Introducing Microsoft Purview Alert Triage Agents for Data Loss Prevention & Insider Risk Management
Surface the highest-risk alerts across your environment, no matter their default severity, and take action. Customize how your agents reason, teach them what matters to your organization, and continuously refine to reduce time-to-resolution. Talhah Mir, Microsoft Purview Principal GPM, shows how to triage, investigate, and contain potential data risks before they escalate. Focus on the most high-risk alerts in your queue. Save time by letting Alert Triage Agents for DLP and IRM surface what matters. Watch how it works. Stay in control. Tailor triage priorities with your own rules to focus on what really matters. See how to customize your alert triage agent using Security Copilot. View alert triage agent efficiency stats. Know what your agent is doing and how well it’s performing. Check out Microsoft Purview. QUICK LINKS: 00:00 — Agents in Microsoft Purview 00:58 — Alert Triage Agent for DLP 01:54 — Customize Agents 03:32 — View prioritized alerts 05:17 — Calibrate Agent Behavior with Feedback 06:38 — Track Agent Performance and Usage 07:34 — Wrap up Link References Check out https://aka.ms/PurviewTriageAgents Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -Staying ahead of potential data security threats and knowing which alerts deserve your attention isn’t just challenging. It’s overwhelming. Every day, your organization generates an increasing and enormous volume of data interactions, and it’s hard to know which potential risks are slipping through the cracks. In fact, on average, for every 66 new alerts logged in a day, nearly a third are not investigated because of the time and effort involved. And this is exactly where automation and AI in Microsoft Purview can make a material difference. With an agent-managed alert queue that, just like an experienced tier 1 analyst, sifts through the noise to identify Data Loss Prevention and Insider Risk Management alerts that pose the greatest risks to your organization, letting you focus your time and efforts on the most critical risks to your data. -Today, I’ll show you how the agents in Microsoft Purview work, the reasoning they use the prioritize alerts, and how to get them running in your environment. I’ll start with Alert Triage Agent for DLP. I’m in the Alerts page for Data Loss Prevention. You’ll see that just for this small date range, I have a long list of 385 active alerts. Now, I could use what’s in the Severity column to sort and prioritize what to work on first, clicking each, analyzing the details, which policies were triggered, and then repeating that process until I’ve worked my way through the list over the course of my day. And even then, I wouldn’t necessarily have the full picture. To save time, I ended up deprioritizing low and medium severity alerts, which still could present risks that need to be investigated, but it doesn’t have to be this way. -Instead, if I select my Alert Triage Agent view, I can see it’s done the work to triage the most important alerts, regardless of severity, that require my attention. There’s a curated list of 17 alerts for me to focus in on. And if you’re wondering if you can trust this triage list of alerts to be the ones that really need the most attention, you remain in control because you’re able to teach Copilot what you want to prioritize when you set up your agent. Let me show you. I’m in the Agents view and I’ll select the DLP agent. And if this is your first time using the agent, you’ll need to review what it does and how it’s triggered. In fact, it lists what it needs permissions for as it reasons over each alert. This includes your DLP configuration, reading incoming activity details and corresponding content, and then storing your feedback to refine how it will triage DLP alerts. -Next, you can move on to deployment settings. Here, you can choose how the agent runs or triggered and select the alert timeframe. The default is last 30 days. From there, I’ll deploy the agent. You’ll see that it tells me the next step is to customize it before it begins triaging alerts. This takes a little while to provision, and once it’s ready, there’s just one more step. Back in Alerts, I need to customize the agent. Here, I can enter my own instructions as text to help the agent prioritize alerts based on what’s important to my organization. For example, I can focus it on specific labels or projects, which can be modified over time. -Next, I can select the individual policies that I want to focus the agent on. I’m going to select all of these in this case, then hit Save. Once I hit Review, it generates custom classifiers and rules specific to what I’ve asked the agent to look for. Then I just need to start the agent, and that’s the magic behind agent-prioritized queue that I showed you earlier. So now, once the agent is ready, instead of trying to find that needle in our haystack of 385 alerts, I can just hit the toggle button to view the prioritized alerts from the Alert Triage Agent. Notice I’m not losing any of the alert details from before. It’s just presented as a triaged and prioritized queue, starting with the top handful of alerts that need my immediate attention with less urgent and not categorized alerts available to view in other tabs. -I’ll focus on what needs attention and click into the top one to see what the agent found. The Agent summary tells me that there are 25 files and eight with verified policy matches. Data includes credit cards, bank account numbers shared using SharePoint. Below that, you’ll see the sensitivity risk for each shared file, the exfiltration risk related primarily to the files containing financial data, and the policy risk. And I could see in this case, the DLP policy was triggered, and the user was allowed to share without restrictions. In the Details tab, you’ll notice that the alert severity set to low based on the policy configuration, but the triage agent, much like a human analyst, can render a verdict taking the entire context into account. Clicking into view details, I can find more information, including the related assets, where I can see each of the corresponding names, trainable classifiers if defined, and sensitive information types. I’ll scroll back up and show you one more tab here. -In Overview, I can see the user associated with the alert. Turns out this is an important policy match to prioritize Labels on 18 highly sensitive files were downgraded and it was shared without proper restriction. The user was warned and chose to proceed. I can now work on containing the risk and improving related policy protections to prevent future incidents like this one. Let’s continue to work through our prioritized alert queue, and you can see I’m now left with six. I’ll click into the first one. It’s a policy match for business-critical files containing financial and legal information. This is credit card information and a legal agreement in the shared content. That said, this happens to be a close partner of our company that typically handles this type of information, so it’s not important. And to prevent this and future similar alerts from being flagged as needing my attention, I can calibrate the agent’s response based on what matters to me. Kind of like you would teach a junior member of your team. So, in this alert categorization, I’ll click Change to add more context about why I disagree with this categorization so that other recipients from that domain are deprioritized. -In the details pane, I’ll change it to less urgent and add another property to deprioritize these types of alerts. In this case, I’ll add the external recipient email address. And after I hit submit, this will be added to the agent’s instruction set to further refine its rationale for prioritization. In fact, here in our list of what needs attention, you’ll see that the alert is no longer on the list. That’s how easy it is to get the agent to work on your behalf. And once you’ve been using the agent at any time, you can view its progress. In the Agent Overview, I can see my deployed agents and trending activities. If I click into my Data Loss Prevention Agent, I can see details about its recent activities. In the Performance tab, I can also see the agent effectiveness trend over time, and below that, a detailed breakdown of units consumed per day. This way, you can reduce your time to resolution even while your team is spread thin. -Now, I focused on the DLP agent today, and similarly, our alert triage agent in Insider Risk Management works on your behalf to create a prioritized alert queue of data incidents by risky users in your organization that require your attention, including evaluating the user risk based on historical context, as well as analyzing the user’s activity over weeks or months to help evaluate their risk, whether they’re intentional or not. In many ways, Purview’s new Alert Triage Agents for DLP and IRM, powered by Security Copilot, reduce the time, effort, and expert resources needed to truly understand the context of your alerts. It works alongside you and the whole team to accelerate and simplify your investigations. To learn more, check out aka.ms/PurviewTriageAgents, subscribe to Microsoft Mechanics if you haven’t yet, and thank you for watching.New Microsoft 365 Copilot Tuning | Create fine-tuned models to write like you do
