How Microsoft Purview DLP currently can help you protect confidential data in Copilot.

on
Organizations today face a difficult balancing act. Business leaders are eager to adopt tools like Microsoft Copilot to unlock productivity and innovation. Meanwhile, IT and security teams are concerned about safeguarding sensitive information, especially as AI-driven features process vast amounts of organizational data. This tension is real: enabling advanced capabilities without compromising compliance or data protection is a challenge every modern enterprise must solve. Microsoft Purview Data Loss Prevention (DLP) is a key solution to this problem. It provides mechanisms to prevent confidential data from being exposed or misused, even in scenarios involving AI. I want to highlight two features designed to help organizations in controlling what is being processed by Copilot. Blocking Documents Based on Sensitivity Labels One of the foundational features of Purview DLP is its ability to enforce policies based on Microsoft Information Protection sensitivity labels. If your organization...

Sensitivity labels in Teams

on
A new feature for Sensitivity labels in Azure AD will soon be available to Teams, and can really ensure guests are not invited accidentally into a team with internal or sensitive information.

The feature behind this is currently in preview and can be found described on this page. After the preview has been enabled, a new option appears when labels are created (I have not discovered a way to update existing labels, but I'm hoping this will be a possibility once the feature goes into GA).

By not selecting the highlighted option, it suddenly becomes "impossible" to invite guests to the Team, the site or the group in question.

Please note the current defaults on the image was to not to allow any guests, and the section on managed devices was to block all non-compliant. Be careful not to set policies that could possibly block users from doing their job.

Once the label has been created, it can must be published before group creators have the labels available to them. Existing groups and teams can also have this label added once it is available.

This addition, described as road-map item 57275, is a most welcomed one for my customers who are concerned about the accidental addition of guests into groups or teams where they have sensitive information stored.

The feature requires Azure AD P1 licenses. It is already rolling out, and should be completed by the end of this year according to a message in the O365 admin portal last week.