Secure Microsoft 365 Copilot via Skyhigh CASB
| Limited Availability: Microsoft 365 Copilot integration is a feature with limited availability. For assistance, contact Skyhigh Support. |
Microsoft 365 Copilot is an AI tool embedded within Microsoft 365 applications (such as Word, Excel, etc) that enhances users' productivity by assisting them in accomplishing tasks efficiently and effectively. As AI becomes integral to applications, sensitive data faces growing vulnerabilities, demanding robust security at every level. Skyhigh Security extends its support to Microsoft 365 Copilot users, ensuring protection against data loss, unauthorized access, security threats, and maintaining compliance with data privacy regulations.
AI assistants like Microsoft 365 Copilot can unintentionally contribute to data exfiltration, acting as an unwitting insider, exposing sensitive information. By integrating Skyhigh CASB with the Microsoft 365 Copilot API, you can monitor all prompts and responses. Additionally, Skyhigh CASB enforces Data Loss Prevention (DLP) policies to stop the use of proprietary data for training the AI model, ensuring these interactions don't unintentionally add to the LLM's knowledge base. This approach creates a clear audit trail for data provenance and protects against the leakage of intellectual property.
You can protect Copilots users' data in three key areas:
- File Attachments (Existing Capability). Skyhigh CASB protects Copilot users' data through comprehensive DLP policies (without any action required from you). This ensures that sensitive content shared through OneDrive or SharePoint remains protected from unauthorized access by Copilot users. The file operations (such as uploading, downloading, updating, and deleting) associated with Copilot are handled via OneDrive or SharePoint, based on the file location. To apply DLP on files, you must integrate OneDrive and SharePoint with Skyhigh CASB.
- Messages (Prompts and Responses) Posted in Copilot. Integrate Skyhigh CASB with Copilot to enforce DLP on messages (prompts and responses). This ensures that any sensitive content shared via messages (user prompts and responses from Copilot) is blocked, and the activity is logged to alert the security teams. Skyhigh CASB scans, classifies, and enforces rules on both input and output of the Copilot conversation to protect users' data.
- Activity Monitoring. Activity monitoring ensures a secure environment for the Copilot users, making all data interactions visible, traceable, and governed by enforced policies (evaluated against predefined rules). Any policy violations trigger alerts, automatic responses, or investigations, enabling organizations to protect their data.
The table below lists the Skyhigh CASB capabilities and the corresponding CSP integrations used to monitor them.
| Skyhigh CASB Capabilities | Associated CSP |
|---|---|
| Activity monitoring | Microsoft 365 Copilot |
| DLP on messages (prompts and responses) | Microsoft 365 Copilot |
| DLP on files | OneDrive or SharePoint, depending on the file location |
Use Cases
Below are a few example scenarios illustrating how Skyhigh CASB protects Copilot users' data through DLP policies:
-
Apply DLP to Secure Copilot User Prompts and Responses, and File Attachments
-
A Security Operations Center (SOC) may want to prevent users from uploading sensitive information such as pricing details or financial records to Copilot. To do this, SOC defines DLP policies with specific policy rules and response actions. These enable Copilot to redact sensitive content, provide a general summary, or withhold responses based on policy violations. This helps protect against the exfiltration of critical data, supports compliance, and reduces risk.
For details about DLP on prompts and responses, see DLP for Microsoft 365 Copilot.
-
-
Use AIP to Prevent Ingestion of Sensitive Copilot User Data
-
An employee attempts to use Copilot to retrieve details about a highly sensitive internal R&D project stored in a restricted SharePoint site. Because Copilot honors existing permissions, it does not return any information that the user is not authorized to access. In this scenario, DLP policies, Sensitivity Labels, and SharePoint site permissions work together to ensure that only permitted data is accessible through Copilot. As a result, the request is blocked or returns no sensitive information, effectively preventing unauthorized access and maintaining data confidentiality.
For details about DLP on files using AIP, see Protect Indexing of Sensitive Files from Copilot Using AIP.
-
-
Monitor Copilot User Activities (Threat Investigation)
- Organizations utilize activity monitoring to identify anomalies, such as unusual uploads, mass deletions, or unexpected user actions. This approach allows SOCs to strengthen data security and mitigate potential risks. With these insights, SOCs can prevent data loss, respond quickly to threats, and ensure that Copilot consistently provides secure and measurable value.
For details about supported user activities for Copilot, see Activity Monitoring for Microsoft 365 Copilot.
- Organizations utilize activity monitoring to identify anomalies, such as unusual uploads, mass deletions, or unexpected user actions. This approach allows SOCs to strengthen data security and mitigate potential risks. With these insights, SOCs can prevent data loss, respond quickly to threats, and ensure that Copilot consistently provides secure and measurable value.