Fine-tuning adds new skills to foundational models, simulating experience in the tasks you teach the model to do. This complements Retrieval Augmented Generation, which in real-time uses search to find related information, then add that to your prompts for context. Fine-tuning helps ensure that responses meet your quality expectations for specific repeatable tasks, without needing to be prompting expert. It’s great for drafting complex legal agreements, writing technical documentation, authoring medical papers, and more — using detailed, often lengthy precedent files along with what you teach the model. Using Copilot Studio, anyone can create and deploy these fine-tuned models to use with agents without data science or coding expertise. There, you can teach models using data labeling, ground them in your organization’s content — while keeping the information in-place and maintaining data security and access policies. The information contained in the task-specific models that you create stay private to your team and organization. Task-specific models and related information are only accessible to the people and departments you specify — and information is not merged into shared large language models or used for model training. Jeremy Chapman, Director on the Microsoft 365 product team, shows how this simple, zero-code approach helps the agents you build write and reason like your experts — delivering high-quality, detailed responses. Keep information permissions as-is. Use your organization’s knowledge and sharing controls. See how Copilot Tuning works. Guide Copilot with labeled examples. Copilot learns to reason and write like you are your expert team. Check it out. Build Copilot agents powered by your fine-tuned models. Automate work with your tone, structure, and standards. Take a look at Copilot Chat. QUICK LINKS: 00:00 — Fine-tune Copilot 01:21 — Tailor Copilot for specialized tasks 05:12 — How it works 05:57 — Create a task-specific model 07:43 — Data labeling 08:59 — Build agents that use your fine-tuned model 11:42 — Wrap up Link References Check out https://aka.ms/FineTuningCopilot Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -You can now teach or fine-tune your Microsoft 365 Copilot experience by creating your own task-specific fine-tune models that channel your expertise and experience to carry out specialized jobs and tasks accurately and on your behalf. In fact, from Copilot Studio, anyone can use this zero-code approach to teaching Copilot’s underlying model the skills from your organization to produce more usable, high-quality responses that can be as detailed as they need to be, even hundreds of pages long to get the job done. And the model remains exclusive to your organization and only the people and departments you specify. -If you compare this to the traditional way of doing this until now, this level of customization would require data science, machine learning, and coding skills. So this process is a lot simpler. And unlike existing approaches where, as a data scientist, you may be copying data into locations that may not be aware of your protections and access controls, this is enterprise-grade by design. You just focus on the outcome that you want to achieve. And because your data stays in place, your existing data access and protection policies are respected by default. Let me show you the power of this in action by comparing the results of an agent that’s calling a fine-tuned, task-specific model of Copilot versus one that’s just calling the original underlying Copilot model. So both agents are configured to author loan agreement documents. On the left is our agent using the task-specific model, on the right is our SharePoint-based agent using a general model. -Now, both agents are focused on the same exact underlying knowledge. It’s all in a SharePoint location, as you can see here with this precedent file set. And both user prompts are identical with example reference files and the client term sheets containing new information. In fact, this is a precedent file that I’ll use. It’s a long and detailed document with 14 pages and more than 5,000 words. The term sheet is quite a bit shorter as you can see here, but it’s still long and detailed with information about the loan amounts, all the details, and if I scroll all the way down to the bottom, you’ll see signatory information for both parties. -So let’s go back to our side-by-side view and run them. So, I’ll start with the general model agent on the right. And it starts to generate its response. And I’ll let this one respond for a moment until it completes. There we go. And now I’ll move over to the agent on the left. It immediately informs me that it’ll receive an email once it’s finished. Now, this is going to be a longer-form document, so we’ll fast forward in time to see each completed response. -So, starting with the general model, I’ve copied it into a Word document, and the output is solid. You’ll see that the two parties are correct, the loan structure, all the amounts are also correct from the term sheet, but it has a few tells. It’s missing a lot of specificity and nuance that a member of our legal team would typically include in all of the terms. It’s also very summarized and not how our firm would draft an agreement like this. When I scroll down to the bottom, the signatories and addresses are captured correctly and match the term sheet. That said, though, it’s just four pages long and has around 800 words, versus more than 5,000 words in our precedent document. So it kind of follows the 80–20 rule where a good portion of the response could maybe work with some edits, but it’s not reflecting how my firm thinks and how it writes when authoring legal documents like this one. -So let’s go ahead and look at the results of a fine-tuned, task-specific agent. So immediately, you can see this document is verbose. It’s 14 pages long with more than 5,300 words. The word count doesn’t always equate to quality, so let’s look at the document itself. Now, as I scroll down, you’ll see that this agent has been taught our firm-specific patterns and the clauses that we use in existing case files. It is structured and worded things just like the precedent document. It’s reasoning and writing with more precision, like an experienced member of our firm would. And while as with any other AI-generated document, I still need to check it for accuracy, it really captures that extra detail and polish to save us time and effort. So model fine-tuning is a powerful way to tailor state-of-the-art large language models that are used behind Copilot to your specific needs. -And as you saw, it also can significantly improve the handling of specialized tasks. So let me explain how fine-tuning works in this case. Unlike Retrieval Augmented Generation, it doesn’t rely on search and orchestration processes that run external to the large language model. The additional knowledge added as part of the fine-tuning process is a protected container of information that attaches the large language models training set to teach it effectively a new skill. Now, it’s never merged into the LLM or used for future model training, and is temporarily attached to the LLM when it’s needed. Again, the skill and knowledge that it contains is exclusive to you and the people or groups that you’ve shared it with, so it can’t be accessed without the right permissions. -Next, let me show you what it takes to create and fine-tune your own task-specific model. I’m in Microsoft Copilot Studio, which you can reach from your browser by navigating to copilotstudio.microsoft.com. I’m on the task-specific model page and I want to customize a model to generate partner agreements. So I’ll paste in a corresponding name. Then I’ll paste in a description. Then as the task type, I’ll select a customization recipe that reflects what I want it to do. And my options here include expert Q&A, document generation, and document summarization, with more task types coming over time. From there, I can provide additional instructions to tailor the fine-tuning recipe, like how the model should use original files, for example, to inform the structure, formatting, company-specific clauses, and other