Nikki Chapple, profile picture
Uploaded byNikki Chapple
2,559 views

Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data Security

The document outlines best practices for preparing Microsoft 365 Copilot, emphasizing governance and data security. Key points include the importance of implementing 'just enough access' to sensitive data, identifying risks associated with overexposure, and establishing responsible AI policies. Additionally, it suggests building a center of excellence to enhance data security maturity and ensure proper management of Microsoft 365 resources.

Embed presentation

Preparing for Microsoft 365 Copilot: Best Practices for Governance and Data Security Nikki Chapple (Microsoft MVP)
Platinum Gold Silver Community Thanks to our sponsors! Organized by SharePint
Nikki Chapple MVP | Principal Cloud Architect @ CloudWay • Security and Compliance Evangelist Award winner 2023 • 30 years+ experience in IT & business transformation • Passionate about Microsoft 365 governance & compliance • Community speaker & blogger • Co-host on the All Things M365 Compliance Podcast
Agenda Introduction to Microsoft Copilot Get Copilot ready Importance of “Just enough access”
Brief Introduction to Microsoft Copilot
Microsoft 365 Copilot
Content & Context
Content & Context
What data does Microsoft 365 Copilot access? Emails, Meetings, Calendar, Contacts Documents, other business data Documents, other business data Chat and Channel messages
Data, Privacy, and Security Responses based on the user’s access and permissions Only searches for information in your tenant Prompts, responses and data are not used to train the LLM Prompts, responses and data reside in Microsoft 365 service boundary (not using Open API)
What are the risks I need to consider? Over-exposure of confidential data - Searches content you can VIEW 1 Redundant, outdated, and trivial (ROT) content - Inaccurate results 2 No policies for responsible AI use - Inappropriate use of Copilot 3
Get Copilot ready
Stakeholders • Chief Data Officer • • Change management • DPO • Security • Business analyst • Legal/ Compliance • IT • Data Steward
Demystify Copilot Provides productivity recommendations Responses based on the data you have access to Establish policies for responsible & ethical AI use Copilot isn't perfect and is not always accurate Build a Center of Excellence
Who, Where, How & When Current vs. Future state People Technology Process Strategy Regulations Culture Priorities Identify and address gaps What & Why Risk & Compliance stance Monitor and Enhance Get Copilot ready
Technical Prerequisites • Microsoft 365 Apps for Enterprise (current channel)* • Microsoft Entra-based account • OneDrive • Teams (either version) • New Outlook for Windows • Loop • Windows 11 (preferred) • Microsoft 365 E3 or E5 or Business Premium licences
Build your governance and data security maturity Workspace Content User
The Copilot Data Security and Governance Maturity Model 100 - Initial • Workspaces uncontrolled • No data security or governance 200 - Managed • Adhoc workspace governance • Team owners unaware of their responsibilities 300 - Defined • Basic workspace governance • Adhoc data security • Adhoc lifecycle management • User adoption 400 - Predictable • Tailored workspace governance • Automated data security • Lifecycle management • Permissions auditing 500 - Optimising • Advanced workspace governance • Advanced lifecycle governance • Advanced data security
Not all data is the same – so take a risk- based approach
The importance of “Just enough access”
Most data stored outside Microsoft 365 and users work in email 3rd Party data storage Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded SharePoint Your OneDrive Others OneDrives
Use of OneDrive increases but emailing files not sharing files - no adoption or training Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded Your OneDrive SharePoint 3rd Party data storage Your OneDrive Others OneDrives
Pioneers create ungoverned Teams & Sites Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded Your OneDrive Others OneDrives SharePoint 3rd Party data storage
3rd Party data storage SPO Uncontrolled Teams & Sites creation and file sharing creates sprawl Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded Others OneDrives Your OneDrive
3rd party data is migrated into Microsoft 365 - increasing sprawl 3rd party SPO Your OneDrive Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded
Govern Access - Admins added as owner of all groups, Teams & sites by default SPO Your OneDrive Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded
SPO Govern Microsoft Groups, Teams & sites - Container Sensitivity Labels and User Adoption Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
Govern Teams - Use private/shared channels to restrict access Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access SPO
SPO Govern Access - Dynamic group membership* (Entra ID P1 licence) Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
SPO Govern File Access - Use Container sensitivity labels to restrict who can share files and folders and sharing links Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
SPO Govern Site Access - Block site access to non- members (Microsoft Syntex - SharePoint Advanced Management licence) Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
SPO Govern Groups Access - Regular membership Access Reviews* (Entra ID P2 licence) Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
Govern Content - Use encrypted sensitivity labels to restrict access* (automated labelling & default label on Document Library M365 E5 IP&G licence) Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access Teams SPO
SPO Govern Content - Retention policies/labels to keep what you need and delete the rest (automated labelling & default label on Document Library M365 E5 IP&G licence) Others OneDrive Teams Teams Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
SPO Archive SPO Govern Content - Externally archive inactive content Others OneDrive Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access Your OneDrive
Extend with plugins and Microsoft Graph connectors 3rd party SPO Others OneDrive Your OneDrive Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
Wrap Up
Summary Demystify Baseline your maturity Improve your maturity Proactive and pragmatic approach Build Centre of Excellence and adoption programme

