New Resource - Copilot for Microsoft 365 Risk Assessment QuickStart Guide  

The "Copilot for Microsoft 365 Risk Assessment QuickStart Guide" provides a comprehensive overview of potential AI risks associated with Microsoft 365 Copilot and outlines strategies to mitigate these risks. The document serves as a foundational reference for organisations conducting risk assessments and aiming to ensure the responsible use of AI within Microsoft 365. 

 

Key Insights

 How Copilot for Microsoft 365 Works 

Copilot leverages natural language processing and machine learning to help users by processing their input prompts, fetching relevant data, and generating actionable responses. This system ensures that Copilot only accesses data users are authorised to view, thus maintaining data privacy and security. 

 

Shared Responsibility in Risk Mitigation 

The guide emphasises that mitigating AI risks is a joint effort between Microsoft and its customers. Organisations must comply with Microsoft's Acceptable Use Policy and the Azure OpenAI Code of Conduct, while also training their users on AI's limitations. 

 

AI Risks and Mitigations Framework 

The document identifies several AI-specific risks and Microsoft's strategies to mitigate them: 

  • Bias: Measures are in place to ensure fair treatment across demographic groups, with specific mitigations in place for marginalised communities. 

  • Disinformation: Grounding responses in customer data helps mitigate the risk of spreading false information. 

  • Overreliance & Automation Bias: Users are informed that they are interacting with AI, and disclaimers highlight the potential for errors in AI-generated content. 

  • Ungroundedness: A defence-in-depth approach includes performance measures, metaprompt engineering, and abuse monitoring to minimise hallucination risks. 

  • Privacy: Strong privacy commitments ensure user data remains confidential and secure, with additional protections and compliance with global regulations. 

  • Resiliency: Microsoft ensures service resilience through redundant architecture, data replication, and automated integrity checking. 

  • Data Leakage: Permissions models and rigorous security measures prevent unauthorised data access. 

  • Security Vulnerabilities: Microsoft follows Security Development Lifecycle (SDL) practices to ensure robust security throughout the development process. 

 

Security Development Lifecycle (SDL) Updates 

Microsoft continuously updates its SDL to address emerging AI risks. The document outlines specific practices, including threat modelling, cryptography standards, and regular penetration testing to ensure security. 

 

Pre-release Security Evaluations and AI Red Teaming 

Before any update, Copilot undergoes thorough security evaluations and red teaming exercises. These processes identify and mitigate potential AI-specific vulnerabilities, ensuring robust security before deployment. 

 

Third-Party Vulnerability Assessments 

Microsoft engaged a third-party assessor for penetration testing of Copilot implementations, focusing on identifying vulnerabilities and ensuring secure application infrastructure. 

 

The "Copilot for Microsoft 365 Risk Assessment QuickStart Guide" is an invaluable resource for organisations and Microsoft partners. By following the outlined strategies and frameworks, partners can ensure the responsible deployment and use of AI technologies, enhancing productivity while maintaining robust security and compliance. 

For more information and to download the QuickStart guide, see Now Available: the Copilot for Microsoft 365 Risk Assessment QuickStart Guide - Microsoft Community Hub. 

 

Copilot with Enterprise Data Protection 

Starting mid-September, several updates will be rolled out to enhance Microsoft Copilot with Enterprise Data Protection (EDP). These changes aim to bolster data security, privacy, and compliance for users with a Microsoft Entra account, without affecting Copilot for Microsoft 365. 

 

Key Changes 

  • Enterprise Data Protection (EDP): EDP refers to the set of controls and commitments under the Data Protection Addendum (DPA) and Product Terms that apply to customer data. It ensures that user prompts and responses are protected by the same contractual terms trusted by customers for their emails in Exchange and files in SharePoint. 

  • Ad-Free Experience: From mid-September, Microsoft Copilot will offer an ad-free experience for users signed in with a Microsoft Entra account, ensuring a clean and focused user interface. 

