Welcome to the Copilot Studio User Group!
🚀 About This Community The Copilot Studio User Group is a virtual community where members share knowledge, experiences, and ideas about using and building with Microsoft Copilot Studio. Our goal is to make Copilot Studio more accessible, collaborative, and fun for everyone — whether you’re experimenting with AI copilots or running automation in your organization. 💡What We’ll Be Doing Here’s what you can expect from our group: 💬 Virtual Chat Events: Join topics-based sessions where members discuss Copilot Studio best practices. 🧩 Community Projects: Collaborate on creative experiments and prototypes. 📢Feature Updates: Stay informed on the latest Microsoft Copilot news. 🤝Member Spotlights: Learn from other community builders and share your own work. 🌍 Why Join Our Events Each virtual event is designed to be interactive you’ll be able to: Ask questions live in chat. Exchange use cases and demos. Network with fellow makers and technologists. Get inspired by what others are building! 🧰 Resources & Tools Here are some links to help you get started: Microsoft Copilot Studio Official Site Copilot Documentation Join The Microsoft Tech Community 💬 Get Involved We’d love your participation! Here’s how to engage: Comment on posts and share your insights. Participate in our chat-based virtual sessions. Share your own tutorials, blog posts, or project ideas with the group. 🌟 Our Commitment This user group follows all Microsoft Tech Community Standards, and Terms Of Use. Our focus is collaboration, inclusion, and respectful discussion. 🙌 Final Note Whether you’re new to Copilot Studio or a seasoned pro, you belong here. let’s build the future of AI collaboration — together.Copilot now included with Word, Excel, PowerPoint, Outlook & OneNote | Microsoft 365 & Office 365
Summarize long email threads, generate bullet-point executive summaries, create charts, and update presentations — all without leaving your familiar apps. Copilot understands your context, remembers your preferences, and helps you reuse content seamlessly across Microsoft 365. IT admins stay in control while you boost productivity. Enterprise-grade protections, Microsoft Purview, and the Copilot Control System ensure your data stays secure. Jeremy Chapman, Microsoft 365 Director, shares how with premium features like intelligent data retrieval, meeting facilitation, and specialized agents, you can automate routine tasks, generate insights, and stay in the flow without leaving your apps. Create executive summaries instantly. Copilot Chat understands your Word document context and writes for you. Check it out. Turn raw data into clear visuals. Copilot Chat knows the columns, calculations, & design you need in Excel. See it in action. Build presentations fast. Bring summaries, charts, and visuals from other apps directly into PowerPoint slides with Microsoft 365 Copilot Chat. Watch here. QUICK LINKS: 00:00 — ​​Microsoft 365 Copilot Chat within Microsoft 365 apps 00:45 — Copilot Chat in Outlook 01:29 — Copilot Chat in Word 02:15 — Copilot Chat in Excel 02:59 — Copilot Chat in Power Point 04:58 — Security and Admin Experience 05:38 — Premium experience 06:44 — Wrap up Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -If you’re currently using Microsoft 365 or Office 365 at work or at school, now for the first time, you’ll be able to experience Copilot right within the context of your work inside of Word, Excel, PowerPoint, Outlook, and OneNote, all at no extra cost, and you don’t need a Copilot add-on license. Importantly, you can use it with OpenAI’s GPT-5 model, the same AI that powers ChatGPT, without copying, pasting, or uploading your files outside of your protected work apps. And today I’ll walk you through how you can leverage these in-app experiences along with the controls available for IT. -Everything I’ll show you today, by the way, works in both the desktop and web apps. I’m going to start with Copilot in Outlook. As you can see, I have a full inbox after being away for a few days. And now, instead of working through this long email thread to figure out what it’s all about and what I need to take action on, I can just ask Copilot, “Please draft a recap of this email thread for me to share it with my launch team.” And Copilot analyzes the open thread and it generates a reply with a clear summary of major updates since I’ve been away. And it looks like the heart rate detection feature has been enhanced and is launching ahead of schedule. As a result, the leadership meeting has been moved up. And I can see that my action item is to update our slides to reflect the new feature and the revised positioning ahead of my presentation. I’m going to start in Word to begin generating the updates that I’ll need for my presentation. -So here, I’ve got a technical specifications document open for ZavaCore Fiber, I need to add to it for our meeting. Instead of switching apps or uploading files, I just open up Copilot Chat on the right side pane and it understands the context of my open document. I can let Copilot know that I prefer generated content to be concise, and Copilot will