910 you'll find the policies we advise everyone to use 102 00:04:02,910 --> 00:04:05,321 to improve data security, such as this one 103 00:04:05,321 --> 00:04:07,950 for detecting potentially risky interactions 104 00:04:07,950 --> 00:04:11,730 using insider risk management and other recommendations, 105 00:04:11,730 --> 00:04:15,030 like this one to detect potentially unethical behavior 106 00:04:15,030 --> 00:04:18,060 using communication compliance policies and more. 107 00:04:18,060 --> 00:04:19,260 From there, you can dive in 108 00:04:19,260 --> 00:04:21,810 to Microsoft Purview's best-in-class solutions 109 00:04:21,810 --> 00:04:23,400 for more granular insights, 110 00:04:23,400 --> 00:04:26,520 and to configure specific policies and protections. 111 00:04:26,520 --> 00:04:28,740 I'll start with information protection. 112 00:04:28,740 --> 00:04:30,810 You can manage data security controls 113 00:04:30,810 --> 00:04:33,510 with Microsoft 365 Copilot in scope 114 00:04:33,510 --> 00:04:35,700 with the information protection policies, 115 00:04:35,700 --> 00:04:39,300 and the sensitivity labels that you have in use today. 116 00:04:39,300 --> 00:04:42,960 In fact, by default, any Copilot response using content 117 00:04:42,960 --> 00:04:44,306 with sensitivity labels 118 00:04:44,306 --> 00:04:46,890 will automatically inherit the highest priority label 119 00:04:46,890 --> 00:04:48,630 for the referenced content. 120 00:04:48,630 --> 00:04:51,360 And using data loss prevention policies, 121 00:04:51,360 --> 00:04:54,300 you can prevent Copilot from processing any content 122 00:04:54,300 --> 00:04:57,240 that has a specific sensitivity label applied. 123 00:04:57,240 --> 00:05:00,690 This way, even if users have access to those files, 124 00:05:00,690 --> 00:05:03,330 Copilot will effectively ignore this content 125 00:05:03,330 --> 00:05:06,330 as it retrieves relevant information from Microsoft Graph 126 00:05:06,330 --> 00:05:08,100 used to generate responses. 127 00:05:08,100 --> 00:05:09,840 Insider risk management helps you 128 00:05:09,840 --> 00:05:12,840 to catch data risk based on trending activities 129 00:05:12,840 --> 00:05:14,610 of people on your network 130 00:05:14,610 --> 00:05:18,150 using established user risk indicators and thresholds, 131 00:05:18,150 --> 00:05:20,730 and then uses policies to prevent accidental 132 00:05:20,730 --> 00:05:24,180 or intentional data misuse as they interact with Copilot 133 00:05:24,180 --> 00:05:26,100 where you can easily create policies 134 00:05:26,100 --> 00:05:28,200 based on quick policy templates, 135 00:05:28,200 --> 00:05:29,670 like this one looking 136 00:05:29,670 --> 00:05:32,700 for high-risk data leak patterns from insiders. 137 00:05:32,700 --> 00:05:36,330 By default, this quick policy will scope all users in groups 138 00:05:36,330 --> 00:05:39,810 with a defined triggering event of data exfiltration, 139 00:05:39,810 --> 00:05:43,680 along with activity indicators, including external sharing, 140 00:05:43,680 --> 00:05:45,690 bulk downloads, label downgrades, 141 00:05:45,690 --> 00:05:48,540 and label removal in addition to other activities 142 00:05:48,540 --> 00:05:51,000 that indicate a high risk of data theft. 143 00:05:51,000 --> 00:05:52,500 And it doesn't stop there. 144 00:05:52,500 --> 00:05:55,170 As individuals perform more risky activities, 145 00:05:55,170 --> 00:05:58,200 those can add up to elevate that user's risk level. 146 00:05:58,200 --> 00:06:01,830 Here, instead of manually adjusting data security policies, 147 00:06:01,830 --> 00:06:03,870 using Adaptive Protection controls, 148 00:06:03,870 --> 00:06:05,790 you can also limit Copilot use 149 00:06:05,790 --> 00:06:08,250 depending on a user's dynamic risk level, 150 00:06:08,250 --> 00:06:10,140 for example, when a user exceeds 151 00:06:10,140 --> 00:06:12,420 your defined risk condition thresholds 152 00:06:12,420 --> 00:06:15,750 to reach an elevated risk level, as you can see here. 153 00:06:15,750 --> 00:06:19,350 Using Conditional Access policies in Microsoft Entra, 154 00:06:19,350 --> 00:06:22,170 in this case based on authentication context, 155 00:06:22,170 --> 00:06:24,330 as well as the condition for insider risk 156 00:06:24,330 --> 00:06:27,150 that you set in Microsoft Purview, you can choose 157 00:06:27,150 --> 00:06:30,060 to block their permission when attempting to access sites 158 00:06:30,060 --> 00:06:32,160 with a specific sensitivity label. 