More Related Content

PPTX
Copilot-for-Microsoft-365-technical.pptx
bysoulamaabdoulaye128
 
PDF
Preparing, Piloting & Paths to Success with Microsoft Copilot
byRichard Harbridge
 
PPTX
Getting your enterprise ready for Microsoft 365 Copilot
byVignesh Ganesan I Microsoft MVP
 
PPTX
What's New in Copilot for Microsoft365 May 2024.pptx
byStephanie Beckett
 
PDF
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
by2toLead Limited
 
PPTX
Microsoft 365 Copilot Fundamentalss.pptx
byPedro Alexander Romero Tortosa
 
PDF
Ensuring Technical Readiness For Copilot in Microsoft 365
by2toLead Limited
 
PPTX
What's New in Copilot for Microsoft 365 June 2024.pptx
byStephanie Beckett
 
Copilot-for-Microsoft-365-technical.pptx
bysoulamaabdoulaye128
 
Preparing, Piloting & Paths to Success with Microsoft Copilot
byRichard Harbridge
 
Getting your enterprise ready for Microsoft 365 Copilot
byVignesh Ganesan I Microsoft MVP
 
What's New in Copilot for Microsoft365 May 2024.pptx
byStephanie Beckett
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
by2toLead Limited
 
Microsoft 365 Copilot Fundamentalss.pptx
byPedro Alexander Romero Tortosa
 
Ensuring Technical Readiness For Copilot in Microsoft 365
by2toLead Limited
 
What's New in Copilot for Microsoft 365 June 2024.pptx
byStephanie Beckett
 

What's hot

PPTX
Microsoft Information Protection: Your Security and Compliance Framework
byAlistair Pugin
 
PPTX
Microsoft Information Protection demystified Albert Hoitingh
byAlbert Hoitingh
 
PDF
Microsoft Build 2023 Updates – Copilot Stack and Azure OpenAI Service (Machin...
byNaoki (Neo) SATO
 
PPTX
Azure purview
byShafqat Turza
 
PPTX
Breakdown of Microsoft Purview Solutions
byDrew Madelung
 
PPTX
Secure your M365 resources using Azure AD Identity Governance
byVignesh Ganesan I Microsoft MVP
 
PPTX
Microsoft Purview
byMohammed Chaaraoui
 
PPTX
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
byNicholas Vossburg
 
PDF
Azure Information Protection
byRobert Crane
 
PDF
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
PPTX
Labelling in Microsoft 365 - Retention & Sensitivity
byDrew Madelung
 
