Safeguarding Sensitive Data in Microsoft 365 Copilot with Purview DLP (GA Release)

The challenge with sensitive data and access to Copilot Microsoft 365 Copilot empowers users with AI-driven assistance across Microsoft 365 apps, but it also raises concerns about accidental oversharing of sensitive information. In response, Microsoft has extended its Purview Data Loss Prevention (DLP) capabilities to Microsoft 365 Copilot, allowing organizations to enforce information protection policies within AI workflows. The DLP for Microsoft 365 Copilot has been in preview for some time, but Microsoft has now announced it is released for GA (General Availability). Among some of the interesting features are new features like alerting and policy simulation. Key details:  Rollout Timeline: As of June 2025, the rollout has begun. It should be completed worldwide by late July 2025. Scope: Initially, DLP for Copilot was available for Copilot Chat scenarios. By the time of GA this is expanding to Copilot in core Office apps (Word, Excel, PowerPoint) as well. Ensuring that DLP prote...

Microsoft has started to disable Basic Authentication (affecting Teams and Exchange Online)

 Microsoft is serious about removing the Basic Authentication protocols from their services. The change was announced back in 2019, but has been delayed a couple of times. Earlier this fall Microsoft announced there would be on further delays, and that preparations for the change should be made.

Earlier this week I was notified about the coming change to my tenant through the Admin Message Center. 14 days from now, basic authentication will no longer be available to me: 

"14 days from today we're going to turn off Basic Authentication for POP3, IMAP4, Remote PowerShell, Exchange Web Services, Offline Address Book, MAPI, RPC and Exchange ActiveSync protocol in your tenant, and will also disable SMTP AUTH completely. Note: Based on our telemetry, no users in your tenant are currently using Basic Authentication with those protocols and so we expect there to be no impact to you."

This coming change can have a major impact on many organizations. As a consultant I am engaged in multiple companies facing the challenge of preparing for this change. It might seem trivial, but most organization have over time implemented many services that are using basic authentication without being aware of them. The best way of preparing for this is by starting to go through your sign-in logs in Azure AD and identify any user who use basic Authentication. Some of the things I have noticed are using basic authentication are: Many services reading calendar information (like switchboard integrations), printer services, old mobile devices (often up to date, but wrong configuration), Microsoft Teams Rooms not set up for modern authentication, 3rd party and self developed applications.

Stay up to date, and get Microsoft's recommendations here