areas important to your model, like we saw before. -Next, I can define my own knowledge sources. Now, these can use information from SharePoint sites and folders, and soon, you’ll be able to add information external to Microsoft 365 using Microsoft Graph connectors. In this case, I’ll define a SharePoint source. Then browse the sites that I have access to. I’ll choose this folder inside the Agreements library. And from there, I can even drill into specific folders for the precise information that I want to use to teach the model, which I’ll do here with the Agreements folder. -For permissions, this process aligns to the enterprise-grade controls that you already have in your organization backed by your Microsoft Entra account. Now, the next step is to process the data you selected for training or what’s known as data labeling. So here, you’ll be presented with data labeling tasks in small, iterative batches. They’re kind of like questionnaires for you to complete, where the fine-tuning process will generate documents and request assessment of them for clarity, completeness, accuracy, and professionalism. This process requires subject matter expertise to open these documents and rate the quality of the generative output for each. I’m just going to show one question here, but you’d repeat this process for every batch. And once all batches are labeled, I can start model training. Now, this will take some time to process, so I’ll fast forward a little in time. -Now with everything finished, I can publish the model to my Microsoft 365 tenant. And it will be available to anyone we’ve shared it with, like our audit team from before, to build new agents. And the process I just showed is called supervised learning, where the model is trained on label data. And soon, you’ll also have the option to use reinforcement learning to enhance the agent’s reasoning capabilities. Now let me show you how to build an agent from Copilot Chat that can leverage our new task-specific model for partner agreement generation. So I’m going to select Create agent. And for the purpose, I have a new option here to build a task-specific agent. Next, I can choose from the existing task-specific models. So I’m going to choose the one that we just created for new partner agreements. There we go. And with any agent, I just need to give it a name. Now I’ll paste in a description for people on the team to know its purpose and what it can do. -And next, I can specify additional instructions as guidelines to provide more context to the agent, as I’m doing here to ensure the structure aligns with our organizational standards. Because this is a very specific agent to write partner agreements, I’ll just specify one starter prompt with details for referencing a precedent source document to start with and a term sheet to get specific new information from, kind of like we saw before. Now, the preview on the right looks good, and I can create the agent right from here. For sharing, permissions also need to align with whoever my task-specific model was shared with, which, as you’ll remember, again, was our audit team. In this case, for my own validation, I’ll select only you so that I can test it before sharing it out with other auditors on my team. -So let’s go ahead and test it out. So I’m going to use the starter prompt. Then I’ll replace the variable file names here. I’ll use the forward slash reference, starting with the precedent file. Now I’ll look for the term sheet file. There it is. From there I can submit my prompt. This is going to take a moment for the response. You can see the structure with sections based on our task-specific files used with the fine-tuning. It tells me that it’ll send me a Word document and email once it’s finished again. In fact, if I fast forward in time a little, I’ll move over to Outlook. And this is the file the agent sent me with links to the new agreement draft. So I’ll open it using Word in the browser. There’s my agreement. And you’ll see it follows exactly how we wrote the precedent agreement. As I scroll through the document, I can see all the structure and phrasing aligned with how we write these types of agreements. In fact, this Representations and Warranties section is word for word direct from our standard terms that our firm always incorporates. And that’s it. My agent is now backed with my task-specific, fine-tuned knowledge, and it’s ready to go and I’m ready to share it with my team. -So those are just a few examples of how fine-tuning in Microsoft 365 Copilot can give you on-demand expertise, and task-specific models respond more accurately using your specified voice and process so that you and your team can get more done. -To find out more, check out aka.ms/FineTuningCopilot, and keep watching Microsoft Mechanics for the latest tech updates, subscribe to our channel, and thanks for watching.Agent management updates in the Copilot Control System
Control who can find, use, and create agents, define permissions, approve or block agent deployments, and configure billing models including pay-as-you-go or prepaid options. Get detailed visibility into how agents are used, which users and groups are driving consumption, and how much they’re costing you. With Microsoft Purview integration, get visibility into sensitive data exposure, track compliance risks, and audit agent activity to stay secure and aligned with your organization’s data policies. Jeremy Chapman, Director of Microsoft 365, shares how to configure, deploy, monitor, and secure AI agents at scale. Define agent access by group or user. Customize permissions with Microsoft 365 admin controls. See how to use the Copilot Control System. Enable pay-as-you-go agent billing with message-based metering. No upfront commitment. Check out Copilot Chat, included with any Microsoft 365 or Office 365 work account. Gain full visibility and access control over AI agent interactions. Check out how agents are being used with detailed reporting in the Microsoft 365 admin center. QUICK LINKS: 00:00 — Copilot Control System 01:34 — Copilot Chat 02:21 — Manage agent use 03:23 — Agent deployment 04:09 — Visibility into how agents are used 05:10 — Copilot Dashboard 06:06 — DSPM for AI 06:47 — Microsoft Purview agent protections 07:32 — Wrap up Link References Check out https://aka.ms/CopilotAgentControls Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -Agents are the evolution of generative AI, and if you’re in IT and looking to support this shift, we’ve built you new options as part of the Copilot Control System, like control over who can discover, use, and author agents, whole visibility into which agents are being used and if there’s risk with how they’re being used, and the ability to view potentially risky agent activities directly and search if sensitive or high-value information is shared with or processed by agents. Microsoft 365 Copilot is the only service of its kind to provide complete enterprise-ready controls across agent management, starting with agent discovery, access management, and user permissions. -From the Microsoft 365 Admin Center, navigating to Copilot takes you to the Copilot Control System Central Hub to configure Copilot settings and view insights into Copilot in how people are using it. As part of these updates to Copilot Control System, we’ve added new options for Overview, Agents & connectors, Prompts, Billing & usage, and Settings. First, from Settings and under Agents, you can configure exactly which groups or users will be able to find and access agents in Copilot Chat, as well as other agent-enabled Copilot apps. Importantly, if any of your managed users have a Microsoft 365 Copilot license and they’re scoped for this control, they can use and create retrieval-based agents using Microsoft Graph knowledge as part of that license. -That said, for the free Copilot Chat that’s included with any Microsoft 365 or Office 365 license, agents can still be used with consumption-based billing, where agent usage is metered with messages as the measure of time and effort taken by the agent to respond to user prompts and ultimately, how costs are calculated. You can now set up pay-as-you-go billing without a prepaid commitment right from the Microsoft 365 Admin Center where you can create and manage billing plans. Now, these billing plans use an Azure subscription and resource group as part of the configuration and billing process. Additionally, the prepaid message pack option as part of Microsoft 365 Copilot Studio license is also available. Now, once you grant the right permissions and you’ve configured what you need for people to start creating, finding, and using agents, at that point, you can now manage agent use right from the Microsoft 365 Admin Center. -Under Copilot controls, Agents & connectors is your primary