SlideShare a Scribd company logo

Ready Set Secure your Data |GRC User Group| Oct 2024.pdf

Nikki Chapple, profile picture
Nikki Chapple

The document outlines data governance strategies for Microsoft 365 Copilot, highlighting the importance of workspace governance to prevent data oversharing. It emphasizes securing files with sensitivity labels and managing user roles and responsibilities to ensure effective data stewardship. The recommendations aim to prepare organizations for the integration of AI in their workflows while maintaining data security.

Technology
Related topics:
Data Security Microsoft 365 Copilot Microsoft Copilot Gen AI Generative AI Microsoft PurviewData Governance InsightsMicrosoft Teams Insights
1 of 40
Downloaded 33 times
1
2
3
4
5
6
7
8
9
10
Most read
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Ready, Set, Secure: Data Governance for Microsoft 365 Copilot Nikki Chapple Principal Cloud Architect at CloudWay MVP in M365 Apps and Security
About Me Nikki Chapple Principal Cloud Architect nikkichapple @chapplenikki www.nikkichapple.com All Things M365 Compliance
Agenda Are you worried about Copilot for Microsoft 365? Is your data ready for Copilot? How to govern your workspaces and secure your data
Are you worried about Microsoft 365 Copilot?
The issue Employees want AI at work - and they won’t wait for their organisation to catch up
What are your main concerns about Copilot for Microsoft 365?
Microsoft & LinkedIn Work Trend Index Report Three out of four people already use AI at work 2024 Work Trend Index Annual Report from Microsoft and LinkedIn)
ISMG Generative AI Survey CISO Concerns REPORT-Business-Rewards-vs-Security-Risks.pdf (exabeam.com)
Is your data ready for Copilot?
Copilot scope Most of your data is stored outside Microsoft 365 3rd Party data stores SharePoint OneDrive
You are only working in OneDrive 3rd Party data stores Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
Pioneers start creating ungoverned Teams & Sites 3rd Party data stores Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
3rd Party data stores You create public Teams with default configuration Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
3rd Party data stores No workspace governance just uncontrolled file sharing Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
You migrate all your historic data into Microsoft 365 3rd party Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
Your Admins are owners of all groups, Teams & sites Ungoverned content - Danger of revealing too much
You have implemented data security and governance Governed content – Just enough access and just enough permissions
Ready Set and Secure How to govern your workspaces and secure your data
1. Govern Workspaces To ensure only the right people have access to the right data
Ungoverned Workspaces (Microsoft 365 Groups, Teams and Sites) Ungoverned sites and files: Risk of oversharing Each circle represents a SharePoint site
1. Restricted SharePoint Search – not recommended
2. Convert Public workspaces to Private workspaces Public sites: Copilot can access all Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
3. Use Container sensitivity labels to control access and files sharing links Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
4. Regularly review workspace membership Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
5. Use private/shared channels in Teams to restrict access Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
6. Hide inactive workspaces and use Retention polices to delete unwanted data Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
1.a Best of class workspace governance Premium licensing
7. Block site access to non-members SAM Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
8. Restricted Content Discoverability (GA Nov 2024) - SAM Ungoverned workspaces or sites Governed workspace You + Copilot have access Governed workspace You + Copilot no access Governed workspace You have access Copilot & Search is blocked
Archive 9. Archive your inactive Sites M365 Archive Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
2. Secure your files To prevent oversharing
10. Add Sensitivity labels to your files Labelled files: If you have access, Copilot has access and inherits label Each circle represents a file in a SharePoint site
11. Add Sensitivity labels with encryption Encrypted files: If you have access, Copilot can access Encrypted files: If you can’t access, Copilot can’t access
12. Add Encrypted Sensitivity labels with limited permissions Encrypted files with restricted access: If you have limited access, Copilot can’t access
13. Use Sensitivity labels to block content being analysed by Copilot (+ search) Labelled files that prevent connected experiences : If you can access, Copilot cannot access in WPXO
14. Expire sharing links Governed shared file: You have time bound access Ungoverned shared file: You have time bound access
3. User Roles and Responsibilities It’s not just the technical controls
15. Data is everyone’s responsibility Management Governance and AI policies Workspace owner Workspace membership Data Stewardship Employees Effective Work Practices Sensitive Content Labelling IT Technical controls Data security Copilot Oversharing Incident Management
Summary
3 steps to ready, set and secure your data for Copilot Workspace governance Data security User adoption