  • Access and User Interface: Users with an Entra account can access Microsoft Copilot from various platforms including www.microsoft.com/copilot, Copilot in Microsoft Edge, and the Microsoft 365 app. The Copilot app icon on the Windows taskbar will be replaced by the Microsoft 365 app icon starting late September 2024. 

  • Higher Education Access: Higher education students aged 18+ will have access to Microsoft Copilot with EDP, including all SKUs such as Microsoft and Office 365 A1/A3/A5 and those using the Student Use Benefit. 

  • Data Handling: Prompts and responses will stay within the Microsoft 365 service boundary, supporting GDPR, ISO/IEC 27018, and other data protection commitments. Prompts and responses are not used to train foundation models under EDP. 

  • Web Search Queries: Web search queries generated by Copilot will be protected and will not include the user's prompt, entire files, web pages, or any identifying information. These queries will remain within the service boundary and are not shared with advertisers. 

 

These updates reinforce Microsoft's commitment to providing secure, private, and compliant AI experiences for its users, reflecting the company's dedication to maintaining high standards of data protection and user trust. 

For more information and to download the FAQ, see Updates to Microsoft Copilot to bring enterprise data protection to more organisations - Microsoft Community Hub. 

 

Copilot Updates  

Over the last couple of months there have been several updates to Copilot for Microsoft 365, here’s a summary of some of the key updates: 

  • Integrated Bing Search in Word: Users can ask questions directly in the Copilot Word chat and get answers using Bing search without leaving the document. 

  • PowerPoint Improvements: Copilot can create presentations from Word documents, PDF documents, and summarise specific slides or entire presentations. 

  • Excel Enhancements: Copilot can reason over data ranges with just a single row of headers, simplifying data analysis. 

  • Time-Specific Information: Copilot can identify and provide information about specific time periods, such as yesterday, last month, or last year, enhancing its utility for time-sensitive tasks. 

  • Catch Up Feature: This feature helps users quickly catch up on missed emails and updates, ensuring they stay informed and up to date. 

  • Draft and Refine Content: In Word, Copilot assists with drafting and refining content, such as revising or paraphrasing existing content or explaining your selected content in more detail, making it easier to create polished documents.  

For more information about the updates to Copilot, see Latest updates for Microsoft Copilot - Microsoft Support.  

 

Copilot Dashboard 

The Microsoft Copilot Dashboard is a tool included with Copilot for Microsoft 365 licenses, designed to help organisations understand and drive the adoption of Copilot. It provides actionable insights through metrics on readiness, adoption, impact, and sentiment, aiding in data-driven decision-making for AI transformation.  

In August, several new features were released for Copilot dashboard: 

  • Trendline Feature: Track Copilot adoption trends over the past 6 months, including metrics like the number of licensed employees and active users. 

  • Value Estimation: Customize and estimate Copilot’s impact by multiplying Copilot-assisted hours by an average hourly rate. 

  • Metric Guidance: Research-backed guidance for comparing different groups of Copilot usage, helping interpret changes in meetings, email, and chat metrics. 

  • Delegate Access: Leaders can delegate access to the Copilot Dashboard to others in their company for improved visibility and efficiency. 

 

Microsoft Copilot Dashboard has recently been made available as part of Copilot for Microsoft 365 licenses and no longer requires a Viva Insights premium license. The rollout of the Microsoft Copilot Dashboard to Copilot for Microsoft 365 customers started in July. Customers with over 50 assigned Copilot for Microsoft 365 licenses or 10 assigned premium Viva Insights licenses have begun to see the Copilot Dashboard. Customers with fewer than 50 assigned Copilot for Microsoft 365 licenses will continue to have access to a limited Copilot Dashboard that features tenant-level metrics. 

 

For more information, see the Microsoft blogs below: 

New Microsoft Copilot Dashboard Features Now Available – August 2024 - Microsoft Community Hub 

The Microsoft Copilot Dashboard is now included with Copilot for Microsoft 365 - Microsoft Community Hub 

As always, if you have any questions, please feel free to reach out to lauren.nobbs@dickerdata.co.nz.