hub for managing agents used with Microsoft 365 Copilot, including your agent inventory as a unified view of the agents that people build in Copilot Studio themselves, agents published to the Agent Store by your organization, or agents that you’ve approved from third parties. You can now see whether agents are managed, their availability, and in which apps they’re supported, and more. From each, you can also take actions like blocking or publishing the agent. More on that in a second. Or get more details, including users where you can manage access and see who is using each agent, then moving over to requested agents. These are agents that are submitted for approval from IT where you can take action to approve or block them. -For the shared and third-party agents that you manage from the Agent Store, as an administrator, you also have full control over agent deployment, where you can select the agents that you want to deploy, target users or groups who will have access to the agents. Here, for example, I’ll specify the users and groups that I want to include, and for agents that require special permissions to external knowledge via connector or API, you can authorize agent access using strong authentication and ensure that only the users and groups that you added in scope will be able to access that data. And from there, you can confirm and finish the deployment to make the agents available to users that you added in scope. -Next, as agent adoption grows, you have the visibility into how agents are being used. As a Microsoft 365 admin, you’ll find detailed reporting in the Microsoft 365 Admin Center, alongside other Copilot reports. Starting with the message consumption report, it provides you details on the costs associated with agent use in your organization. Here you can see message consumption trends for metered usage of Microsoft 365 Copilot Chat help you understand where and how messages and agents are being consumed. You’ll find top agent and user message consumption details to help you plan and manage resource allocation and make agent deployment decisions. -Then in the Agents report, you can see overall usage trends by license type, and below that, the types of agents people are using, like user and organization-created agents, as well as agents built by Microsoft and partners, along with a list of top agents in use and top users leveraging those agents. And for broader reporting that you can share with other stakeholders in your organization, you can use Copilot Analytics as part of Viva Insights, where you’ll find summaries for the number of agent sessions of enabled agents across your environment, how usage is trending over time, user satisfaction and resolution rates for agents at aggregate levels, and you can even see the top agents used and how many people are engaging with them. In fact, drilling into that report also shows you how each agent is trending month over month, the satisfaction per agent and resolution rate for each. Drilling in Further, you’ll find additional details for session outcomes, if they were abandoned, escalated, or resolved, estimates of agent-assisted hours to gauge ROI, and even a detailed breakdown of the most popular topics people are using agents for. -Next, let’s switch gears to your data security options for AI apps and agents as part of Microsoft Purview. In Data Security Posture Management, or DSPM, for AI, you’ll find details for each agent in use in your organization. Each shows protection status, high-level usage trends and accounts of protection and compliance policies that apply to each. Then drilling into any agent gives you even more detail about potentially risky activities used with that agent, unethical or inappropriate use flagged by communication compliance policy controls that you have in place, and the use of classified and labeled content as part of agent interactions and sessions. And that’s just scratching the surface for agent protections and controls in Microsoft Purview. -In fact, all agent activity is recorded in audit logs to help conduct investigations whenever needed, and these activities also power additional Microsoft Purview solutions like insider risk management, letting your security teams detect risky AI prompts as part of their investigations into risky users, communication compliance to aid investigation into non-compliant use and AI interactions such as a user trying to get information on sensitive information like an acquisition plan, and eDiscovery where interactions across your Copilot’s agents and AI apps can be collected and reviewed, help conduct investigations and respond to litigations. And those were your controls to set up services and deploy agents in Microsoft 365. Also, where you can find usage insights and your data protection controls specific to agents in Microsoft Purview. -To learn more, check out aka.ms/CopilotAgentControls and keep watching Microsoft Mechanics for the latest updates, and thanks so much for watching.Microsoft 365 Copilot Wave 2 Spring updates
Streamline your day with new, user-focused updates to Microsoft 365 Copilot. Jump into work faster with a redesigned layout that puts Chat, Search, and your agents front and center. New Copilot Search lets you yse natural language to find files, emails, and conversations — even if you don’t remember exact keywords — and get instant summaries and previews without switching apps. Create high-impact visuals, documents, and videos in seconds with the new Copilot Create experience, complete with support for brand templates. Tap into powerful agents like Researcher and Analyst to handle deep tasks or build your own with ease. And if you manage Copilot across your organization, you now have better tools to deploy, monitor, and secure AI use — all from a single view. Describe what you want. Don’t know the keywords to find your content in Microsoft 365? You don’t need to. See how the new Copilot Search works. On-demand expertise. Use agents like Researcher or Analyst to do the thinking for you. Start here. View AI agent activities in Microsoft Purview. Find data security policy matches and see if agents are being used with sensitive information or by risky users. Watch here. Watch our video here. QUICK LINKS: 00:00 — Microsoft 365 Copilot new capabilities 00:36 — Microsoft 365 Copilot app 01:49 — Copilot Search 03:09 — Specialized agents 04:06 — Create experience 06:07 — Copilot Notebooks 07:40 — Updates for IT admins 08:16 — Data security with AI apps & agents in Purview 08:51 — Reports 09:20 — Wrap up Link References Check out https://aka.ms/CopilotWave2Spring Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -So, Microsoft 365 Copilot keeps getting better, and today I’ll show you how the Copilot experience is evolving to make everything easier with new AI-powered capabilities to help you get even more done, and if you’re an IT, I’ll show you new options for agent management, including updates in the Microsoft 365 Admin Center, new data security views and controls, and Microsoft Purview’s Data Security Posture Management for AI, as well as improved reporting and visibility into Copilot analytics from Viva Insights. So let’s start with updates to the Microsoft 365 Copilot app experience, which has evolved to make every interaction easier and more intuitive. Chat is the core of the experience and where you’ll find the app by default and there’s a new navigation moving what’s important to the left side of your screen where you’ll find links to Search, Chat, your Agents, new Notebooks, and Create experiences that I’ll show you in a moment. -Now moving to the center of the app, you’ll notice that there’s a more streamlined view with the prompt box taking center stage. Under that, you’ll find personalized suggestions for what to do next, including upcoming meetings. And as the author prompts, you can quickly pull up an agent right from here to bring in content sources you want like your files, interactions with people, your meetings, emails and more to generate what you want. And even without referencing your work directly, Copilot is connected to it and can find the matching information that you have access to. That’s because behind the scenes, Microsoft 365 Copilot uses advanced AI native vector-based search to find the most relevant content. And now outside of Copilot Chat, you can use this directly from the new Copilot Search experience. It brings together AI search and your work information across Microsoft Graph. -From here, you can easily get to your recommendations and quick access to what you’ve been working on. Then moving to the search bar, you’ll see that search now goes way beyond keyword search that you’re used to compared to Copilot Chat. This is optimized to find specific content items. Now, where you can ask in simple