take this into account as it generates content. Now I can ask Copilot, “Write an executive summary in a bulleted list,” and Copilot authors the summary. I just need to click on this copy icon to copy it, then I can paste it under the Executive Summary heading in my document, and now my technical spec is complete. -So that was Word, now let’s move on to Excel to create a data visualization that I’ll incorporate also into my presentation. So here I’ve got a spreadsheet that’s full of satisfaction and performance metrics for our new product. On Copilot Chat, I can ask, “Generate a bar chart showing the overall satisfaction scores across regions. Use different colors for each bar.” And I didn’t need to tell Copilot which columns to use or which ones to calculate the insights from in the spreadsheet, it knows what to do. And there’s my bar chart with satisfaction scores across North, South, East, West, and Central regions. It’s exactly what I asked for, without having to leave Excel. So now that I have what I need to update my presentation, I’m going to move over to Copilot Chat in PowerPoint. -This is my deck for ZavaCore Smart Fiber, and I want to make a few updates to it based on the email thread from before and what we just did in Word and Excel. And I want to go back to those Copilot chats, so this time in the Copilot pane, I’ll open up the ellipse menu. And from here, I can view all my recent Copilot chats. Well, I’m going to choose the one from a moment ago, “Please remember that I prefer generated content in Copilot Chat to be concise.” And down within that chat session, you can see I have my bullet list of executive summary. And now I’m going to copy that and put that in the New Features Overview. And I’ll keep going, I’ll return back to the previous chat, this time the one from Excel with a bar chart that was based on our open Excel file because I want to add that to my PowerPoint as well. Well, I’ll grab that chart and I’ll place it on the left side of the slide, and now it’s looking how I want it to. I’m going to move on to slide 5 because I want to generate a new image for the slide, so I’ll go back into Copilot and I’ll select New Chat. Now I’ll ask Copilot to, “Create a high-tech image of an ECG sensor.” And that takes a moment or so to generate, but there’s my new image. Once it’s finished, I can add that to my slide. -Now I want to make sure that my presentation includes answers to the questions that we think that our audience will have. We’ve prepared a few documents with that information recently. So from Copilot Chat, I’ll just start writing, “Suggest some Q&As for this presentation,” and I’ll reference the documents I want. To do that, I just need to type the forward slash, and that then shows me all my recent documents. I’m going to choose our Spec doc, and then I’ll send my prompt, and Copilot then generates a nice list of questions and answers, and I’m ready for my presentation. -And if you’re in IT and want to ensure that your company data stays protected with the policies and controls that you’ve already put in place, the good news is, is that Copilot Chat has enterprise-grade protections like the add-on Microsoft 365 Copilot license. You can manage everything that you just saw in the apps using the Copilot Control System, including enforceable data loss prevention and information protection policies from Microsoft Purview. And Copilot Chat is pinned by default, so it becomes discoverable throughout the different app experiences. And you can also view Copilot usage in the Microsoft 365 admin center, as well as deeper insights in the Copilot Dashboard. Being able to use Copilot directly from your apps as you work not only saves you time but also keeps you in your flow. And with the premium experience available with the Microsoft 365 Copilot license, your productivity gets even better, and you can use Copilot inside a broader set of Microsoft 365 apps. -So a few of the standout capabilities include intelligent work data retrieval, where it pulls from the files in your OneDrive, your shared documents, emails, meetings, conversations, and more automatically without you needing to reference them. In other words, it works with all the work data that you have permissions to access in the Microsoft Graph and reasons over it to generate responses. And second is meeting facilitation. So if you’re using Microsoft Teams, Microsoft 365 Copilot works during meetings to facilitate discussions or catch you up on what you might have missed, take detailed notes with action items, and more. And third is specialized agents, where you can create and use agents with your data in Microsoft 365 and get access to pre-built agents from Microsoft with advanced reasoning. -The new included experiences that I showed today are a great way for everyone to start using Copilot Chat directly in Microsoft 365 apps. Try it today by clicking the Copilot button in the app ribbon to get started. Subscribe to Microsoft Mechanics for the latest AI tech, and thanks so much for watching.Build autonomous agents in Copilot Studio | Your MCPs, your models & multi-agent
