Understand how sensitivity labels apply in Microsoft 365 Copilot
Microsoft 365 Copilot enhances productivity in Word, Excel, PowerPoint, Outlook, and Teams using AI models like GPT-4. It connects to Microsoft Graph for context-aware assistance in activities such as drafting documents, summarizing emails, and aiding Teams meetings. This extensive set of features highlights the importance of data security in AI-driven tools.
Understand Microsoft 365 Copilot
Microsoft 365 Copilot is an AI tool that enhances how users interact with Microsoft 365 applications, including Word, Excel, PowerPoint, Outlook, and Teams. It uses advanced language models, such as GPT-4, to understand, summarize, create, and predict content. Copilot connects with Microsoft Graph, which allows it to use emails, chats, and documents that you have permission to access, offering help that's relevant to your context. Its uses include:
- Helping to draft documents in Word, using advanced language models to understand, summarize, create, and predict content.
- Creating presentations in PowerPoint, with the ability to generate images using DALL-E, an AI tool that can create realistic images from text descriptions.
- Summarizing email conversations in Outlook, using natural language processing to extract the main points and actions from long threads.
- Assisting in real-time during Teams meetings, using speech recognition and natural language understanding to transcribe, translate, and suggest responses.
Copilot is designed with a focus on maintaining high standards of security, compliance, and privacy.
Sensitivity labels in Microsoft 365
Sensitivity labels are a key feature of Microsoft Purview Information Protection, helping organizations to classify and protect their data. You can customize these labels to suit different levels of data sensitivity, such as Personal, Public, or Confidential. Sensitivity labels can apply protection settings like:
- Encryption: This setting protects the data from unauthorized access, even if it's shared outside the organization or stored on a device that's lost or stolen.
- Content markings: This setting adds visual indicators to the data, such as watermarks, headers, and footers, to show the level of sensitivity and ownership.
- Access restrictions: This setting limits who can access, edit, print, or forward the data, based on the user's identity and role.
They're also useful beyond Microsoft services, working with third-party applications and devices. Sensitivity labels play an important role in data security within Microsoft 365, especially when used with Microsoft 365 Copilot. This combination ensures that business and compliance policies are consistently followed.
Copilot's role with sensitivity labels
The way Copilot works with sensitivity labels is key to improving data protection in Microsoft 365. Copilot can:
- Recognize and use the labels during user interactions, helping to keep labeled data secure and compliant.
- Respect the encryption specified by the labels, checking if users have the right permissions before accessing labeled data.
- Identify and applying the appropriate labels to the content that it generates, based on the data source and the user's preference.
For instance, if an HR manager uses Copilot in Microsoft 365 Chat to create a report from documents with different sensitivity levels, Copilot identifies these labels and make sure the report meets the required privacy standards. This integration ensures that Copilot's AI-driven features enhance productivity without risking data security.
Use sensitivity labels with Microsoft 365 Copilot
Combining sensitivity labels with Microsoft 365 Copilot brings benefits in both security and productivity:
- Automated label inheritance: Copilot automatically adopts the sensitivity labels of the source files it uses. When Copilot creates new content from these files, it inherits their labels and protection settings, keeping data security consistent in new documents.
- Data security: Copilot follows the protection settings of sensitivity labels, like encryption. This means data security is upheld, even when using AI features to handle or analyze sensitive information.
- Compliance: Copilot manages sensitive data according to the organization's security protocols and compliance standards.
Consider this example: Imagine a legal team working on a sensitive case. They use Copilot in Microsoft 365 to analyze a collection of legal documents. These documents are labeled with different sensitivity levels, ranging from General to Highly Confidential. As the legal team queries Copilot to summarize key points from these documents, Copilot recognizes each document's sensitivity label. For documents labeled Highly Confidential, it restricts the summary's detail level, ensuring that sensitive information isn't inadvertently disclosed. This way, Copilot provides valuable insights while adhering to the firm’s strict confidentiality protocols.
Get started with using sensitivity labels for Microsoft 365 Copilot
To start using Microsoft 365 Copilot and sensitivity labels:
| Step | Description | Learn more |
|---|---|---|
| Verify prerequisites for Copilot and sensitivity labels | Ensure your IT infrastructure is ready for Copilot and sensitivity labels, including necessary network configurations and software updates. | - Microsoft 365 Copilot requirements - Get started with sensitivity labels |
| Understand label interaction | Familiarize yourself with how Copilot recognizes and adheres to sensitivity labels, including respecting permissions set by these labels for different types of content. | Sensitivity labels and Microsoft 365 Copilot |
| Check licensing requirements | Confirm that you have the appropriate Microsoft 365 E3/E5 licenses for Copilot and Microsoft Purview Information Protection for sensitivity labels. | - Microsoft 365 Copilot service description - Microsoft Purview Information Protection: Sensitivity labeling service guide |
| Create and publish sensitivity labels | Use the Microsoft Purview compliance portal to create and publish sensitivity labels. Set up auto-labeling policies if needed, keeping in mind both client-side and service-side labeling. | - Create and configure sensitivity labels and their policies - Apply a sensitivity label to content automatically |
Limitations and considerations using Copilot with sensitivity labels
Being aware of the limitations and considerations is important for safely and effectively using Copilot:
- Label inheritance and overrides: Copilot respects the inheritance of sensitivity labels, where an inherited label can replace a manually applied lower priority label. However, it doesn't override a manually applied label of higher priority.
- Double Key Encryption (DKE) restrictions: Copilot can't access or use data protected by DKE, which is intended for your most sensitive data that is subject to the strictest protection requirements. Copilot doesn't process items protected by DKE (Double Key Encryption).
- Limitations in recognizing labels in certain contexts: Copilot currently doesn't recognize sensitivity labels that protect Teams meetings and chats. For instance, data returned from a meeting chat doesn't display an associated sensitivity label, and the label can't be inherited.
- App-specific exceptions: There are specific limitations in applications like PowerPoint and Word, where Copilot can't generate content from encrypted files. Additionally, in Microsoft Edge, unless DLP is used, Copilot can reference encrypted content only if the user has certain rights.
- Microsoft 365 Chat considerations: When Copilot is used with Microsoft 365 Chat, it can retrieve and use specific content that is encrypted separately from its sensitivity label. This functionality depends on the user's permissions.
For more considerations deploying Microsoft Purview for copilot, see Considerations for deploying Microsoft Purview data security and compliance protections for Copilot