More Related Content

PPSX
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Nikki Chapple
 
PDF
Deciphering Copilot Unravelling Data Security and Governance in Microsoft 365...
Nikki Chapple
 
PDF
Microsoft 365 Copilot data security and governance |Commsverse 2024 | June 2024
Nikki Chapple
 
PDF
Copilot for Microsoft 365 data security and governance | Workplace Ninjas Den...
Nikki Chapple
 
PDF
Microsoft 365 Copilot: How to boost your productivity with AI. Part two: Data...
Nikki Chapple
 
PDF
Unlock the Potential of Microsoft 365 Copilot | Norwegian M365 User Group |...
Nikki Chapple
 
PDF
Microsoft 365 Copilot data security and governance with Notes | CollabDays B...
Nikki Chapple
 
PPTX
Prepare your data for Microsoft Copilot with new tools
NicholasMarshallMica
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Nikki Chapple
 
Deciphering Copilot Unravelling Data Security and Governance in Microsoft 365...
Nikki Chapple
 
Microsoft 365 Copilot data security and governance |Commsverse 2024 | June 2024
Nikki Chapple
 
Copilot for Microsoft 365 data security and governance | Workplace Ninjas Den...
Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI. Part two: Data...
Nikki Chapple
 
Unlock the Potential of Microsoft 365 Copilot | Norwegian M365 User Group |...
Nikki Chapple
 
Microsoft 365 Copilot data security and governance with Notes | CollabDays B...
Nikki Chapple
 
Prepare your data for Microsoft Copilot with new tools
NicholasMarshallMica
 

Similar to Ready Set Secure your Data |GRC User Group| Oct 2024.pdf (20)

PPTX
Copilot-for-Microsoft-365-technical.pptx
soulamaabdoulaye128
 
PPTX
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
PPTX
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
Vignesh Ganesan I Microsoft MVP
 
PPTX
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
PPTX
Scottish Summit 2022 - Secure and manage your data in Microsoft Teams
Jasper Oosterveld
 
PDF
May 2020 Microsoft 365 Need to Know Webinar
Robert Crane
 
PPTX
Protecting your Teams Work across Microsoft 365
Joanne Klein
 
PDF
Webinar: Protect your teams work across office 365
ShareGate
 
PPTX
Microsoft Information Protection: Your Security and Compliance Framework
Alistair Pugin
 
PPTX
Workshop security and compliance - SPS Cambridge
Albert Hoitingh
 
PPTX
Safely Enabling Office 365
HammerNJ
 
PPTX
Office 365 Saturday - Office 365 Security Best Practices
Benoit HAMET
 
PPTX
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
Joanne Klein
 
PPTX
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Chirag Patel
 
PDF
Microsoft365-Copilot-Partner-Guide
Erol GIRAUDY
 
PDF
June 2020 Microsoft 365 Need to Know Webinar
Robert Crane
 
PPTX
Understanding Security and Compliance in Microsoft Teams - Scottish Summit 2022
Chirag Patel
 
PPTX
Getting Ready for Copilot for Microsoft 365 with Governance Features in Share...
Juan Carlos Gonzalez
 
PPTX
Securing SharePoint & OneDrive in Office 365
Drew Madelung
 
PPTX
Security and compliance in Office 365 -Part 1
Vignesh Ganesan I Microsoft MVP
 
Copilot-for-Microsoft-365-technical.pptx
soulamaabdoulaye128
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
Vignesh Ganesan I Microsoft MVP
 
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
Scottish Summit 2022 - Secure and manage your data in Microsoft Teams
Jasper Oosterveld
 
May 2020 Microsoft 365 Need to Know Webinar
Robert Crane
 
Protecting your Teams Work across Microsoft 365
Joanne Klein
 
Webinar: Protect your teams work across office 365
ShareGate
 
Microsoft Information Protection: Your Security and Compliance Framework
Alistair Pugin
 
