Secure Microsoft 365 Copilot via Skyhigh CASB
Microsoft 365 Copilot is an AI tool embedded within Microsoft 365 applications (such as Word, Excel....etc) that enhances users' productivity by assisting them in accomplishing tasks efficiently and effectively within the applications. For example, if you want to summarize a lengthy Word document, prompt the Copilot (embedded within the Word application) to summarize the content. Copilot provides you with a summary of the document.
Skyhigh Security extends its support to Microsoft 365 Copilot users, ensuring protection against data loss, unauthorized access, and security threats. As AI becomes integral to applications, sensitive data faces growing vulnerabilities, demanding robust security at every level. To address these challenges, Skyhigh Security delivers purpose-built solutions that empower organizations to maintain control, prevent data leaks, and safeguard users in the evolving AI era.
NOTE: Skyhigh Security protects Copilot user's data through comprehensive DLP policies without any action required from you.
Key capabilities of Skyhigh CASB to secure Copilot user's data:
- Data Loss Prevention (DLP). Enforces advanced DLP policies on file interactions in near real-time.
- DLP on Data at Rest. Performs on-demand scans on previously uploaded or created files to detect compliance violations and exfiltration attempts.
- Sensitive Data Controls. Ensures sensitive information from Microsoft Office repositories, such as SharePoint, Teams, and OneDrive, is not ingested into Copilot.
Enforcement of DLP for Copilot
Skyhigh CASB protects sensitive data from Copilot by applying encryption, access control, and AIP (Azure Information Protection) sensitivity labels to the files. To secure Copilot, you need to integrate the following Microsoft collaborating tools with Skyhigh CASB:
- OneDrive. Skyhigh CASB scans the files according to DLP policies and excludes the Copilot if it finds sensitive information when a user adds/modifies files in OneDrive. For more information on integrating OneDrive with Skyhigh CASB, see About Skyhigh CASB for OneDrive.
- SharePoint. Skyhigh CASB continuously monitors SharePoint accounts for any file activity and processes those documents using Skyhigh CASB DLP policies. DLP policies are defined to exclude Copilot to protect sensitive data exfiltration or malicious data ingestion. For more information on integrating Skyhigh CASB with SharePoint, see About Skyhigh CASB for SharePoint.
- Teams. Skyhigh CASB allows Security Operations Center (SOC) admins to monitor user activity in Teams and enforce DLP policies to make sure that sensitive data violating regulatory and internal compliance policies are not posted in the form of messages or files. The rules concerning Copilot are in place to protect sensitive information in Teams messages or files. For more information on integrating Teams with Skyhigh CASB, see About Skyhigh CASB for Microsoft Teams.
With expertise in cloud-native security, Skyhigh helps organizations embrace AI confidently while managing data breaches and compliance risks.
Protect Indexing of Sensitive Files from Copilot Using AIP
Azure Information Protection (AIP) allows organizations to classify and optionally protect sensitive documents using default and custom labels. Once you configure AIP, use AIP labels in Skyhigh CASB DLP policies for Office 365 CSP to protect sensitive files from Copilot.
Follow the steps below to exclude Copilot from indexing the sensitive files:
- Create an AIP label in Microsoft Purview to protect the indexing of sensitive files from Copilot.
- Select the newly created AIP label to apply classification and protection policies to your sensitive data. Here, we have created an Exclude Co-pilot label as an example.
- Configure AIP in Skyhigh CASB.
- Select the desired policy on the DLP Policies (Policy > DLP Policies > DLP Policies) page.
- Select the newly created label on the Responses section to exclude Copilot from sensitive files.
- If a sensitive file is shared, an incident will be created on the Policy Incidents page based on the AIP classification.
Skyhigh CASB excludes the file with sensitive information from indexing.