Table of Contents
Updates Rolling Out in September 2024
On August 15, 2024, Microsoft announced updates for Microsoft Copilot slated “to bring enterprise data protection to more organizations.” Given the profusion of Copilots in the Microsoft ecosystem, it’s important to realize that this is not Copilot for Microsoft 365. Instead, Microsoft Copilot is the free version-for-customers that doesn’t use LLMs trained on Microsoft Graph data.
The big change is that those who sign into the Microsoft Copilot web app with an Entra ID account can take advantage of Enterprise Data Protection (EDP). Microsoft says that EDP brings the following benefits:
- We secure your data: We help protect your data with encryption, at rest and in transit, rigorous physical security controls, and data isolation between tenants.
- Your data is private: We won’t use your data except as you instruct. Our commitments to privacy include support for GDPR, ISO/IEC 27018 and the Data Protection Addendum.
- Your access controls and policies apply to Copilot: Prompts and responses are logged, retained, and available for audit, eDiscovery, and advanced Microsoft Purview capabilities. The specific controls will vary depending on the underlying subscription plan.
- You are protected against AI security risks: We help safeguard against AI-focused risks such as harmful content and prompt injections.
- Your data isn’t used to train foundation models: Prompts and responses are not used to train foundation models.
Copilot Security Weaknesses Reported at Black Hat Don’t Apply Here
The assertion about protecting Copilot against AI security risks is especially interesting in light of the discussions at the Black Hat U.S.A. 2024 conference where a presentation covered a number of weaknesses security researchers say exist in Copilot for Microsoft 365. The techniques explored during the presentation focused on exploiting information accessed by Copilot through Graph API requests, which Microsoft Copilot doesn’t use. The exploits include a Remote Code Execution (RCE) where an email sent to a user apparently influenced the results displayed by the Copilot for Microsoft 365 chat app to entice the user to send a payment to an incorrect bank account.
The researchers say that the RCE involved an email sent from a Google account to a user with Microsoft 365 E5 and Copilot) licenses. Although the presentation material is online, I have been unable to replicate the issue. It’s entirely possible that this is due to my incompetence. It might also reflect the fact that Microsoft 365 is so configurable that it’s difficult to replicate the exact circumstances in which such a RCE might be possible.
Microsoft stayed silent on whether the changes made for Microsoft Copilot will close the gaps described at Black Hat. It’s inevitable that people will assume that a weakness in one Copilot afflicts all Copilots. The possibility exists that some of the issues highlighted do afflict Microsoft Copilot, but the purported RCE does not because it’s dependent on Copilot being able to read data from an email when responding to a user prompt that involves a spreadsheet stored in a SharePoint Online site. These resources are just not available to Microsoft Copilot. Despite the focus on Microsoft Copilot in this announcement, it would have been nice if Microsoft has seized the opportunity to say something about the issues raised at Black Hat to reassure customers who use Copilot for Microsoft 365.
Pinning Microsoft Copilot
Available now is a new setting in the Microsoft 365 admin center to pin Microsoft Copilot to app navigation bars. This happens automatically already for Copilot for Microsoft 365 and is now being extended to cover Microsoft Copilot from mid-September 2024 in apps like Teams, OWA, and the new Outlook. Microsoft recommends (of course) that tenants configure the setting to pin Copilot (Figure 1) so that apps pick up the setting when the necessary updates roll out.
For more information about these and other updates announced by Microsoft, including a refreshed user interface for Microsoft Copilot, see their FAQ.
More News to Come?
It’s easy to become confused with the plethora of Copilots produced by Microsoft. In this case, security for the version that doesn’t interrogate the Microsoft Graph to generate answers for users is being upgraded. Given the issues raised at the Black Hat conference, it would be nice to hear that the Microsoft 365 version will receive enhanced security too. I suspect we’ll be hearing from Microsoft on that topic very soon.
So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across the Microsoft 365 ecosystem. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.