terms, for example, based on what you remember, to quickly find your files, your emails, chats, and meetings for Microsoft 365, and even information and other graph connected line of business systems like you’re seeing here with Jira. Now it knows like-concepts, synonyms, and contextual information around a topic, so you don’t need to know keywords or be precise with search terms. In fact, many of these results don’t contain words from the search, but they’re highly relevant. And based on the top items and the results, Copilot can summarize what search finds in line to save you time. And without having to open its sighted items in separate apps, Copilot will also help summarize and preview those files right from the Copilot app. -Next, we’ve made it easier to access specialized agents, which give you on-demand help to complete tasks that would normally require an expert. Now these include both Analyst to find insights in your data as well as Researcher for written reports, both first-of-their-kind reasoning agents for work. In fact, we dedicated an entire show on reasoning agents that you can check out at aka.ms/reasoningmechanics. And here in the navigation you’ll also find your pinned and recently used agents on top. And clicking into all agents takes you to the new agent store where you can find more agents that are built by Microsoft, also the broader ecosystem, and your company’s own custom agents. And of course, you can also create your own agents right from here by describing what you want your agent to do or configuring it directly with your instructions and knowledge sources. -Then beyond agents and AI-generated content from Copilot Chat, the new create experience lets everyone tap into powerful and personalized design skills where you can create images like the samples you’re seeing on the screen here, powered by the GPT 4o Model for image generation. And you can design a poster or flyer like these ones and they’re also great for cover pages to your reports. And speaking of that, from Create, you can write a stylized draft document using templates and right from here, you can also upload and edit your own images to make them stand out and select parts of images to remove distractions like this tree. Importantly, what sets the Create experience really apart is that you can use brand templates and even bring in your company’s brand kit, and these include your approved company logos, fonts, and colors. In fact, let me show you how this works by creating a new image. -So I’ll start by describing what I’m looking for. I’ll choose a picture of this new shoe from my local device to work from, and now I’ll choose my style that matches what I want to create. Here’s where my company brand comes in. I can choose the brand kit I want with the right color palette and icon. Now this will take a moment to generate and now I have an image that fits my brand and I can add to this same image. I’d like to see a little ground cover in the image. I’d like to ask for some moss and some rocks. Then I’ll give it a second to render a new image and it gets even better with new direct editing options like background removal, object transform, and enhancements. I’m going to choose the erase option, then select this rock and this plant on the right and hit erase. That’s better. Now, I just need to add a text element and I’ll paste in the shoe name and now it’s ready to go and I can download the image right from here. -And for your bigger projects and tasks, Copilot Notebooks is then another new capability. These help you bring together all of your relevant content for your task at hand, including Copilot Chats. And I’ll open this one for Copilot Craft and you’ll see that I can chat with Copilot about everything in here, and it’s filled with reference content and related chat history to keep interactions in scope to what’s here and even create an audio overview of this notebook. Now the last major update that I’ll show from the Microsoft 365 Copilot app experience is with personalization and memory. Where from Copilot settings, you can specify custom instructions and enable Copilot memory. -First, custom instructions let you add details about your interests, your preferences, the tone of what you expect from Copilot responses. Think of this information as something that will get appended to your initial prompts in future Copilot sessions to improve its output. Then, moving back to personalization settings, Copilot memory works in the same way to recall a handful of notable memorable items from previous conversations in real time. Again, this information sits outside of the large language model and is retrieved for future chat sessions. And you have full visibility and control over what is maintained in Copilot memory and can delete what you don’t want to personalize its responses. -Next, I’ll move on to updates for IT admins. We’re adding more controls to the Copilot Control System so that you have the tools that you need to manage, govern, and measure Copilot and now also agents across your organization. You can now manage the agents and agent deployment right from Microsoft 365’s admin center. Here you’ll see a list of agents in use and the ones you’ve blocked. Also, apps where the agents are supported and usage details. You can also deploy agents from here as well, scoping the right users and groups. -Next, we’re also adding more insights and controls for data security with AI apps and agents and Microsoft Purview. The new AI apps and agents page in Data Security Posture Management for AI gives you a single dashboard to view and create policies for your AI apps and agents, where you’ll find coverage for data protection and compliance policies that you already have in place, and clicking into any of these items, lets you discover more insights, including potentially risky interactions, inappropriate use, as well as sensitive information being shared. -And finally, for reports that you can share beyond your administrator and data security teams, using Copilot Analytics and Viva Insights, you can measure the usage and business impact of your agents. And direct from Viva Insights, the new Copilot Studio agents report can be shared with your team, and it provides a comprehensive view of agent use, session outcomes, and you can see how assisted actions are contributing to overall ROI. -So Microsoft 365 Copilot continues to evolve to help you get more done, along with enterprise grade IT controls to help keep your data protected. Now, to find out more, check out aka.ms/CopilotWave2Spring and keep checking back to Microsoft Mechanics for the latest updates. Thanks so much for watching.Microsoft 365 Copilot Power User Tips
Take control of your workday — summarize long emails instantly, turn meeting transcripts into actionable plans, and build strategic documents in seconds using your own data with Microsoft 365 Copilot. Instead of chasing down context, ask natural prompts and get clear, detailed results complete with tone-matched writing, visual recaps, and real-time collaboration. Get up to speed on complex email threads, transform insights from missed meetings into next steps, and pull relevant content from across your calendar, inbox, and docs — all without switching tools or losing momentum. Mary Pasch, Microsoft 365 Principal PM, shows how whether you’re refining a plan in Word, responding in Outlook, or catching up in Teams, Copilot works behind the scenes to help you move faster and focus on what matters. Cut through inbox clutter. Microsoft 365 Copilot in Outlook condenses long email chains into key takeaways. See how to save time with Copilot. Build strategy docs in minutes. Researcher agent asks smart questions and connects the dots. See how to use AI with chain-of-thought reasoning in Microsoft 365 Copilot. From teammate input to polished copy. Prompt Microsoft 365 Copilot to incorporate key meeting info into a shared document. See how it works. Watch our video here. QUICK LINKS: 00:00 — How to put Copilot to work for you 01:09 — Use Copilot in Outlook to summarize email threads 01:57 — Use chain-of-thought reasoning with Researcher 03:55 — Reference your content & meeting recap 05:29 — Use Copilot in Word to build on existing content 06:56 — Use Copilot in Microsoft Teams when late to a meeting 07:52 — Wrap up Link References Check out the free Copilot Academy at https://aka.ms/copilotacademy Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -If you have Microsoft 365 Copilot in your organization today, I’m going to walk you through the top five power user tips, and the lesser known ways in which you can really put Copilot to work for you, saving you time. We’ll go beyond the rich Microsoft 365 Copilot chat experience that’s available to every Microsoft 365 user, where you might be uploading