Use triggers to launch processes from signals like approval emails, connect to the right data with Model Context Protocol (MCP) for faster, more accurate responses, and coordinate multiple agents to handle everything from task assignments to inventory planning. Choose AI models that fit each job, prompt agents to generate detailed documents, and test their reasoning in real time. Jeremy Chapman, Director of Microsoft 365, shows how to transform repetitive work into scalable, intelligent systems. Automate your planning. Skip manual steps by letting your agent instantly build launch plans and assign tasks when projects kick off. Get started with Copilot Studio. Your API is not an MCP. Help your agents find the right info faster so they respond with more accuracy and context. See how MCP simplifies data access. Select the best AI model for the job at hand. Choose from options like your favorite GPT or specialized options from Azure AI Foundry. Check out model selection in Microsoft Copilot Studio. QUICK LINKS: 00:00 — Build an agent with Microsoft Copilot Studio 00:41 — Automate project planning 01:22 — How agents work 02:47 — Define tools and triggers 03:58 — Model Context Protocol (MCP) 05:44 — Use prompt tools to auto-create key docs 06:22 — Choose the right model 07:13 — Test your agent 08:08 — Wrap up Link References To get started building your own agents go to https://copilotstudio.microsoft.com Check out our lab at https://aka.ms/MCSMCPLab Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -Building AI agents to automate the repetitive and complex things you do every day without using any code just got better. You can now more efficiently connect agents to information using the new AI-optimized MCP standard. Select the specific AI model you want and even easily have your agent work together with other agents. -In fact, today I’ll show you how to build an agent with Microsoft Copilot Studio in just a few minutes. In this case, I’ve chosen an often complex but common task, project planning, that I want to automate. So here our project has just been given the green light to move forward after initial ideation and stakeholder approval. Now let me show you my running agent and how it can automate parts of the launch planning process. First, my agent works autonomously to reason over and determine if this email is an approval email. Once identified, this email becomes a trigger for the planning process to start. Here you can see it’s actually created a new team with a virtual assistant that highlights the key phases and milestones. -Under the covers, the agent has referred to the knowledge we’ve assigned to it and used Microsoft Planner to create and to assign tasks to people for each phase. If you’ve never automated something like this, it might seem kind of complex, but it’s pretty simple. Let me show you how this agent works. So I’m in Copilot Studio, and to speed things up a little bit, let me reverse-engineer what’s behind it. This agent overview page shows all the components of the agent in a single view. At the top, there’s a description of the agent with its primary components. Then on the right, there’s a test pane that I can use to test the agent at any stage as I build it out. -To build a launch plan, I have written instructions to describe exactly what I need the agent to do, and this is more or less how I would describe it to any member of the team. So here I’ve instructed it to monitor the inbox for that launch email like we saw before, then generate a plan, including the tasks with each task owner and the deadlines defined. Notify those task owners and stakeholders about their tasks and deadlines so that they aren’t surprised. Make sure that all of this is maintained and synced in Microsoft Planner, and my favorite part, coordinate with other agents. In this case, I’ve asked our Zava Launch Planning agent to work with our Zava Inventory Planning agent. -Then under that, I’ve defined quite a few important knowledge sources. So you can see competitor analysis here from a web source, product documentation, and a best practices repo from SharePoint, even two individual reference files, a Word document for marketing collateral, and also A PDF with our Launch Process Library with details on team member specialization and task timeframes. So at this stage we’ve kind of laid out all the expectations for how the agent should operate and the knowledge resources that it should refer to, but I still need to define the tools and the triggers to perform and activate the process automation. -I’ll start in Tools, where I can get more specific with exactly the kind of actions I want the agent to take, like sending emails, creating and assigning tasks, and looking up supplier and component data for inventory. Below that in Triggers is an important configuration because this is actually what makes our agent autonomous. Remember, it sprung into action only once it identified that there was an approval email. And in Agents, you can see that the Zava Inventory Planning agent is also defined here. This agent actually reviews relevant inventory status and will give my agent accurate estimates to