PPTX
Microsoft 365
byJeannette Browning
 
PPTX
2 Modern Security - Microsoft Information Protection
byAndrew Bettany
 
PDF
Best Practice on using Azure OpenAI Service
byKumton Suttiraksiri
 
PDF
[Machine Learning 15minutes! #61] Azure OpenAI Service
byNaoki (Neo) SATO
 
PPTX
Deep dive into Microsoft Purview Data Loss Prevention
byDrew Madelung
 
PPTX
Proactive Governance & Adoption in Microsoft 365
byRichard Harbridge
 
PDF
Pitching Microsoft 365
byRobert Crane
 
PPTX
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
byDrew Madelung
 
PDF
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
Microsoft Information Protection: Your Security and Compliance Framework
byAlistair Pugin
 
Microsoft Information Protection demystified Albert Hoitingh
byAlbert Hoitingh
 
Microsoft Build 2023 Updates – Copilot Stack and Azure OpenAI Service (Machin...
byNaoki (Neo) SATO
 
Azure purview
byShafqat Turza
 
Breakdown of Microsoft Purview Solutions
byDrew Madelung
 
Secure your M365 resources using Azure AD Identity Governance
byVignesh Ganesan I Microsoft MVP
 
Microsoft Purview
byMohammed Chaaraoui
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
byNicholas Vossburg
 
Azure Information Protection
byRobert Crane
 
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
Labelling in Microsoft 365 - Retention & Sensitivity
byDrew Madelung
 
Microsoft 365
byJeannette Browning
 
2 Modern Security - Microsoft Information Protection
byAndrew Bettany
 
Best Practice on using Azure OpenAI Service
byKumton Suttiraksiri
 
[Machine Learning 15minutes! #61] Azure OpenAI Service
byNaoki (Neo) SATO
 
Deep dive into Microsoft Purview Data Loss Prevention
byDrew Madelung
 
Proactive Governance & Adoption in Microsoft 365
byRichard Harbridge
 
Pitching Microsoft 365
byRobert Crane
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
byDrew Madelung
 
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 

Similar to Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data Security

PDF
Microsoft 365 Copilot data security and governance |Commsverse 2024 | June 2024
byNikki Chapple
 
PDF
Microsoft 365 Copilot: How to boost your productivity with AI. Part two: Data...
byNikki Chapple
 
PDF
Deciphering Copilot Unravelling Data Security and Governance in Microsoft 365
byNikki Chapple
 
PDF
Ready Set Secure your Microsoft 365 Data
byNikki Chapple
 
PDF
Copilot for Microsoft 365 data security and governance | Workplace Ninjas Den...
byNikki Chapple
 
PDF
Unlock the Potential of Microsoft 365 Copilot | Norwegian M365 User Group |...
byNikki Chapple
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PDF
Microsoft 365 Copilot Data Security and Governance
byNikki Chapple
 
PPTX
AB-900, the replacement of MS-900 course
byMichelAguilera4
 
PPTX
Office 365 Saturday - Office 365 Security Best Practices
byBenoit HAMET
 
PPTX
Prepare your data for Microsoft Copilot with new tools
byNicholasMarshallMica
 
PPTX
Security and compliance in Office 365 -Part 1
byVignesh Ganesan I Microsoft MVP
 
PDF
Microsoft Office 365 Security and Compliance
byDavid J Rosenthal
 
PDF
May 2020 Microsoft 365 Need to Know Webinar
byRobert Crane
 
PPTX
B2 - The History of Content Security: Part 2 - Adam Levithan
bySPS Paris
 
PPTX
SC-900 Capabilities of Microsoft Compliance Solutions
byFredBrandonAuthorMCP
 
PPTX
Safely Enabling Office 365
byHammerNJ
 
PDF
Microsoft 365 Compliance
byDavid J Rosenthal
 
PPTX
Security and Compliance with SharePoint and Office 365
byRichard Harbridge
 
PPTX
Intelligent Security, Compliance and Privacy in Office 365
byMiguel Isidoro
 
Microsoft 365 Copilot data security and governance |Commsverse 2024 | June 2024
byNikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI. Part two: Data...
byNikki Chapple
 
Deciphering Copilot Unravelling Data Security and Governance in Microsoft 365
byNikki Chapple
 