information to inform generated responses. And I’ll focus on what you can do with a Microsoft 365 Copilot license, which lights up experiences within your familiar Office apps, automatically connecting your work data in Microsoft 365 to help you in context as you work. I’m going to start in Outlook, because who doesn’t need help with their inbox? You might already be using Microsoft 365 Copilot in Outlook to help write and quickly respond to emails, or to get help rewriting your existing drafts with auto rewrite, or by using your own detailed instructions to get it just right. -And if you haven’t already tried Copilot in Outlook, prompt suggestions for the things you can do in Outlook are built in for you to get started. These are all time-savers that are core to the experience, but have you ever tried using Microsoft 365 Copilot to help you get up to speed on a long email thread? Well, here, I’ve been added to an email thread, and I don’t necessarily have all the context. As I scroll this super long email with multiple people, there’s too much to take in, and it would take a lot of effort for me to parse it, and this is where Copilot in Outlook can help. By clicking on Summary by Copilot, the entire email thread is processed, and I’m left with a quick summary of the main points from the thread, including key actions specific to me. It’s boiled down about 10 pages of emails into these four bullets. It looks like my team needs my help researching a potential fit for new outdoor and adventure goods with our current electronics products, and I have less than a week to pull everything together. This normally would be a time-consuming effort, but this brings me to my second power user tip. I can now use AI with chain-of-thought reasoning to gather information and work with me to create a new product strategy doc. -From the Microsoft 365 Copilot app, I’ll use a new agent called Researcher. I’ll ask Researcher to develop a product strategy to enter a new market for outdoor and adventure goods. After I enter my prompt, Researcher goes to work. You can see that as part of its first response, it’s paused, and this time, it’s asking me clarifying questions about both the scope and format of what I want it to write. So I’ll respond with key details to answer both of its questions, then it uses my response to move forward. It takes my prompts, understands the task, and starts to build a plan that it’ll use to author a detailed report, and I can follow along. It’s reasoning over information that I have permission to access from internal locations. As it works, I can take a look at its reasoning process in real time. It tells me what it’s doing. It’s identifying our existing business lines, clarifying our product categories, analyzing the potential fit for outdoor products, looking for relevant meetings that I’ve been invited to to analyze the transcripts, and even researches industry trends from the web. What I love about this agent is that it’s actually doing the research to create what I need. -So let’s jump ahead to that final result. On the right, you can see that it’s delivered a thorough response with a fully-documented product strategy in line with what I’d expect from an expert. Starting with an analysis of my existing business, it’s also analyzed the outdoor and adventure gear sector. Then it’s built insights based on our existing business, and how it intersects with outdoor products. It’s added strategic positioning, and a detailed go-to-market plan. So I’ve saved a ton of time, and now, I have a solid, well-researched draft that I can build on with my team. -Next, because my team uses Word to build out these types of plans, I brought everything over to a new doc, and in Word, there are two power user tips for building on existing content using Copilot that I’ll show you. First, you can pull up Copilot on any blank line using the Copilot icon or the Alt + I keyboard shortcut. Beyond what’s here, I know that my team just brainstormed ideas about in-store experiences during a Teams meeting, and I want to use those details directly from the meeting recap to add that to our plan. -With Copilot, I can do that by using the Reference Your Content button. In the Meetings tab, I’ll locate the meeting I want, this one, for location planning, which uses the same Copilot-generated content for meeting recaps in Teams. I’ll pause a second before I complete this prompt in Word to show you the meeting recap first, and give you some context on that meeting. For any transcribed meeting, I can find the recap by going back to the original meeting invite from my calendar, then clicking on the Recap tab. These are AI-generated, and capture what was discussed in meetings that you were in, meetings you were late to, or meetings that you were invited to but couldn’t attend. For example, I missed this meeting, and without anyone taking notes, from AI notes, I can see they discussed placing outdoor products in our retail stores and creating connected outdoor display in our store. There are five cities listed here in Washington and Oregon to launch them. -If I go to the Mentions tab, you can see that I was even mentioned 33 minutes into the meeting. So with that context, I’m going to go back to Word and finish writing my prompt. I’ll ask Copilot to add a paragraph for creating in-store displays discussed in the meeting, with a few additional instructions, and it’s taken the details from the meeting and adding it to our plan. And you can see those five store locations that we saw before in the meeting recap, and in seconds, we’ve transformed the actions from a spoken Teams meeting to add to our written plan. It didn’t just insert the paragraph to the rest of the doc, it’s actually matched the tone and altitude of the rest of our plan, so it doesn’t feel out of place. -And now, everyone’s working together on this document. I can see Adele and Daichi are here. In fact, as I scroll down, there’s also a comment from Daichi to add details about our outdoor products that we’re already working on to release later this year. For this power user tip, I’ll open Copilot, and use a forward slash and start typing. Then choose the email from Daichi, and complete my prompt to add those details. Now, we have details about the outdoors electronics we’ll be launching soon to complete our plan. -And by the way, if I need more inspiration from Copilot in Word, I can use Copilot from the ribbon, and then use the Add menu in Copilot in Word to ask an agent, add an image, and view prompts from the prompt gallery with lots of great options here. This is also available across other Microsoft 365 apps with prompt tips specific to each app. That said, let me show you our next power tip, which is something that’s super powerful. If you’re ever late to a meeting, and join the meeting after it started, you can use Copilot to catch up on what you missed, even shared visual content that was presented during the meeting. -Here, I’m joining a brainstorming meeting, and you can see that I’ve missed the first seven and a half minutes, but that’s okay. I can ask Copilot to bring me up to speed by asking what I missed, and Copilot tells me exactly what was covered before I joined. Next, I can also ask if there were any visuals shared, and not only does it provide a summary of the content that I missed on screen, including embedded text, but it also shares still images of the shared content themselves. This one is an important prototype of the in-store campsite display, highlighting our product lineup. I can even zoom in for a closer look at the image. And because I’m caught up with everything I missed, I don’t need to ask my team to back up and repeat what they’ve already presented. -As you saw with the power user tips I shared today, whenever you use Microsoft 365 Copilot inside your apps, your work data is automatically delivered into the experience. There’s no need to upload or paste work content into your prompts. This also means that your work information retains its protections. For more things to try, check out the free Copilot Academy at aka.ms/copilotacademy. And keep watching Mechanics for the latest updates from Microsoft, and thanks for watching.One-click AI agents in SharePoint and Teams — focused on files you select (Microsoft 365 Copilot)
