What is Microsoft 365?
Microsoft's suite of business productivity products is constantly evolving – both in name and in technical capabilities – so it can be challenging to...
Five Nines Technicians : May 22, 2024 12:34:11 PM
4 min read
Microsoft 365 Copilot is an AI-powered assistant that is built into the Microsoft 365 suite of applications including Word, Excel, PowerPoint, Outlook, and Teams to provide personalized, intelligent assistance and streamline workflows.
Copilot can understand and respond to questions and commands that are typed plainly into a chat window, enabling users to speak naturally to Copilot and work more efficiently. Unlike other AI assistant tools (ChatGPT, Gemini, etc.), Copilot has access to everything you've ever worked on in Office 365, so it can quickly compile information from across multiple documents, Teams chats, presentations, and emails.
Graphic: Microsoft
A licensed user will have a Copilot button in the ribbon menu at the top of all their Office applications. To get started with Copilot they'll press the Copilot button and ask it to perform a task or answer questions. This process is referred to as a "Prompt." Example prompts include:
Microsoft 365 Copilot will then gather data based on the user's Microsoft 365 permissions and submit the data and the prompt to Copilot to generate a response. Copilot will then perform responsible AI checks to ensure security, compliance, and privacy policies are not violated before sending back a response to the user along with commands to the Microsoft 365 application to perform the requested action.
When Microsoft 365 Copilot is first enabled in an Office 365 tenant it will immediately begin inventorying data from various sources like Teams chats, OneDrive, mailboxes, and SharePoint Document Libraries. Copilot will respect any existing permissions and data boundaries that exist, but without a thorough understanding of how data moves through your organization and proper access controls Copilot will be able to surface sensitive information to your Microsoft 365 Copilot licensed users.
It's important to note that Copilot can source answers to prompts from any data that the user has at least read access to in the organization. Users who are licensed for Microsoft 365 Copilot pose an additional risk when their account becomes compromised, since a threat actor will now be empowered to simply ask Microsoft where your most valuable data resides and further ask Copilot to help them exfiltrate it. It's critical that these users receive frequent security awareness training to recognize and thwart phishing attempts which can lead to account takeovers. Other standard controls like phishing-resistant multifactor authentication, having a strong and unique Microsoft 365 password, and evaluating the user's device health prior to allowing access to the data should also be employed.
Questions you should be asking to prepare for a Microsoft 365 Copilot pilot program or rollout include:
Microsoft expects you to classify your documents and data repositories with Sensitivity Labels to enforce Data Loss Prevention policies that apply encryption or prevent your data from leaking externally. Sensitivity Labels also create a data boundary that Copilot must adhere to which prevents accidental sensitive data exposure. Example Sensitivity Labels include:
Based on these example labels, Data Loss Prevention policies can be crafted to either grant access to the data, block access to the data, or enforce encryption when sharing externally.
When starting with Microsoft 365 Copilot it's paramount to take the following actions:
Copilot for Microsoft 365 is $30 per user per month, but Microsoft requires both an annual commitment and you must pay the full term upfront. Presently, there is no way to demo or trial Microsoft 365 Copilot. Copilot is an add-on plan, and you need one of the following licenses to be able to use Copilot:
While Microsoft will let almost any license level purchase and use Microsoft 365 Copilot only certain plans have the appropriate access to the security controls discussed above, and any plans that say not recommend lack the appropriate safeguards without additional add-on licensing and a higher bundled plan will be more affordable. For organizations with less than 300 users, Business Premium is the minimum licensing that all users in the organization should have to ensure adequate protection. If your company has more than 300 users, then Microsoft 365 E3 is the recommended plan.
If you need assistance determining if Copilot is right for your organization, Five Nines can help. Contact us today to collaborate with one of our experts.
Microsoft's suite of business productivity products is constantly evolving – both in name and in technical capabilities – so it can be challenging to...
In April, Microsoft announced that they have unbundled Teams from the Office suite for all net new Enterprise subscriptions effective September 30,...
If you’re looking for the best solution for a hybrid work environment, look no further than the Microsoft Teams Platform – built for communication,...