Ready Set Secure your Microsoft 365 Data
byNikki Chapple
 
Copilot for Microsoft 365 data security and governance | Workplace Ninjas Den...
byNikki Chapple
 
Unlock the Potential of Microsoft 365 Copilot | Norwegian M365 User Group |...
byNikki Chapple
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
Microsoft 365 Copilot Data Security and Governance
byNikki Chapple
 
AB-900, the replacement of MS-900 course
byMichelAguilera4
 
Office 365 Saturday - Office 365 Security Best Practices
byBenoit HAMET
 
Prepare your data for Microsoft Copilot with new tools
byNicholasMarshallMica
 
Security and compliance in Office 365 -Part 1
byVignesh Ganesan I Microsoft MVP
 
Microsoft Office 365 Security and Compliance
byDavid J Rosenthal
 
May 2020 Microsoft 365 Need to Know Webinar
byRobert Crane
 
B2 - The History of Content Security: Part 2 - Adam Levithan
bySPS Paris
 
SC-900 Capabilities of Microsoft Compliance Solutions
byFredBrandonAuthorMCP
 
Safely Enabling Office 365
byHammerNJ
 
Microsoft 365 Compliance
byDavid J Rosenthal
 
Security and Compliance with SharePoint and Office 365
byRichard Harbridge
 
Intelligent Security, Compliance and Privacy in Office 365
byMiguel Isidoro
 

More from Nikki Chapple

PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PDF
Managing Microsoft 365 Copilot and Third-Party Generative AI: Securing Data, ...
byNikki Chapple
 
PDF
Deep Dive into Data Loss Prevention: Securing Microsoft 365, Copilot, and End...
byNikki Chapple
 
PDF
Microsoft Purview Data Loss Prevention Deep Dive
byNikki Chapple
 
PDF
Do We Really Need to Buy More SharePoint Storage?
byNikki Chapple
 
PDF
Protecting Your Sensitive Data with Microsoft Purview
byNikki Chapple
 
PDF
Measuring Microsoft 365 Copilot and Gen AI Success
byNikki Chapple
 
PDF
Measuring Copilot and Gen AI Success with Viva Insights and Purview
byNikki Chapple
 
PDF
Microsoft 365 Copilot Data Quality with Semantic Index and how Topics Plays ...
byNikki Chapple
 
PDF
Microsoft Viva and Copilot Governance
byNikki Chapple
 
PDF
Real World Governance Risk and Compliance | European Collaboration Summit | M...
byNikki Chapple
 
PDF
Microsoft 365 Copilot: How to boost your productivity with AI. Part one: Adop...
byNikki Chapple
 
PDF
Cracking the Code- Expert Tips for Mastering GRC | CollabDays Bletchley | Sep...
byNikki Chapple
 
PDF
Microsoft Viva Security and Privacy | CollabDays Bletchley | Sept 23
byNikki Chapple
 
PDF
Demystifying security and privacy in Viva | Commsverse | June 2023
byNikki Chapple
 
PDF
Demystifying security and compliance in Viva | European Collaboration Summit ...
byNikki Chapple
 
PDF
Real World Governance Risk and Compliance | European Collaboration Summit 2023
byNikki Chapple
 
PDF
Dont let governance risk and compliance be a roll of the device | Modern Wor...
byNikki Chapple
 
PDF
Dont let governance risk and compliance be a roll of the dice | ESPC22 | De...
byNikki Chapple
 
PDF
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
byNikki Chapple
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
Managing Microsoft 365 Copilot and Third-Party Generative AI: Securing Data, ...
byNikki Chapple
 
Deep Dive into Data Loss Prevention: Securing Microsoft 365, Copilot, and End...
byNikki Chapple
 
Microsoft Purview Data Loss Prevention Deep Dive
byNikki Chapple
 
Do We Really Need to Buy More SharePoint Storage?
byNikki Chapple
 
Protecting Your Sensitive Data with Microsoft Purview
byNikki Chapple
 
Measuring Microsoft 365 Copilot and Gen AI Success
byNikki Chapple
 
Measuring Copilot and Gen AI Success with Viva Insights and Purview
byNikki Chapple
 