Workshop security and compliance - SPS Cambridge
Albert Hoitingh
 
Safely Enabling Office 365
HammerNJ
 
Office 365 Saturday - Office 365 Security Best Practices
Benoit HAMET
 
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
Joanne Klein
 
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Chirag Patel
 
Microsoft365-Copilot-Partner-Guide
Erol GIRAUDY
 
June 2020 Microsoft 365 Need to Know Webinar
Robert Crane
 
Understanding Security and Compliance in Microsoft Teams - Scottish Summit 2022
Chirag Patel
 
Getting Ready for Copilot for Microsoft 365 with Governance Features in Share...
Juan Carlos Gonzalez
 
Securing SharePoint & OneDrive in Office 365
Drew Madelung
 
Security and compliance in Office 365 -Part 1
Vignesh Ganesan I Microsoft MVP
 
Ad

More from Nikki Chapple (20)

PDF
Protecting Your Sensitive Data with Microsoft Purview - IRMS 2025
Nikki Chapple
 
PDF
Measuring Microsoft 365 Copilot and Gen AI Success
Nikki Chapple
 
PDF
Measuring Copilot and Gen AI Success with Viva Insights and Purview
Nikki Chapple
 
PDF
Microsoft 365 Copilot data quality with semantic index and how Topics plays...
Nikki Chapple
 
PDF
Microsoft Viva and Copilot Governance | M365 ReVival | Feb 2024
Nikki Chapple
 
PDF
Real World Governance Risk and Compliance | European Collaboration Summit | M...
Nikki Chapple
 
PDF
Microsoft 365 Copilot: How to boost your productivity with AI. Part one: Adop...
Nikki Chapple
 
PDF
Cracking the Code- Expert Tips for Mastering GRC | CollabDays Bletchley | Sep...
Nikki Chapple
 
PDF
Microsoft Viva Security and Privacy | CollabDays Bletchley | Sept 23
Nikki Chapple
 
PDF
Demystifying security and privacy in Viva | Commsverse | June 2023
Nikki Chapple
 
PDF
Demystifying security and compliance in Viva | European Collaboration Summit ...
Nikki Chapple
 
PDF
Real World Governance Risk and Compliance | European Collaboration Summit 2023
Nikki Chapple
 
PDF
Dont let governance risk and compliance be a roll of the device | Modern Wor...
Nikki Chapple
 
PDF
Dont let governance risk and compliance be a roll of the dice | ESPC22 | De...
Nikki Chapple
 
PDF
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Nikki Chapple
 
PDF
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
Nikki Chapple
 
PDF
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Nikki Chapple
 
PDF
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Nikki Chapple
 
PDF
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Nikki Chapple
 
PDF
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Nikki Chapple
 
Protecting Your Sensitive Data with Microsoft Purview - IRMS 2025
Nikki Chapple
 
Measuring Microsoft 365 Copilot and Gen AI Success
Nikki Chapple
 
Measuring Copilot and Gen AI Success with Viva Insights and Purview
Nikki Chapple
 
Microsoft 365 Copilot data quality with semantic index and how Topics plays...
Nikki Chapple
 
Microsoft Viva and Copilot Governance | M365 ReVival | Feb 2024
Nikki Chapple
 
Real World Governance Risk and Compliance | European Collaboration Summit | M...
Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI. Part one: Adop...
Nikki Chapple
 
Cracking the Code- Expert Tips for Mastering GRC | CollabDays Bletchley | Sep...
Nikki Chapple
 
Microsoft Viva Security and Privacy | CollabDays Bletchley | Sept 23
Nikki Chapple
 
Demystifying security and privacy in Viva | Commsverse | June 2023
Nikki Chapple
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Nikki Chapple
 
Real World Governance Risk and Compliance | European Collaboration Summit 2023
Nikki Chapple
 
Dont let governance risk and compliance be a roll of the device | Modern Wor...
Nikki Chapple
 
Dont let governance risk and compliance be a roll of the dice | ESPC22 | De...
Nikki Chapple
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
Nikki Chapple
 
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Nikki Chapple
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Nikki Chapple
 
Ad

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Cloud computing and distributed systems.
kkkkkhan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
KodekX | Application Modernization Development
KodekX
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 