generate the product launch plan. Back up in Tools, let me show you the options there for adding a new tool. You can see that I can search, and there are suggestions as well as options for defining connectors to bring in data. And I can also add a flow to run steps in a process using Power Automate. -There’s a new option for Model Context Protocol, or MCP, as well. I’m going to pause here for a second in case you’re new to Model Context Protocol, or maybe you just think it’s a new name for APIs. Your API is not an MCP. That’s because MCP is designed to structure data specifically for AI models so that they can understand and use information sources more easily. Unlike traditional APIs, which are packed with extra details for both read and write operations so that software developers have the control over the output of their apps, MCPs, on the other hand, are task-focused and are built uniquely to enable and guide AI’s actions, giving it the context and instructions it needs to make quick decisions on what to do next. -The MCP primarily supports read operations to look up and also retrieve information, where the MCP points to specific resources like files, database records or images, each packaged with metadata to describe the resource and how it should be used to perform the task. This helps AI to quickly find and also make sense of the most relevant information in order to generate and format its response back. This means, using MCP, your AI agents are generally more efficient and accurate than they would be using other options. In fact, your IT team has an incentive to build them to minimize operational costs. And if you’re in IT and want to get an MCP server running, check out our lab at aka.ms/MCSMCPLab. -Now let’s get back to our specific agent in Copilot Studio. By selecting MCP, I can see a list of the MCP servers that my IT team has made available to me. In this case, if I click into Tools, you’ll see the Supplier SKU and Component Data we saw before is actually an MCP server, and it’s enabled and ready to go. So until now, I’ve shown you how we created our project plan, but we also need a go-to-market document describing how we’ll launch, promote, and sell it. So let’s add that to the agent. So back in the Overview tab, I’ll add another tool. Hitting New tool will show me all the options. Here you’ll see another one for Prompt, which lets you analyze and transform text, documents, images, and data using AI with a prompt. So I’ll go ahead and choose that. -Now I’ll add a prompt with instructions for creating a go-to-market strategy document. As with prompting, the more detailed the prompt, the better the generated response will be. And that’s all it takes. Of course, the generated response can also depend on the AI model that you choose, and for most things, the default model will work just fine. I can alternatively choose from the models I have available to me, or I can even head over to Azure AI Foundry to browse over thousands of models. This is great, especially if you have specialized tasks that need specialized skills. So, for example, if I wanted one for forecasting, I can narrow down the list here by choosing my preferred deployment option. I’ll pick serverless. Under inference task, I’ll pick the forecasting category, and it finds a match that I could use maybe later for a sales forecasting agent after our launch. For now, back in Copilot Studio, I’ll keep GPT-4o mini as a good general-purpose model. So now I’ll save my prompt, which takes just a second, then just confirm by adding it to my agent. And that’s it. -And now with everything configured and added, I can test it out to see if it works. So I’ll type in my prompt, “Test the launch planner agent based on the last approval email received in my inbox,” and then submit that. And you can see its thought process here over on the left. That way you can make sure it’s doing what you want it to do. In the middle of the screen is our MCP server data with raw records it discovered and used. And that same information is shown on the right in our response. -Now with the document ready to go, let’s take a look at it in Word. So here’s our go-to-market document. As I scroll down, you can see that the document is pretty thorough. It’s got all the right details and all the right insights. It’s even used our standard go-to-market strategy templates for consistency. And you’ll notice also on the top that because it’s fully integrated with our Microsoft Purview policies for our company, it’s even applied the right label and protections. So between the automated generation of our launch plan and GTM doc, something that might’ve taken weeks before, now just takes a few minutes, and, again, I didn’t need to use any code. -So to get started building your own agents, just head over to copilotstudio.microsoft.com. Keep watching Microsoft Mechanics for the latest AI tech, and thanks for watching.New Surface Laptop 5G for Business, Copilot+ PC
