Similar to the Exchange logging situation, unless you have the proper licenses in place, you will need to rely on trial versions of Purview in order to investigate and/or remove data from the Copilot infrastructure that you didn’t intend to have indexed.

Make sure AI testing and policies are in place

My recommendation in regard to anything with artificial intelligence is to ensure that you have a testing project in place and appropriate policies regarding what is acceptable in your firm. AI is being placed in many technologies and you may not realize that your users already have the ability to use AI tools in their interactions even without rolling out official tools and technologies.

Ensure that you have pilot projects and a testing team already working on your policies and procedures. You can review your readiness in the Microsoft 365 admin center: Usage reports – Microsoft Copilot for Microsoft 365 which gives you an overview of your Company readiness for this technology.

Note that if you do not use the Current channel for Office and rely instead on slower updating channels such as the semi-annual enterprise channel, these are not supported for Microsoft Copilot for 365 — be aware of patching channels and their impact on Copilot.

Microsoft to provide review capability for other cloud services

Microsoft also is aware that we don’t just use their cloud, but many other cloud services. Thus, Purview is also being enhanced with the capacity to review for insider risks, IP theft, and other risk indicators across multiple cloud services such as Azure, AWS and other SaaS applications.

Attackers are using such cloud file sharing services as Box, Dropbox, and Google Drive to provide lures and phishing links across organizations. Purview is adding its Insider Risk Management portal to support these multi-clouds starting in March 2024.

Microsoft Purview will also preview a service that will review and detect if there is offensive or inappropriate communications going on between managerial levels. If your firm includes Communication compliance classifications in Azure Active Directory, starting in mid-2024, Microsoft will roll out a preview of a service to monitor such communication and flag inappropriate language. The usernames will be pseudonymized and investigations will be approved by an administrative review.

Microsoft 365 is truly a work in progress and security teams need to be proactive and vigilant for the impact of changes and new features on security posture and the exposure of sensitive information. If you do not currently have enhanced logging, you need to review your options accordingly.