Ready Set Secure your Data |GRC User Group| Oct 2024.pdf

  • 1. Ready, Set, Secure: Data Governance for Microsoft 365 Copilot Nikki Chapple Principal Cloud Architect at CloudWay MVP in M365 Apps and Security
  • 2. About Me Nikki Chapple Principal Cloud Architect nikkichapple @chapplenikki www.nikkichapple.com All Things M365 Compliance
  • 3. Agenda Are you worried about Copilot for Microsoft 365? Is your data ready for Copilot? How to govern your workspaces and secure your data
  • 5. The issue Employees want AI at work - and they won’t wait for their organisation to catch up
  • 6. What are your main concerns about Copilot for Microsoft 365?
  • 7. Microsoft & LinkedIn Work Trend Index Report Three out of four people already use AI at work 2024 Work Trend Index Annual Report from Microsoft and LinkedIn)
  • 8. ISMG Generative AI Survey CISO Concerns REPORT-Business-Rewards-vs-Security-Risks.pdf (exabeam.com)
  • 9. Is your data ready for Copilot?
  • 10. Copilot scope Most of your data is stored outside Microsoft 365 3rd Party data stores SharePoint OneDrive
  • 11. You are only working in OneDrive 3rd Party data stores Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
  • 12. Pioneers start creating ungoverned Teams & Sites 3rd Party data stores Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
  • 13. 3rd Party data stores You create public Teams with default configuration Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
  • 14. 3rd Party data stores No workspace governance just uncontrolled file sharing Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
  • 15. You migrate all your historic data into Microsoft 365 3rd party Ungoverned content - Danger of revealing too much Copilot cannot reach - Danger of poor data quality
  • 16. Your Admins are owners of all groups, Teams & sites Ungoverned content - Danger of revealing too much
  • 17. You have implemented data security and governance Governed content – Just enough access and just enough permissions
  • 18. Ready Set and Secure How to govern your workspaces and secure your data
  • 19. 1. Govern Workspaces To ensure only the right people have access to the right data
  • 20. Ungoverned Workspaces (Microsoft 365 Groups, Teams and Sites) Ungoverned sites and files: Risk of oversharing Each circle represents a SharePoint site
  • 21. 1. Restricted SharePoint Search – not recommended
  • 22. 2. Convert Public workspaces to Private workspaces Public sites: Copilot can access all Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
  • 23. 3. Use Container sensitivity labels to control access and files sharing links Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
  • 24. 4. Regularly review workspace membership Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
  • 25. 5. Use private/shared channels in Teams to restrict access Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
  • 26. 6. Hide inactive workspaces and use Retention polices to delete unwanted data Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
  • 27. 1.a Best of class workspace governance Premium licensing
  • 28. 7. Block site access to non-members SAM Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
  • 29. 8. Restricted Content Discoverability (GA Nov 2024) - SAM Ungoverned workspaces or sites Governed workspace You + Copilot have access Governed workspace You + Copilot no access Governed workspace You have access Copilot & Search is blocked
  • 30. Archive 9. Archive your inactive Sites M365 Archive Ungoverned files: Risk of oversharing Governed Sites with access: You and Copilot can access Governed Sites no access: You and Copilot cannot access
  • 31. 2. Secure your files To prevent oversharing
  • 32. 10. Add Sensitivity labels to your files Labelled files: If you have access, Copilot has access and inherits label Each circle represents a file in a SharePoint site
  • 33. 11. Add Sensitivity labels with encryption Encrypted files: If you have access, Copilot can access Encrypted files: If you can’t access, Copilot can’t access
  • 34. 12. Add Encrypted Sensitivity labels with limited permissions Encrypted files with restricted access: If you have limited access, Copilot can’t access
  • 35. 13. Use Sensitivity labels to block content being analysed by Copilot (+ search) Labelled files that prevent connected experiences : If you can access, Copilot cannot access in WPXO
  • 36. 14. Expire sharing links Governed shared file: You have time bound access Ungoverned shared file: You have time bound access
  • 37. 3. User Roles and Responsibilities It’s not just the technical controls
  • 38. 15. Data is everyone’s responsibility Management Governance and AI policies Workspace owner Workspace membership Data Stewardship Employees Effective Work Practices Sensitive Content Labelling IT Technical controls Data security Copilot Oversharing Incident Management
  • 40. 3 steps to ready, set and secure your data for Copilot Workspace governance Data security User adoption