Streamline your workflow and enhance team collaboration with one-click AI agents in Microsoft 365 Copilot. Automate responses, generate detailed documents, and maintain up-to-date content without moving files outside Microsoft 365. Agents utilize your existing content to provide accurate and efficient outputs, saving you time and ensuring consistency. Integrate them into Microsoft Teams to facilitate real-time information sharing and collaboration. CJ Tan, Microsoft SharePoint and OneDrive GPM, shares the steps to get started building custom AI agents. Create AI agents in one click to handle projects and tasks. Ensure important questions are answered — even while you’re away. See it here. Save time with agents in SharePoint. Scoped to only select SharePoint files for your specific business needs. See how you can create AI agents in one click. Use and share agents in SharePoint in Teams chats. @mention your agent, get instant responses and precise information for team discussions. See it here. Watch our video here. QUICK LINKS: 00:00 — Create specialist agents in one click 00:42 — How to create an agent 02:12 — Data security & version control 02:39 — Customize your agent 04:14 — Access and permissions 05:39 — Test it out 06:23 — Use agents in Teams 07:50 — Agent files 08:25 — Wrap up Link References For more ideas and details for building your own agents, check out https://aka.ms/SharePointAgentsAdoption Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube:https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community:https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast:https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter:https://twitter.com/MSFTMechanics Share knowledge on LinkedIn:https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram:https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok:https://www.tiktok.com/@msftmechanics Video Transcript: -Did you know that if you have Microsoft 365 Copilot, you can create specialist agents in just one click to help you and your team with your specified topics and tasks? For example, imagine if you are working in a different time zone to the rest of your team, so you often wake up to a bunch of their unanswered messages at the start of your day. Now, while you are asleep or away, your agent, grounded in the knowledge you give it, can answer specific questions from your team on your behalf, freeing you up. In fact, all you need to build your agent is your content in SharePoint and an idea for where an agent can help you in the course of your day. Let me show you how easy it is to create one. My team writes product specifications for Contoso Energy’s solar panel arrays. In SharePoint, all I have to do is select the folders or individual files that I want this agent to focus on. -Here, I have files that have already been uploaded. You can also upload new files, where SharePoint will index those files for you in a few moments. I’ll select all of these product specifications. On top of the screen, you can see the create an agent control. I’ll click that. And with just one click, the agent is ready and grounded with all my selected files. And I can try it right from here. So, I’ll prompt it with compare each solar panel array with details on the home range in square feet for the two types of materials offered. Add the average home square footage per array size and price ranges for each. And it gives me all the details across the files that I added as grounding information. So it’s generated a response by panel array type and home square footage. And I can let my agent reason over that information, too. For example, if I’m new to the team and am looking for a product recommendation based on the size of a house. I’ll use my customer has a 2900 square foot home and wants the most efficient solar panel type and the right size solar panel array. What do you recommend? And here, it recommends a specific panel array based on the home size and tells me what panel type is most efficient with more detail. So, let’s rewind what we saw because I want to point out a few things. -First, unlike other options you may have tried, you don’t have to move your files outside of Microsoft 365. You don’t need to worry about version control. Your files are always up-to-date as you and your team continue to edit them. And your agent is always working with the latest information. And all of your data security protections, such as file labels and encryption, remain in place to help prevent data loss. Now, let me walk through another example of this, and this time I’ll customize the agent to show you the options. Let’s say that you spend a lot of time building written project plans. Each has a similar structure and tone, but details will change based on each project-related tasks and other aspects. Wouldn’t it be great to use your existing files as baseline templates, and then just point to a small set of details to author new project plans? Let me show you how that would work. So I’m looking at another SharePoint site for project planning. There are two folders here. This one contains all the recent completed project plans, like you saw before. -Now, I’ll show you what’s in the other folder. It contains project intake forms. I’ll also open up one of these intake forms. And you’ll see that it just lists key details and differentiators for one specific project. So, this time I’m just going to select the Completed Installation Project Plans folder as the baseline knowledge for my agent. Then I just need to click Create an agent. And if I wanted to, I could start using it right away by hitting Try it. But in this case, I want to add a few more details to make it easy for anyone on my team to start using it, so I’m going to choose Edit. Here, I can choose to rename. I’ll do that. There’s an option to brand it with a different icon image, but I’ll skip that for now, and give it a more detailed description here. In the Sources tab, I can see that my SharePoint folder is already selected, and I can choose to add another SharePoint site or more libraries, folders, or files. I can select here up to 20 sources. Importantly, agents do not grant access to your selected content. Which means that for anyone using the agent, they will only get responses based on the files and locations that they already have access to. In my case, I’m going to keep what’s on the Sources tab. -Now, I’ll move to the Behavior tab. Here, I can add a message to help others understand how best to use this agent. And below that, I can add starter prompts. These are recommendations that you can make for anyone to quickly get value from what your agent can do. I’m going to add one here for creating a new project plan based on the defined knowledge from our folder of completed project plans. It also has an instruction to reference a specific project intake form using the paperclip or forward slash. I can add two more starter prompts, but in this case, I’ll remove the other two by deleting the text. That way my agent is focused on this one task. Below that are the instructions for the agent. Here, it’s best to be very specific about your expectations for what it should do. I’m going to paste in a command to output content very close to our completed project plans. I can test it from here, but I’ll hit Save instead, so I can use it full screen from our SharePoint site. So now the agent is ready and discoverable for anyone with access and permissions to this SharePoint site. -Let’s try it out. This agent file is my new agent, and I’ll open it. And I’m going to use the starter prompt that I configured earlier. I’ll use this paperclip button to attach the project intake form that I just opened with the new details and submit my prompt. And you’ll see the output as it’s getting generated is following the structure of the completed project document and adding the details from the project intake form that I referenced in my prompt. Now I have a completed project plan like I wanted. Again, I didn’t need to move files from their original location, and everything remained within my compliance boundary in Microsoft 365. -From here, I can copy the output and put it into Word or an email and make any additional edits. And something else I want to show you is how you will be able to use this agent in the context of Microsoft Teams. I’m going to use Share and Copy link to add this to my clipboard. Now, I’ll move over to Microsoft Teams in a group chat. Note that this also works in meeting chats. So I’ll paste in the link and send it to the group. There it is. I’ll confirm that I want to add it to this chat. And from there, I can just @mention my agent to work with it like a team member in this chat. -This time, instead of asking it to generate a project plan, I’ll prompt it for details about the completed project plans in the knowledge source folder. I’ll prompt the agent with which project plans have been created for locations in Sunnyvale? And I can see that four of them are completed for that location. Now, I’ll prompt it, how many weeks does it take to run the full project for an A400 solar panel array? And it gives me a detailed breakdown of the project phases. Others in this chat can ask follow-up questions, like you’re seeing now, whether smaller homes take less time. And there is