Stay securely connected with rearchitected 5G design — including six smart-switching antennas, eSIM and Wi-Fi 7 — without relying on hotspots. As the first Surface Laptop to feature 5G, it enables enterprise-ready AI features for deeper insights, productivity boosts, and powerful local inferencing wherever work happens. Stay connected anywhere. The first Surface laptop with built-in 5G — supporting NanoSIM, eSIM, smart signal switching, and international roaming. See it here. High-performance AI experiences. Surface Laptop 5G is powered by Intel Core Ultra processors with AI Boost. Watch here. No IT setup required. Surface Laptop 5G can arrive business-ready with zero-touch deployment and managed 5G policies. Check it out. QUICK LINKS: 00:00 — Surface Laptop 5G for Business 00:28 — Built-in 5G 01:30 — Hardware 02:06 — Intel® Core™ Ultra 02:41 — Built-in open-source AI models 03:20 — Management controls for IT 03:52 — Enterprise-Grade Security 04:16 — Wrap up Link References Check out https://surface.com/business Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -Surface Laptop 5G for Business with Intel Core Ultra Series 2 processors brings together intelligent connectivity, ultra-fast performance, and premium design. It’s built for AI as a Copilot+ PC to deliver new, connected, on-device, and hybrid experiences, all while keeping your business data protected with enterprise-grade security. -Now, not all 5G laptops are created equal. Surface Laptop 5G supports both physical Nano and eSIM for flexibility to connect from anywhere. In fact, we’ve rearchitected Surface Laptop to optimize connectivity, while still maintaining the sleek and lightweight design. It’s been engineered from the ground up for optimal signal strength with a strategically-placed six-antenna array, along with a newly developed custom composite palm rest. This material and antenna placement helps ensure superior signal transparency so it’s not blocked by your desk or your legs. The signal dynamically switches between antennas based on how you interact with the device to ensure the strongest possible connection. -For example, whether you’re typing or using the touch pad, the 5G signal is routed to the least obstructed antennas. And as you move between spaces or locations during your day, you don’t need to worry about staying connected. There’s no need to connect to hotspots or untrusted networks because it’s designed to seamlessly transition between 5G and known Wi-Fi networks, and includes support for Wi-Fi 7. -Now, continuing our hardware tour, on the right side, you’ll see a Surface Connect port. This is positioned next to the removable NanoSIM tray. Then on the left side of the device, there are two USB-C Thunderbolt ports, a USB-A and a 3.5mm headphone port. Moving up the device, Surface Laptop 5G comes with a signature 3:2 aspect ratio, 13.8" PixelSense touch display. The screen is anti-reflective, and not only does it come with Dolby Vision IQ support, but it has an impressive dynamic refresh rate of up to 120Hz. -Next, let’s move on to what powers the Surface Laptop 5G for Business. This is the first Surface Copilot+ PC to support Intel with 5G and it comes with a choice of Intel Core Ultra 5 and 7 processors. It supports up to 32GB of memory on package and has integrated Intel Arc Graphics. The Intel AI Boost Neural Processing Unit, or NPU, is capable of running up to 48 TOPS without compromising battery life. And the device comes with up to one terabyte of M.2 Gen 4 SSD storage. All of this makes it optimized to run connected Copilot experiences, like powerful reasoning agents capable of generating deep insights with your work data, as well as the on-device foundational models from Windows AI Foundry. This includes 40 plus local and ready-to-use open source models like Phi Silica for text generation, built-in OCR for text recognition in images, super resolution to upscale images and video, image segmentation for background removal, and more. Your productivity experiences and factor-enhanced with AI, including improved Windows search, which combines keyword and vector-based search for more relevant results. -Next, let’s look at the enterprise-grade management controls for IT. Here, Microsoft Intune can be used to provision 5G connectivity with your network policies from the first time Surface Laptop connects to the internet, which helps ensure that only known and trusted networks can be connected to. Together with Windows Autopilot deployment, Surface Laptop 5G can be shipped directly to your workforce with your defined security policies and apps so that they’re business-ready before connecting to your managed resources. Surface Laptop 5G meets the Secured-core PC standard with a Microsoft Pluton security processor. Additionally, authentication with Windows Hello facial recognition benefits from enhanced sign-in security using virtualization. This is all part of Microsoft’s end-to-end, chip-to-cloud security that helps keep your information, devices, and users safe wherever they work from. -So that was a quick tour of how the new Surface Laptop 5G for Business was thoughtfully engineered to bring together intelligent connectivity, ultra-fast performance, and premium design. Check out surface.com/business for availability and more information. Thanks for watching.