159 00:06:32,160 --> 00:06:34,560 That way, even if a user is granted access 160 00:06:34,560 --> 00:06:36,990 to a SharePoint site resource by an owner, 161 00:06:36,990 --> 00:06:38,190 their access will be blocked 162 00:06:38,190 --> 00:06:40,920 by the Conditional Access policy you set. 163 00:06:40,920 --> 00:06:42,270 Again, this is important 164 00:06:42,270 --> 00:06:45,300 because Copilot honors the user's existing permissions 165 00:06:45,300 --> 00:06:46,950 to work with information. 166 00:06:46,950 --> 00:06:49,230 This way, Copilot will not return information 167 00:06:49,230 --> 00:06:51,600 that they do not have access to. 168 00:06:51,600 --> 00:06:53,220 Next, Communication Compliance 169 00:06:53,220 --> 00:06:55,950 is a related insider risk solution that can act 170 00:06:55,950 --> 00:06:58,800 on potentially inappropriate Copilot interactions. 171 00:06:58,800 --> 00:07:01,230 In fact, there are specific policy options 172 00:07:01,230 --> 00:07:03,690 for Microsoft 365 Copilot interactions 173 00:07:03,690 --> 00:07:06,720 in communication compliance where you can flag jailbreak 174 00:07:06,720 --> 00:07:08,280 or prompt injection attempts 175 00:07:08,280 --> 00:07:10,350 using Prompt Shields classifiers. 176 00:07:10,350 --> 00:07:12,240 Communication compliance can be set 177 00:07:12,240 --> 00:07:14,040 to alert reviewers of that activity 178 00:07:14,040 --> 00:07:16,440 so they can easily discover policy matches 179 00:07:16,440 --> 00:07:18,390 and take corresponding actions. 180 00:07:18,390 --> 00:07:19,980 For example, if a person tries 181 00:07:19,980 --> 00:07:22,320 to use Copilot in an inappropriate way, 182 00:07:22,320 --> 00:07:24,780 like trying to get it to work around its instructions 183 00:07:24,780 --> 00:07:27,420 to generate content that Copilot shouldn't, 184 00:07:27,420 --> 00:07:29,070 it will report on that activity, 185 00:07:29,070 --> 00:07:29,903 and you'll also be able 186 00:07:29,903 --> 00:07:31,980 to see the response informing the user 187 00:07:31,980 --> 00:07:33,690 that their activity was blocked. 188 00:07:33,690 --> 00:07:35,670 Once you have the controls you want in place, 189 00:07:35,670 --> 00:07:38,970 it's a good idea to keep going back to DSPM for AI 190 00:07:38,970 --> 00:07:40,680 so you can see where Copilot usage 191 00:07:40,680 --> 00:07:42,840 is matching your data security policies. 192 00:07:42,840 --> 00:07:46,260 Sensitive interactions per AI app shows you interactions 193 00:07:46,260 --> 00:07:48,630 based on sensitive information types. 194 00:07:48,630 --> 00:07:52,260 Top unethical AI interactions surfaces insights based 195 00:07:52,260 --> 00:07:55,230 on the communication compliance controls you've defined. 196 00:07:55,230 --> 00:07:59,220 Top sensitivity labels referenced in Microsoft 365 Copilot 197 00:07:59,220 --> 00:08:00,750 reports on the labels you've created, 198 00:08:00,750 --> 00:08:02,460 and applied to reference content. 199 00:08:02,460 --> 00:08:04,380 And you can see Copilot interactions mapped 200 00:08:04,380 --> 00:08:06,510 to insider risk severity levels. 201 00:08:06,510 --> 00:08:09,180 Then digging into these reports shows you a filtered view 202 00:08:09,180 --> 00:08:11,250 of activities in Activity Explorer 203 00:08:11,250 --> 00:08:13,770 with time-based trends and details for each. 204 00:08:13,770 --> 00:08:16,590 Additionally, because all Copilot interactions are logged, 205 00:08:16,590 --> 00:08:19,230 like other Microsoft 365 activities 206 00:08:19,230 --> 00:08:22,219 in email, Microsoft Teams, SharePoint and OneDrive, 207 00:08:22,219 --> 00:08:23,250 you can now use 208 00:08:23,250 --> 00:08:25,980 the new data security investigation solution. 209 00:08:25,980 --> 00:08:29,130 This uses AI to quickly reason over thousands of items, 210 00:08:29,130 --> 00:08:31,014 including Copilot Chat interactions 211 00:08:31,014 --> 00:08:33,900 to help you investigate the potential cause of risks 212 00:08:33,900 --> 00:08:36,570 for known data leaks in similar incidents. 213 00:08:36,570 --> 00:08:39,090 So that's how Microsoft 365 Copilot, 214 00:08:39,090 --> 00:08:40,380 along with Microsoft Purview, 215 00:08:40,380 --> 00:08:42,300 provides comprehensive controls 216 00:08:42,300 --> 00:08:44,820 to help protect your data, minimize risk, 217 00:08:44,820 --> 00:08:47,430 and quickly identify Copilot interactions that could lead 218 00:08:47,430 --> 00:08:50,430 to compromise so you can take corrective actions. 219 00:08:50,430 --> 00:08:53,190 No other AI solution has this level 220 00:08:53,190 --> 00:08:54,630 of protection and control. 221 00:08:54,630 --> 00:08:58,893 To learn more, check out aka.ms/M365CopilotwithPurview. 222 00:09:00,660 --> 00:09:03,248 Keep watching Microsoft Mechanics for the latest updates 223 00:09:03,248 --> 00:09:05,248 and thanks for watching.