Feb 21 2024 01:59 AM
Two methods exist to exclude a SharePoint sites from Copilot being able to use its contents – you can exclude the site (or document library) from search results or use sensitivity labels. Given the choice, sensitivity labels are more flexible and powerful, but removing sites from search indexes is easier to implement.
https://office365itpros.com/2024/02/21/exclude-sharepoint-site-from-copilot/
Mar 03 2024 12:47 PM
Mar 03 2024 01:02 PM
The problem is that Microsoft doesn't have another way to exclude data from Copilot. Microsoft Search is the cornerstone for many features and is the all-encompassing index for Microsoft 365 data. If you want to exclude data from Copilot, which by definition will go searching for information to satisfy user prompts, then by definition you must exclude the sites from search results. To be fair to Microsoft, they have improved the situation recently by making sure that data in excluded sites is not blocked for Purview solutions like eDiscovery and DLP, which also rely on Microsoft Search.
As to sensitivity labels, the problem here is that Copilot is a new element dropped into the information protection mix that was unanticipated by those who designed the label deployment for organizations. This leads to predefined usage rights being assigned in labels that can result in inadvertent disclosure. For example. many labels include the right for anyone in an organization to read protected content. If this pattern of usage right assignment persists, then Copilot has free rein to access that content on behalf of the signed in user.
Like anything else, it will take time for the community to understand all aspects of these scenarios and for Microsoft to improve their technology to make things work smoother/better/more securely.
Mar 05 2024 01:57 AM
Apr 10 2024 01:33 AM
Apr 17 2024 08:54 AM - edited Apr 17 2024 08:55 AM
Can you prevent someones entire OneDrive from being indexed as well so it's excluded from CoPilot?
Apr 17 2024 09:22 AM
Jun 19 2024 12:02 PM
@TonyRedmond we are soon releasing the ability for a sensitivity label to have copilot restricted permissions as a part of the access controls.
Jun 19 2024 03:42 PM
Jun 24 2024 04:52 AM
Jul 05 2024 02:06 AM - edited Jul 05 2024 02:12 AM
Thank you for your article!
I agree the hard needed controls are starting to get there, I don't think privacy officers will be fully content yet, but it's improving slow but steady I guess 😉
Jul 10 2024 08:58 AM
@TonyRedmond I'm curious, with the SharePoint restricted search feature, you can still have CoPilot consume a doc if you explicitly reference it in CoPilot chat (per the thread here); but, if you try and reference a document on a site that's excluded from search/indexing via the method mentioned in your article, it doesn't work. I wonder why the difference?
Jul 10 2024 02:15 PM
Aug 15 2024 12:28 PM - edited Aug 16 2024 02:09 AM
We recently asked Copilot if it was possible to block access to sites using sensitivity labels. The response we got included DLP as part of the solution. It looks like the solutions you presented are at the SPO setting level or the content label level. Does this response provide a third option?
+++++
To configure Copilot to exclude a site based on a sensitivity label, you’ll need to use Microsoft Information Protection (MIP) and set up the appropriate policies. Here’s a step-by-step guide to help you through the process:
1. Create Sensitivity Labels:
- Go to the Microsoft 365 compliance center.
- Navigate to Information protection under Solutions.
- Click on Labels and then Create a label.
- Define the label name, description, and settings (e.g., encryption, content marking).
2. Publish Sensitivity Labels:
- After creating the labels, go to Label policies.
- Click on Publish labels and select the labels you want to publish.
- Choose the users or groups to whom the labels should be available.
3. Configure Policies to Exclude Sites:
- In the compliance center, go to Information protection.
- Under Data loss prevention, create a new policy.
- Define the policy settings, including the conditions and actions.
- In the conditions, specify the sensitivity label that should trigger the exclusion.
- In the actions, configure the policy to block access to specific sites or content.
4. Apply the Policy:
- Ensure the policy is applied to the relevant users or groups.
- Test the policy to confirm that it correctly excludes access to the specified sites based on the sensitivity label.
By following these steps, you can effectively configure Copilot to exclude sites based on sensitivity labels.
Aug 15 2024 12:35 PM
Aug 15 2024 12:54 PM