Viewing rights with Copilot Pro

Copper Contributor

Hello hello,

 

we are a small business currently running with 365 Business Premium and are exploring to integrate Copilot Pro. As we have a lot of sensitive documents with different access rights, we want to make sure that when we implement Copilot Pro that it's users only get access to information that they have been granted access to.

 

We want to avoid for examples, that someone in Operations suddently has access to financials just because it is all stored on the same sharepoint.

 

Is it possible for this to be controlled and how would this be done? Do we need another Microsoft licence for it?

 

Thanks in advance!

6 Replies
Hi KLM16,

Good question and one I've been hearing often from my clients. In fact, I have a template response for this, that I will paste below.

Microsoft 365 Copilot Pro is designed to work with your existing access controls and permissions. This means that users will only be able to access information that they have been granted access to, based on their roles and permissions within your organization. Copilot Pro integrates with your existing Microsoft 365 environment and respects the access rights and permissions that you have set up for your sensitive documents and data.

You do not need another Microsoft license to control access to information when using Copilot Pro. You can continue to manage access rights and permissions using the tools and features provided by Microsoft 365 Business Premium. It is important to ensure that your access controls and permissions are set up correctly to prevent unauthorized access to sensitive information.

You can manage access controls and permissions using the Microsoft 365 admin center, the Azure Active Directory admin center, and the SharePoint admin center, depending on the specific resources and settings you want to manage.

Azair

@KLM16 

 

I understand you are talking about adding Copilot to your work environment to the users using their Entra ID and password. If that's the case, then you check the license "Copilot for Microsoft 365" license which is specific for Work environment.

Copilot Pro is ONLY for personal account users like outlook.com or hotmail.com which cannot incorporate with your work data.

Coming to Copilot for Microsoft 365 security concerns, It is already built on your existing M365 environment Security, Privacy and Compliance controls. With that being said, you have do a Access review in your SharePoint sites and files and add/modify/remove access as per the requirement. Use the least privilege method. Do not assign license to your users until you prepare your environment.

https://blogs.microsoft.com/blog/2024/01/15/bringing-the-full-power-of-copilot-to-more-people-and-bu...
Copilot Pro (Personal) - https://www.microsoft.com/en-us/store/b/copilotpro
Copilot for Microsoft 365 (Work) - https://www.microsoft.com/en-us/microsoft-365/business/copilot-for-microsoft-365?SilentAuth=1&wa=wsi... 

@Azair_Sheikh Everything is right about your response except for the fact about incorrect license name. I sincerely pray it is a typo stating Copilot Pro instead of Copilot for Microsoft 365.

@Azair_Sheikh & @reachrj Thanks for the response. I have now been reading up on sensitivity labels and their deployment for Copilot for Microsoft 365. Where do you guys see them in terms of a use case?

Sensitivity labels extend beyond just copilot. They allow you to block intentional and inadvertent sharing of confidential data. You can apply labels to emails, files, SharePoint sites. Some of the use cases we deploy it for are HR files, our admin team SharePoint site etc.