Copilot Control System security and governance

When you implement Microsoft 365 Copilot and agents, you might face new and amplified risks related to security, compliance, privacy, and governance. This security and governance framework helps you mitigate these issues in the following components:

• Microsoft 365 Copilot
• Microsoft 365 Copilot Chat
• Microsoft 365 prebuilt agents
• Agents created in Microsoft Copilot Studio and published to Microsoft 365 channels

This article refers to foundational and optimized controls. In general, those terms refer to the following products and services:

• Foundational: controls for security and governance in the Microsoft 365 admin center, SharePoint Advanced Management, and Microsoft Purview with an A3/E3/G3 license.

• Optimized: controls in Microsoft Purview and Microsoft Defender for Cloud Apps with an A5/E5/G5 license.

The security and governance pillar of the Copilot Control System focuses on the following key capabilities:

• Data security
• AI security
• Compliance and privacy

Data security

First and foremost, safeguard your organization's information. Depending on your current licensing, use Microsoft Purview and SharePoint Advanced Management to assess oversharing risks. You can also use Microsoft Purview for policy recommendations and to take corrective actions. These actions help you to be confident that sensitive data remains protected, and access is limited to only those users who need it, including with Copilot and agents.

Foundational data security and governance controls

In SharePoint Advanced Management and Microsoft Purview with an A3/E3/G3 license, you get the following foundational data security and governance controls:

• Identify potentially overshared data across all of Microsoft 365. Routinely run the following reports:

  • Data access governance reports for SharePoint sites let you identify overshared data for sites. You can also send a site access review to owners of overshared sites.

• Remove organization-wide site access as needed.

  • Use SharePoint to manually configure this access or automate the configuration with Windows PowerShell. For more information, see Restrict SharePoint site access with Microsoft 365 Groups and Microsoft Entra security groups.

  • To restrict user, Copilot, and agent access to overshared sites while remediating risks, use SharePoint restricted content discovery or SharePoint restricted access control.

  • Use Microsoft Purview Information Protection site sensitivity labels. For more information, see Use sensitivity labels with Microsoft Teams, Microsoft 365 Groups, and SharePoint sites.

• Improve Copilot and agent responses by archiving or deleting unneeded content.

  • To identify and manage inactive or ownerless SharePoint sites, and then archive or delete them, use SharePoint site lifecycle management.

  • Use Microsoft Purview Data Lifecycle Management to identify and delete files you don't need.

In Microsoft Purview with an A3/E3/G3 license, you get the following foundational data security controls:

• Get notifications when new oversharing occurs with options for remediation. For more information, see Microsoft Purview Data Loss Prevention.

• Secure sensitive data through file level access controls. For more information, see Apply encryption using Microsoft Purview Information Protection sensitivity labels.

• View reports of sensitive data and unprotected files referenced in Copilot and agent interactions. For more information, see the reports in Microsoft Purview Data Security Posture Management (DSPM) for AI.

• Use Microsoft Purview Information Protection sensitivity labels for the following controls:

  • Detect when content contains sensitive data and ask the user to manually apply protections.

  • Protect files even if a user moves or downloads them.

Optimized data security controls

In Microsoft Purview with an A5/E5/G5 license, you get the following optimized data security controls:

• Use Microsoft Purview data security posture management (DSPM) for AI for the following controls:

  • Create data risk assessments targeted to specific Microsoft 365 locations, such as SharePoint sites and OneDrive.

  • Receive and act on policy suggestions to mitigate your specific oversharing risks.

• To detect when content contains sensitive data and automatically apply protections, use Microsoft Purview Information Protection sensitivity labels.

• Use Microsoft Purview Insider Risk Management for the following controls:

• Get alerted to risky user actions that deviate from their usual pattern of behavior. For more information, see Insider Risk Management policy templates.

• Correlate and sequence risk alerts to identify high severity risk patterns for a user. For more information, see Insider Risk Management policies for sequence detection.

• Automatically add a user to more strict security policies based on their risk patterns. For more information, see Adaptive protection for insider risk management.

AI security

You also need to safeguard AI-powered tools and their associated data against evolving threats. The Copilot Control System provides controls to monitor, detect, and respond to AI-related risks. For example, oversharing of sensitive information, anomalous user behavior, and misuse of generative AI capabilities. Use these controls to ensure that AI integrations remain secure, compliant, and resilient against both internal and external threats.

Foundational AI security controls

Copilot already includes built-in protections against AI-based attacks. These protections include, but aren't limited to, the following protections:

• Block prompt injection attacks

• Block harmful content

• Detect protected material

In Microsoft Purview with an A3/E3/G3 license, you get the following foundational AI security controls:

• To view prompt and response text and referenced files, search and export with Microsoft Purview eDiscovery.

• For Copilot and agent responses and documents created by Copilot and agents to inherit sensitivity labels and protections, use Microsoft Purview Information Protection sensitivity labels.

Optimized AI security controls

In Microsoft Purview with an A5/E5/G5 license, you get the following optimized AI security controls:

• To prevent Copilot and agents from processing certain sensitive files and from using them in responses, use Microsoft Purview Data Loss Prevention for Microsoft 365 Copilot and agents.

• To get alerted to risky AI use, such as an attempted prompt injection attack or use of sensitive data, use Microsoft Purview Insider Risk Management.

• To block high risk users from accessing sensitive content using Copilot and agents, use Adaptive protection for insider risk management.

• To view prompt and response text, any web queries used during grounding, and referenced files use activity explorer in Microsoft Purview Data Security Posture Management for AI.

Compliance and privacy

The third aspect of security and governance in the Copilot Control System is to ensure that you can monitor, audit, and manage how Copilot and agent interactions comply with regulatory and internal standards. Use Microsoft Purview to provide comprehensive oversight of Copilot activities. With these controls, you can protect sensitive information, maintain privacy, and demonstrate regulatory compliance when you deploy and use Microsoft 365 Copilot and agents.

Foundational compliance and privacy controls

In Microsoft Purview with an A3/E3/G3 license, you get the following foundational compliance and privacy controls:

• To audit Copilot and agent interactions, access detailed log information with Microsoft Purview Audit for Copilot and AI applications.

• To enforce retention and deletion policies for the following features, use Microsoft Purview Data Lifecycle Management:

  • Microsoft 365 Copilot and agent interactions

  • Microsoft Teams meeting recordings and transcripts

• Use Microsoft Purview eDiscovery for the following controls:

  • Include a user's Copilot and agent prompts and responses in a legal hold. For more information, see Holds and hold policies.

  • Search for litigation or an investigation and include content that Copilot and agents generate.

Optimized compliance and privacy controls

In Microsoft Purview with an A5/E5/G5 license, you get the following optimized compliance and privacy controls:

• To receive an alert if a possible compliance or ethical violation occurs and then start an investigation, use Microsoft Purview Communication Compliance.

• To assess and track adherence to regulatory frameworks, use Microsoft Purview Compliance Manager.

Zero Trust

Microsoft provides detailed documentation for implementing the principles of Zero Trust in your organization, and specific considerations for Microsoft 365 Copilot and Copilot Chat. Zero Trust isn't a product or service, but an approach in designing and implementing the following set of security principles:

• Verify explicitly
• Use least privileged access
• Assume breach

For more information, see Use Zero Trust security to prepare for Copilot.

Related content

• Data, Privacy, and Security for Microsoft 365 Copilot

• SharePoint Advanced Management

• Microsoft Purview

• Copilot Control System - Microsoft Adoption