Before we finish our 4-part blog series on Copilot for Microsoft 365, let’s remind ourselves of how we got to this point. Partners repeatedly tell SkyKick that they segment their customers into three groups or stages to get a better understanding of where their customers are in their journey to Copilot:
Drive Microsoft 365 Adoption – Copilot needs data to ground its answers in. The path to Copilot begins with assessing if each customer has sufficient data in M365 for Copilot to be useful. We discussed this in the first blog post here.
Deploy Basic Security Readiness – Making sure the customer’s tenant has basic security in place before unleashing. We discussed this in the second blog post of the series here.
Investigate Risk and Resilience – Adding the next layer of security including security framework compliance requirements. This is today’s blog post topic.
Applying Additional Security for Risk and Resilience
In the previous blog post, we covered the importance of analysing and configuring basic security settings, and how to practice this across all your customers’ tenants in a scalable and repeatable manner.
Once these basic settings are configured properly, partners usually then go back to the customer to engage them in more detailed conversation around the higher ‘user impact’ or high ‘implementation cost’ items. The additional security elements most relevant to Copilot, as suggested by Microsoft, are as follows:
- Configure Microsoft 365 Retention Policies and Labels
- Create Microsoft 365 DLP (Data Loss Prevention) Policies
- Analyse and Configure SharePoint and OneDrive Sharing Settings
- Analyse and Configure Teams External and Guest Settings
You will find all these commands towards the end of the SkyKick’s workflow: Plan and Deploy Microsoft 365 Copilot.
Workflow: Plan and Deploy M365 Copilot
For these final steps in your customer’s journey to Copilot, most if not all of these are best applied after understanding the customer’s current configuration, after speaking with the customer to understand any more specific compliance requirements, and after getting final customer signoff to improve their tenant’s security in preparation to use Copilot.
Configure Retention Policies – Two primary reasons to run this command are to assess whether the customer is complying with industry regulations, and to reduce your customer’s risk in the event of litigation or security breach. With respect to Copilot, this command can help the organisation share knowledge safely while ensuring users work only with content which is current, relevant, and safe to use.
Create Microsoft 365 DLP Policies from Templates – Most customers have sensitive information under their control such as financial data, proprietary data, credit card numbers, health records, government ID numbers, and personal identifiable information (PII). By default, Copilot may return such sensitive data in situations where it should not be shared. To help protect this sensitive data and reduce the risk from oversharing appearing in a Copilot response, you need a way to help prevent their users from inappropriately sharing sensitive data with people who shouldn’t have it. This important best practice is called Data Loss Prevention (DLP).
Analyse and Configure SharePoint and OneDrive Sharing settings – There are a few commands in Security Manager’s Copilot workflow to allow you to research file activity, sharing activity, and sharing settings. Based on your research, you will then understand how freely information is being shared internally and externally, and therefore what access Copilot may also have to this data to ground its answers. Use ‘Set SharePoint Online and OneDrive for Business Sharing Settings’ to then realign the customers tenant to Microsoft best practices.
Analyse and Configure Teams External and Guest Settings – Similar to the commands above, there are two commands to investigate and configure external and guest access for Microsoft Teams. Remember Teams is a powerful way to share date, so it is important to use these commands to understand who can access Teams from outside the organisation and either share or access sensitive data which could later pose a security risk if accessed and distributed by Copilot.
Workflow Recap
We now find ourselves at the end of the workflow. Plan and Deploy Microsoft 365 Copilot.
As a reminder, this single workflow contains all the steps covered in this blog post series. When running the workflow, any of these steps can be skipped when running through the three stages of Copilot readiness.
Once you’ve gotten across the finish line with one customer, this workflow allows you to repeat the process with your next customers in a scalable and repeatable manner, and manage multiple customers’ journey simultaneously.
Don’t forget to use the ‘User Readiness Report’ mentioned in the first blog post to figure out who your next customers pilot users may be. Then enable them using the ‘Manage Users or Groups Licensing in Bulk’ command at the end of the workflow.
Protect the Data that Copilot References
Is there anything we missed?
Oddly enough there is, and it’s an important consideration you should make throughout whole process: M365 Backup.
As we know, Copilot grounds itself in the corporate data within a customer’s tenant. Without that data, Copilot for M365 has nothing to reference.
For this reason, customers should be urged to implement a backup solution such as SkyKick Backup. When choosing a backup solution, you should ensure that your backup is:
- Comprehensive – As Copilot is using data from most Microsoft 365 services, your backup needs to cover all services currently used by the customer including Exchange, OneDrive, SharePoint, Teams, and Planner.
- Compliant – Because you are ensuring your customers tenant meet any regulatory requirements, best practice is to ensure your backup also supports those requirements.
- Complete – Not only do you need to ensure all Microsoft 365 services are covered, you need to make sure the data across all your users is covered. Initially you may have only selected a subset of users or data to backup, but with Copilot your customers should ensure all user data is backed up. If you lose the data, Copilot is less effective and the lack of results can have adverse business impact.
Conclusion: Copilot Blog Series
Thanks for taking the time to read through the blog series on our workflow: Plan and Deploy Copilot for Microsoft 365. We hope the information within this series and the workflow itself make it easier for you to plan which customers you will work with first, help you configure their tenant in preparation for Copilot securely and get you started with your first set of pilot users, all in a scalable and repeatable manner.
If you already have Cloud Manager, give the workflow a run through and let me know via LinkedIn how you get on. We want to hear from you how useful if it has been and if there is anything else we need to add or change.
If you don’t have Cloud Manager yet, today is the day to address that. Click on the link below.
Already a Security Manager subscriber? Use the workflow now