Safeguarding Sensitive Data in Microsoft 365 Copilot with Purview DLP (GA Release)

on
The challenge with sensitive data and access to Copilot Microsoft 365 Copilot empowers users with AI-driven assistance across Microsoft 365 apps, but it also raises concerns about accidental oversharing of sensitive information. In response, Microsoft has extended its Purview Data Loss Prevention (DLP) capabilities to Microsoft 365 Copilot, allowing organizations to enforce information protection policies within AI workflows. The DLP for Microsoft 365 Copilot has been in preview for some time, but Microsoft has now announced it is released for GA (General Availability). Among some of the interesting features are new features like alerting and policy simulation. Key details:  Rollout Timeline: As of June 2025, the rollout has begun. It should be completed worldwide by late July 2025. Scope: Initially, DLP for Copilot was available for Copilot Chat scenarios. By the time of GA this is expanding to Copilot in core Office apps (Word, Excel, PowerPoint) as well. Ensuring that DLP prote...

Enable or edit Lync users based on AdGroupMembership

on
In my previous blogposts on Lync user management using PowerShell, I have demonstrated how you can edit  by using an OU search string, or import a csv file. I thought maybe it would be nice to show how to add/manage Lync users by searching for a AD Group. It might be a bit tricky, but it is possible.

I have created a tiny script to prompt the admin for the group name, find users within that group, enable them for Lync and finally enabling the user for Enterprise voice (Presuming the phone attribute in AD is populated in the correct E.164 format, or the script might need adjustment) and setting a specific policy (just because I can, not because I have to).

Something worth mentioning, the set-csuser doesn't seem to like being pipelined to, which is why the get-adgroup is run twice.

The first part of the script is not doing anything, it's just a reminder to import the ad module. The first thing you have to do, is to enter the ADGroup Name (the display name of the group).


When the ADGroup is known to the script, we move on to enabling those users for Lync (skip this part if they are already enabled, but you want to edit users). This is quite straight forward.


But I'm not done yet. I also want to enable the user for voice, and grant him a client policy (These are just examples. Your imagination of PS command combinations is your only limitation).

Doing all I wanted to gave me an unexpected problem. As it turns out, the "get-adgroupmember" will not return the phone property of the user, and it became a challenge to figure out a way to get that property. That is why there are two foreach statements with in this last section. After we get hold of the adgroupmemner name, we can run the get-csaduser with that name (A bit dirty? I know, but it works).


As you can see, the script is fetching the $_.phone attrib of the user, and uses it to create the LineURI after adding the "tel:" prefix.

If you want to take a closer look at the actual script, it can be found right here. Have fun playing with it :)