Getting Started with AI and MS Copilot - French
Souhaitez-vous découvrir l’intelligence artificielle (IA) et Microsoft Copilot de manière pratique et ludique ? Nous vous invitons à participer à la séance intitulée « Introduction à l’IA et Microsoft Copilot », spécialement conçue pour les membres du corps enseignant qui débutent avec Microsoft Copilot. Cette séance vous permettra d’acquérir les notions fondamentales de l’IA générative, de comprendre comment formuler des requêtes efficaces (invites, ou « prompts ») et d’explorer comment appliquer ces outils en classe. Vous aurez accès à des supports pédagogiques que vous pourrez utiliser en classe et vous aurez l’occasion de mettre vos connaissances en pratique à travers 10 exercices. Rejoignez la réunion iciGetting Started with AI and MS Copilot — French
Souhaitez-vous découvrir l’intelligence artificielle (IA) et Microsoft Copilot de manière pratique et ludique ? Nous vous invitons à participer à la séance intitulée « Introduction à l’IA et Microsoft Copilot », spécialement conçue pour les membres du corps enseignant qui débutent avec Microsoft Copilot. Cette séance vous permettra d’acquérir les notions fondamentales de l’IA générative, de comprendre comment formuler des requêtes efficaces (invites, ou « prompts ») et d’explorer comment appliquer ces outils en classe. Vous aurez accès à des supports pédagogiques que vous pourrez utiliser en classe et vous aurez l’occasion de mettre vos connaissances en pratique à travers 10 exercices. Rejoignez la réunion iciDiscover the power of Copilot prompts | New eBook
Are you ready to revolutionize the way you work with Microsoft 365? I’m excited to share a new eBook I’ve been working on that is now available as a free download: “Discover the power of Copilot prompts.” This is a comprehensive guide filled with insights from numerous experts about their practical prompts to elevate productivity and streamline their workflows within the Microsoft 365 ecosystem.Microsoft Purview protections for Copilot
Use Microsoft Purview and Microsoft 365 Copilot together to build a secure, enterprise-ready foundation for generative AI. Apply existing data protection and compliance controls, gain visibility into AI usage, and reduce risk from oversharing or insider threats. Classify, restrict, and monitor sensitive data used in Copilot interactions. Investigate risky behavior, enforce dynamic policies, and block inappropriate use — all from within your Microsoft 365 environment. Erica Toelle, Microsoft Purview Senior Product Manager, shares how to implement these controls and proactively manage data risks in Copilot deployments. Control what content can be referenced in generated responses. Check out Microsoft 365 Copilot security and privacy basics. Uncover risky or sensitive interactions. Use DSPM for AI to get a unified view of Copilot usage and security posture across your org. Block access to sensitive resources. See how to configure Conditional Access using Microsoft Entra. Watch our video here. QUICK LINKS: 00:00 — Microsoft Purview controls for Microsoft 365 Copilot 00:32 — Copilot security and privacy basics 01:47 — Built-in activity logging 02:24 — Discover and Prevent Data Loss with DSPM for AI 04:18 — Protect sensitive data in AI interactions 05:08 — Insider Risk Management 05:12 — Monitor and act on inappropriate AI use 07:14 — Wrap up Link References Check out https://aka.ms/M365CopilotwithPurview Watch our show on oversharing at https://aka.ms/OversharingMechanics Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -Not all generative AI is created equal. In fact, if data security or privacy-related concerns are holding your organization back, today I’ll show you how the combination of Microsoft 365 Copilot and the data security controls in Microsoft Purview provide an enterprise-ready platform for GenAI in your organization. This way, GenAI is seamlessly integrated into your workflow across familiar apps and experiences, all backed by unmatched data security and visibility to minimize data risk and prevent data loss. First, let’s level set on a few Copilot security and privacy basics. Whether you’re using the free Copilot Chat that’s included with Microsoft 365 or have a Microsoft 365 Copilot license, they both honor your existing access permissions to work information in SharePoint and OneDrive, your Teams meetings and your email, meaning generated AI responses can only be based on information that you have access to. -Importantly, after you submit a prompt, Copilot will retrieve relevant index data to generate a response. The data only stays within your Microsoft 365 service trust boundary and doesn’t move out of it. Even when the data is presented to the large language models to generate a response, information is kept separate to the model, and is not used to train it. This is in contrast to consumer apps, especially the free ones, which are often designed to collect training data. As users upload files into them or paste content into their prompts, including sensitive data, the data is now duplicated and stored in a location outside of your Microsoft 365 service trust boundary, removing any file access controls or classifications you’ve applied in the process, placing your data at greater risk. -And beyond being stored there for indexing or reasoning, it can be used to retrain the underlying model. Next, adding to the foundational protections of Microsoft 365 Copilot, Microsoft Purview has activity logging built in and helps you to discover and protect sensitive data where you get visibility into current and potential risks, such as the use of unprotected sensitive data in Copilot interactions, classify and secure