How much does my colleague earn? Is the company going to restructure? Are redundancies planned? These are just some of the possible questions employees can ask your data stored in your Microsoft 365 tenant if they have a Copilot license.
Microsoft’s Large Language Model (LLM) Copilot is trained to find and provide answers. So, introducing it into your tenant, without guardrails in place, will quickly expose sensitive information or data that was previously hidden.
Mundane searches could reveal sensitive information such as confidential financial records or HR documents, exposing your organization to privacy breaches or compliance issues.
Sounds scary? Well, it could be, if you don’t get your house in order before you roll out the latest AI tool.
Since Copilot licenses were made available to all Microsoft 365 users earlier this year, individual heads of departments are looking at ways they can experiment with it.
It’s likely they’re putting a business case together right now and will soon be knocking at your door asking for a license.
Before you give them the go-ahead, you need to get your information security, governance, and permissions in place to avoid widespread oversharing or the leaking of sensitive company information.
So, how do you embrace the power of Copilot for Microsoft 365 while avoiding the threat to information security, privacy, and compliance?
Enter SharePoint Premium.
You can use SharePoint Premium to find out where you are most at risk. Identify sensitive data, by type and location, as well as instances of overshared content in your tenant.
What is SharePoint Premium?
Content experiences
Content processing
Content governance
SharePoint Premium is Microsoft’s latest advanced content management platform that brings together AI, automation, and enhanced security. Formerly known as Microsoft Syntex, through June 2024 you can experiment with using it at no extra charge.
As the core of Copilot’s functionality is to use information stored in Microsoft 365 (to help with various tasks such as creating and editing documents and finding and sharing information) you will need to use SharePoint Premium to create information protection rules and set permissions for your data and documents before you launch the tool.
SharePoint Premium will help you to manage and govern content stored in SharePoint. Use it to control access and maintain security in your tenant and detect and remediate any potential risks, which will help address oversharing and ensure the content stored is compliant.
Let’s take a look at how…
Optical Character Recognition (OCR)
Copilot for Microsoft 365 will ultimately make content in SharePoint more discoverable, searchable and accessible. Yet as we’ve shown above, this can pose a danger to security and compliance.
One way to overcome this potential threat is to use SharePoint Premium’s ‘Optical Character Recognition’ tool to identify images or non-searchable documents in your tenant (such as screenshots, scanned contracts, documents, statements of work or invoices) and convert them into machine-readable text.
Converting the documents or images into text means you can identify and then protect sensitive or confidential information that may be embedded in these scanned items, such as personal identification numbers, social security numbers, or credit card numbers.
You can also use OCR to help enforce retention policies and records management for the scanned documents – redact or restrict access to sensitive information, thus reducing the chances of data leaks or breaches (or fines from regulatory bodies) when you launch Copilot for Microsoft 365.
Content Governance Insights
SharePoint Premium provides you with a set of reporting and mitigation tools to identify content that may be shared too widely or incorrectly. You can review sites to confirm access controls and ensure proper governance.
Use its AI-driven policy recommendation tool to benchmark your SharePoint site against other well-governed ones. It can even offer you suggestions for how to improve yours!
Data Access Governance (DAG) Reports
Easily identify overshared sites and take action by using SharePoint Premium’s DAG reports. Gain a top-level view of your sites based on:
- Sharing policy compliance
- Teams-connected sites
- Privacy settings
- Sensitivity labels
Content Lifecycle Management
Address content sprawl in SharePoint and manage the entire content lifecycle using SharePoint Premium. With simple yet powerful tools, you can control access, set permissions, and keep content fresh.
This not only ensures that content remains relevant, but it also helps to keep it secure and aligned with your organizational policies.
Content Tagging and Sensitivity Labels
Use SharePoint Premium to auto-tag documents with relevant metadata such as topics, keywords, entities, etc., Apply sensitivity labels to content based on its importance and confidentiality. Classify, categorize and then securely store the content in a more structured and intelligent taxonomy.
This means when you eventually launch Copilot for Microsoft 365, it will automatically understand the structured content by context and thus limit who has access to it.
Customizable Policies
You can define custom policies based on content type, sensitivity, and business requirements. Introduce a Restricted Access Control Policy to specify which security groups can access content as well as prevent unauthorized access, ensuring content remains compliant with legal and regulatory standards.
Confidently launch Copilot for Microsoft 365
In summary, Copilot for Microsoft 365 thrives on structured content. However, without guardrails in place, it can unintentionally open up the possibility of revealing sensitive information or data within your Microsoft 365 tenant.
Yet, by using SharePoint Premium’s content governance tools you can confidently unleash the power of Copilot for Microsoft 365 knowing your content is well managed, secure, and compliant, with proper access controls in place.
***
Want to learn more about how to get your tenant ready for Copilot for Microsoft 365? Get in touch with Team Cloudwell today to find out more.