Microsoft 365 Copilot Data Quality with Semantic Index and how Topics Plays ...
byNikki Chapple
 
Microsoft Viva and Copilot Governance
byNikki Chapple
 
Real World Governance Risk and Compliance | European Collaboration Summit | M...
byNikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI. Part one: Adop...
byNikki Chapple
 
Cracking the Code- Expert Tips for Mastering GRC | CollabDays Bletchley | Sep...
byNikki Chapple
 
Microsoft Viva Security and Privacy | CollabDays Bletchley | Sept 23
byNikki Chapple
 
Demystifying security and privacy in Viva | Commsverse | June 2023
byNikki Chapple
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
byNikki Chapple
 
Real World Governance Risk and Compliance | European Collaboration Summit 2023
byNikki Chapple
 
Dont let governance risk and compliance be a roll of the device | Modern Wor...
byNikki Chapple
 
Dont let governance risk and compliance be a roll of the dice | ESPC22 | De...
byNikki Chapple
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
byNikki Chapple
 

Recently uploaded

PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
DOCX
Cloud Security, Serverless Security. Cybersecurity
byEdcelPacayraDuena
 
PDF
Hybrid Cloud vs Multi-Cloud Strategy 2025
byTeleglobal International
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
Cloud Security, Serverless Security. Cybersecurity
byEdcelPacayraDuena
 
Hybrid Cloud vs Multi-Cloud Strategy 2025
byTeleglobal International
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
December Patch Tuesday
byIvanti
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 

Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data Security

  • 1.
    Preparing for Microsoft365 Copilot: Best Practices for Governance and Data Security Nikki Chapple (Microsoft MVP)
  • 2.
    Platinum Gold Silver Community Thanks to oursponsors! Organized by SharePint
  • 3.
    Nikki Chapple MVP |Principal Cloud Architect @ CloudWay • Security and Compliance Evangelist Award winner 2023 • 30 years+ experience in IT & business transformation • Passionate about Microsoft 365 governance & compliance • Community speaker & blogger • Co-host on the All Things M365 Compliance Podcast
  • 4.
    Agenda Introduction to MicrosoftCopilot Get Copilot ready Importance of “Just enough access”
  • 5.
  • 6.
  • 8.
  • 9.
  • 10.
    What data doesMicrosoft 365 Copilot access? Emails, Meetings, Calendar, Contacts Documents, other business data Documents, other business data Chat and Channel messages
  • 11.
    Data, Privacy, andSecurity Responses based on the user’s access and permissions Only searches for information in your tenant Prompts, responses and data are not used to train the LLM Prompts, responses and data reside in Microsoft 365 service boundary (not using Open API)
  • 12.
    What are therisks I need to consider? Over-exposure of confidential data - Searches content you can VIEW 1 Redundant, outdated, and trivial (ROT) content - Inaccurate results 2 No policies for responsible AI use - Inappropriate use of Copilot 3
  • 13.
  • 14.
    Stakeholders • Chief Data Officer • •Change management • DPO • Security • Business analyst • Legal/ Compliance • IT • Data Steward
  • 15.
    Demystify Copilot Provides productivity recommendations Responses basedon the data you have access to Establish policies for responsible & ethical AI use Copilot isn't perfect and is not always accurate Build a Center of Excellence
  • 16.
    Who, Where, How& When Current vs. Future state People Technology Process Strategy Regulations Culture Priorities Identify and address gaps What & Why Risk & Compliance stance Monitor and Enhance Get Copilot ready
  • 17.
    Technical Prerequisites • Microsoft 365 Appsfor Enterprise (current channel)* • Microsoft Entra-based account • OneDrive • Teams (either version) • New Outlook for Windows • Loop • Windows 11 (preferred) • Microsoft 365 E3 or E5 or Business Premium licences
  • 18.
    Build your governanceand data security maturity Workspace Content User
  • 19.
    The Copilot DataSecurity and Governance Maturity Model 100 - Initial • Workspaces uncontrolled • No data security or governance 200 - Managed • Adhoc workspace governance • Team owners unaware of their responsibilities 300 - Defined • Basic workspace governance • Adhoc data security • Adhoc lifecycle management • User adoption 400 - Predictable • Tailored workspace governance • Automated data security • Lifecycle management • Permissions auditing 500 - Optimising • Advanced workspace governance • Advanced lifecycle governance • Advanced data security
  • 20.
    Not all datais the same – so take a risk- based approach
  • 21.
  • 22.
    Most data storedoutside Microsoft 365 and users work in email 3rd Party data storage Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded SharePoint Your OneDrive Others OneDrives
  • 23.
    Use of OneDriveincreases but emailing files not sharing files - no adoption or training Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded Your OneDrive SharePoint 3rd Party data storage Your OneDrive Others OneDrives
  • 24.
    Pioneers create ungovernedTeams & Sites Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded Your OneDrive Others OneDrives SharePoint 3rd Party data storage
  • 25.
    3rd Party data storage SPO Uncontrolled Teams& Sites creation and file sharing creates sprawl Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded Others OneDrives Your OneDrive
  • 26.
    3rd party datais migrated into Microsoft 365 - increasing sprawl 3rd party SPO Your OneDrive Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded
  • 27.
    Govern Access -Admins added as owner of all groups, Teams & sites by default SPO Your OneDrive Ungoverned - access Ungoverned – no access Location hidden from scope – Excluded
  • 28.
    SPO Govern Microsoft Groups,Teams & sites - Container Sensitivity Labels and User Adoption Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
  • 29.
    Govern Teams -Use private/shared channels to restrict access Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access SPO
  • 30.
    SPO Govern Access -Dynamic group membership* (Entra ID P1 licence) Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
  • 31.
    SPO Govern File Access- Use Container sensitivity labels to restrict who can share files and folders and sharing links Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
  • 32.
    SPO Govern Site Access- Block site access to non- members (Microsoft Syntex - SharePoint Advanced Management licence) Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
  • 33.
    SPO Govern Groups Access- Regular membership Access Reviews* (Entra ID P2 licence) Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
  • 34.
    Govern Content -Use encrypted sensitivity labels to restrict access* (automated labelling & default label on Document Library M365 E5 IP&G licence) Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access Teams SPO
  • 35.
    SPO Govern Content -Retention policies/labels to keep what you need and delete the rest (automated labelling & default label on Document Library M365 E5 IP&G licence) Others OneDrive Teams Teams Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
  • 36.
    SPO Archive SPO Govern Content- Externally archive inactive content Others OneDrive Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access Your OneDrive
  • 37.
    Extend with pluginsand Microsoft Graph connectors 3rd party SPO Others OneDrive Your OneDrive Ungoverned - access Ungoverned – no access Governed location – No access Governed location – have access
  • 38.
  • 39.
    Summary Demystify Baseline your maturity Improveyour maturity Proactive and pragmatic approach Build Centre of Excellence and adoption programme

Editor's Notes

  • #2 MANDATORY SLIDE
  • #4 Hyperlinks in PowerPoint are active for the attendees if you use PowerPoint Live sharing in Teams.
  • #11 Data includes users’ calendars, emails, chats, documents, meetings, contacts, calendar, and other business data stored in Exchange, OneDrive, SharePoint, Teams in your Microsoft 365 tenant It does not return results from other Microsoft 365 tenant where You have access - In scope e.g. Guest access. Microsoft 365 Copilot will only return data where the user has at least View permissions
  • #17 SH An overall organisational approach really should: 1. Start with understanding the inputs - The market environment and your organisational strategy for these combined with your risk and compliance stance 2. Establish a company wide approach; a Risk and Compliance stance 3. Implement through People, Process and Technology Note importance of stakeholders across the business (not just IT) 4. Monitored and kept relevant using something like a maturity model approach as part of a continuous cycle