data where information protection helps you to automatically classify, and apply sensitivity labels to data, ensuring it remains protected even when it’s used with Copilot, and detect and mitigate insider risks where you can be alerted to employee activities with Copilot that pose a risk to your data, and much more. -Over the next few minutes, I’ll focus on Purview capabilities to get ahead of and prevent data loss and insider risks. We’ll start in Data Security Posture Management or DSPM for AI for short. DSPM for AI is the one place to get a rich and prioritized bird’s eye view on how Copilot is being used inside your organization and discover corresponding risks, along with recommendations to improve your data security posture that you can implement right from the solution. Importantly, this is where you’ll find detailed dashboards for Microsoft 365 Copilot usage, including agents. -Then in Activity Explorer, we make it easy to see recent activities with AI interactions that include sensitive information types, like credit cards, ID numbers or bank accounts. And you can drill into each activity to see details, as well as the prompt and response text generated. One tip here, if you are seeing a lot of sensitive information exposed, it points to an information oversharing issue where people have access to more information than necessary to do their job. If you find yourself in this situation, I recommend you also check out our recent show on the topic at aka.ms/OversharingMechanics where I dive into the specific things you should do to assess your Microsoft 365 environment for potential oversharing risks to ensure the right people can access the right information when using Copilot. -Ultimately, DSPM for AI gives you the visibility you need to establish a data security baseline for Copilot usage in your organization, and helps you put in place preventative measures right away. In fact, without leaving DSPM for AI on the recommendations page, you’ll find the policies we advise everyone to use to improve data security, such as this one for detecting potentially risky interactions using insider risk management and other recommendations, like this one to detect potentially unethical behavior using communication compliance policies and more. From there, you can dive in to Microsoft Purview’s best-in-class solutions for more granular insights, and to configure specific policies and protections. -I’ll start with information protection. You can manage data security controls with Microsoft 365 Copilot in scope with the information protection policies, and the sensitivity labels that you have in use today. In fact, by default, any Copilot response using content with sensitivity labels will automatically inherit the highest priority label for the referenced content. And using data loss prevention policies, you can prevent Copilot from processing any content that has a specific sensitivity label applied. This way, even if users have access to those files, Copilot will effectively ignore this content as it retrieves relevant information from Microsoft Graph used to generate responses. Insider risk management helps you to catch data risk based on trending activities of people on your network using established user risk indicators and thresholds, and then uses policies to prevent accidental or intentional data misuse as they interact with Copilot where you can easily create policies based on quick policy templates, like this one looking for high-risk data leak patterns from insiders. -By default, this quick policy will scope all users in groups with a defined triggering event of data exfiltration, along with activity indicators, including external sharing, bulk downloads, label downgrades, and label removal in addition to other activities that indicate a high risk of data theft. And it doesn’t stop there. As individuals perform more risky activities, those can add up to elevate that user’s risk level. Here, instead of manually adjusting data security policies, using Adaptive Protection controls, you can also limit Copilot use depending on a user’s dynamic risk level, for example, when a user exceeds your defined risk condition thresholds to reach an elevated risk level, as you can see here. -Using Conditional Access policies in Microsoft Entra, in this case based on authentication context, as well as the condition for insider risk that you set in Microsoft Purview, you can choose to block their permission when attempting to access sites with a specific sensitivity label. That way, even if a user is granted access to a SharePoint site resource by an owner, their access will be blocked by the Conditional Access policy you set. Again, this is important because Copilot honors the user’s existing permissions to work with information. This way, Copilot will not return information that they do not have access to. -Next, Communication Compliance is a related insider risk solution that can act on potentially inappropriate Copilot interactions. In fact, there are specific policy options for Microsoft 365 Copilot interactions in communication compliance where you can flag jailbreak or prompt injection attempts using Prompt Shields classifiers. Communication compliance can be set to alert reviewers of that activity so they can easily discover policy matches and take corresponding actions. For example, if a person tries to use Copilot in an inappropriate way, like trying to get it to work around its instructions to generate content that Copilot shouldn’t, it will report on that activity, and you’ll also be able to see the response informing the user that their activity was blocked. -Once you have the controls you want in place, it’s a good idea to keep going back to DSPM for AI so you can see where Copilot usage is matching your data security policies. Sensitive interactions per AI app shows you interactions based on sensitive information types. Top unethical AI interactions surfaces insights based on the communication compliance controls you’ve defined. Top sensitivity labels referenced in Microsoft 365 Copilot reports on the labels you’ve created, and applied to reference content. And you can see Copilot interactions mapped to insider risk severity levels. Then digging into these reports shows you a filtered view of activities in Activity Explorer with time-based trends and details for each. Additionally, because all Copilot interactions are logged, like other Microsoft 365 activities in email, Microsoft Teams, SharePoint and OneDrive, you can now use the new data security investigation solution. This uses AI to quickly reason over thousands of items, including Copilot Chat interactions to help you investigate the potential cause of risks for known data leaks in similar incidents. -So that’s how Microsoft 365 Copilot, along with Microsoft Purview, provides comprehensive controls to help protect your data, minimize risk, and quickly identify Copilot interactions that could lead to compromise so you can take corrective actions. No other AI solution has this level of protection and control. To learn more, check out aka.ms/M365CopilotwithPurview. Keep watching Microsoft Mechanics for the latest updates and thanks for watching.This National Small Business Week, make sure everyone in your company understands AI
Whether you are running a startup or an already thriving small business, harnessing AI-driven solutions will help you discover new opportunities, streamline operations, and make data-driven decisions with confidence. Understanding and exploring the possibilities of AI is essential for small businesses and key to unlocking growth, driving innovation, and maintaining a competitive edge. The first step is understanding the potential of AI for your business. Microsoft has developed several online resources to help. In recognition of National Small Business Week, we have curated a list of those resources that may be helpful for small business professionals who want to get started with AI. Establish an AI foundation Start your AI journey by visiting the Microsoft WorkLab and examining a rich collection of content that addresses the real-world scenarios of how AI is impacting work today. New articles are regularly added that will help you understand not just AI’s high-level capabilities, but also the nuances of AI and how to directly apply AI to your day-to-day work. Key resources include: Up-to-date market research on all the ways that AI is impacting work, like our latest, the AI Data Drop. This study provides insights into how employees feel about AI and how long it takes most employees to build effective AI habits. Regular podcasts with business leaders, like our recent discussion with Bryan Hancock, McKinsey’s Global Talent Leader, on the different ways that managers can unlock AI’s potential for their teams. In-depth guides that detail how AI can help the different parts of your business, such as How Sellers Can Use AI to Better Engage with Customers and How Marketers Can Use AI to Unlock Breakthrough Creativity. Build your AI skills When you're ready to build a deeper AI skill, you explore the Microsoft AI Learning Hub. You’ll find a variety of tools to help you go from understanding AI to preparing for it. You can learn the mechanics of using the technology and even how to build it into your own apps and services. Start with the learning journey for Business Users, which is foundational for getting an underlying understanding of AI, and then move into a more detailed guidance on how to use and implement its capabilities. If you’re an IT professional, look at the learning journey for IT Professionals, which provides a thorough grounding on the particulars of AI adoption, deployment, and small business concerns, like data classification and regulatory considerations. To define your own path, get skilling recommendations based on your job responsibilities and objectives. No matter where you want to go, you can use the AI learning assessment to define a customized learning journey to get you there. Put AI to work To put your AI skills into practice or if you’re already using Copilot for Microsoft 365, visit the Microsoft Copilot Lab. This site provides easy, visual introductions into what Copilot is and how it helps you do more no matter which Microsoft 365 app you are using. These tools are designed for professionals that need a fast, tactical grounding so they can benefit from AI every day. One example is the prompt writing guide, which explains how to write effective prompts so Copilot can deliver exactly what you need. This toolkit teaches the art and science of prompting. It walks through a series of easy initial prompting exercises like writing an AI-powered email or creating an image, so you’ll understand how to edit a prompt to tailored it to your scenario. Microsoft Learn has a series of freely available, advanced courses to help you gain a deeper understanding of Copilot, how it works with the apps in Microsoft 365 and best practices for everyday use. Get started National Small Business Week may be an annual event, but you can build your AI skills year-round. Join the Microsoft SMB Tech Community to network with other professionals using Copilot. You can come here anytime to ask questions, get help, keep up with the latest AI news specific to small and medium-sized businesses and find out about upcoming online or local events.