another detailed response. So, we can use this information for future projects and customer inquiries. Of course, that is just one example, and you can use the same approach to help develop other types of documents and collaborate with your team. And by the way, your context documents don’t need to be as structured or complete. They can even reference notes or meeting transcripts for similar outputs. -Now, let’s dig into the .agent files that you might have noticed earlier in our SharePoint document library. You can use these files and click on them to open your agents. And the files themselves contain everything that you configured in your agent. Here’s the agent file I built before and this is the schema. And you’ll see the starter prompts here, the agent name, the description that was added, and the instructions, and below that are the selected grounding data sources. Additionally, these files use the same labeling and policy protections as other files stored in SharePoint and OneDrive, too. -So, that was an overview of the approaches you can use for building agents. As you saw, all you need to bring to this experience is your content and an idea for where your agent can help you in the course of your day. Beyond building your own agents, each SharePoint site will include a built-in agent focused on the content on the site, so you can get started right away. For more ideas and details for building your own agents, check out aka.ms/SharePointAgentsAdoption to see what’s possible. And be sure to subscribe to Microsoft Mechanics, and thanks for watching.Oversharing Control at Enterprise Scale | Updates for Microsoft 365 Copilot in Microsoft Purview
Minimize risks that come with oversharing and potential data loss. Use Microsoft Purview and its new Data Security Posture Management (DSPM) for AI insights, along with new Data Loss Prevention policies for Microsoft 365 Copilot, and SharePoint Advanced Management, which is now included with Microsoft 365 Copilot. Automate site access reviews at scale and add controls to restrict access to sites if they contain highly sensitive information. Erica Toelle, Microsoft Purview Senior PM, shows how to control data visibility, automate site access reviews, and fine-tune permissions with Pilot, Deploy, Optimize phases. Protect your data from unwanted exposure. Find and secure high-risk SharePoint sites with Microsoft Purview’s oversharing report. Start here. Secure Microsoft 365 Copilot adoption at scale. Check out the Pilot-Deploy-Optimize approach, to align AI use with your organization’s data governance. Watch here. Boost security, compliance, and governance. Scoped DLP policies enable Microsoft 365 Copilot to respect data labels. Take a look. Watch our video here. QUICK LINKS: 00:00 — Minimize risk of oversharing 01:24 — Oversharing scenarios 04:03 — How oversharing can occur 05:38 — Restrict discovery & limit access 06:36 — Scope sites 07:15 — Pilot phase 08:16 — Deploy phase 09:17 — Site access reviews 10:00 — Optimize phase 10:54 — Wrap up Link References Check out https://aka.ms/DeployM365Copilot Watch our show on the basics of oversharing at https://aka.ms/SMBoversharing Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube:https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community:https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast:https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter:https://twitter.com/MSFTMechanics Share knowledge on LinkedIn:https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram:https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok:https://www.tiktok.com/@msftmechanics Video Transcript: -Are you looking to deploy Microsoft 365 Copilot at scale, but concerned that your information is overshared? Ultimately, you want to ensure that your users and teams can only get to the data required to do their jobs and nothing more. For example, while using Microsoft 365 Copilot and interacting with work data, you don’t want information surfaced that users should not have permissions to view. So, where do you even start to solve for this? You might have hundreds or thousands of SharePoint sites to assess and right-size information access. Additionally, knowing where your sensitive or high value information resides and making sure that the policies you set to protect information continuously and avoid returning to an oversharing state, can come with challenges. -The good news is there are a number of updated tools and resources available to help you get a handle on all this. In the next few minutes, I’ll unpack the approach you can take to help you minimize the risks that come with oversharing and potential data loss using Microsoft Purview and its new Data Security Posture Management for AI insights, along with new Data Loss Prevention policies for Microsoft 365 Copilot and more. And SharePoint Advance Management, which is now included with Microsoft 365 Copilot. This helps you automate site access reviews at scale and adds controls to restrict access to sites even if they contain highly sensitive information. First, let’s look at how information oversharing can inadvertently occur just as it would with everyday search when using Microsoft 365 Copilot. -I’ll explain how it works. When you submit a prompt before presenting that to a large language model, the prompt is interpreted by Copilot and using a process called Retrieval Augmented Generation it then finds and retrieves grounding information that you are allowed to access in places like SharePoint, OneDrive, Microsoft Teams, your email and calendar, and optionally the internet, as well as other connected data sources. The retrieved information is appended to your prompt as additional context. Then that larger prompt is presented to the large language model. With that added grounding information, the response is generated then formatted for the app that you’re using. For this to work well, that information retrieval step relies on accurate search. And what’s important here is as you use Copilot it can only retrieve information that you explicitly have access to and nothing else. This is how search works in Microsoft 365 and SharePoint. The controls you put in place to achieve just enough access will reduce data security risk, whether you intend to use Microsoft 365 Copilot or not. -So, let me show you a few examples you may have experienced where content is overshared. I’ll start in Business Chat. I’m logged in is Adele Vance from the sales team. Her customers are pressuring her for information about new products that haven’t been internally or externally announced. She submits a prompt for 2025 product plans and the response returns a few clearly sensitive documents that she shouldn’t have access to, and the links in the response and in the citations take Adele right to those files. -Now, I’m going to switch perspectives to someone on the product planning team building the confidential plan stored in a private SharePoint site. I’m working on the 2025 product plan on a small team. This is the same doc that Adele just found in Business Chat, and if you look at the top of the document right now, there was one other person who I expect in the document. Then suddenly a few more people appear to have the document open and I don’t know who these people are and they shouldn’t be here. So, this file is definitely overshared. -Now, I’m going to switch back to Adele’s perspective as beyond the product planning doc. The response also describes a new project with the code name Thunderbolt. So, I’ll choose the Copilot recommended prompt to provide more details about Project Thunderbolt, and we can see a couple of recent documents with information that I as Adele should not have access to as a member of the sales team. In fact, if I open the file, I can get right to the detailed specifications and pricing information. -Now, let’s dig into the potential reasons why this is happening, and then I’ll cover how you discover and correct these conditions at enterprise scale. First, privacy settings for SharePoint sites can be set to public or private. These settings are most commonly configured as sites are created. Often sites are set to public, which means anyone in your organization can find content contained within those sites, and by extension, so can Microsoft 365 Copilot. -Next, is setting the default sharing option to everyone in an organization. One common misperception here is just by creating the link, you’re enabling access to that file, folder, or site automatically. That’s not how these links work though. Once a sharing link is redeemed or clicked on by the recipient, that person will have access to and be able to search for the shared content. There are, however, sharing approaches, which auto-redeem sharing links, such as pasting the link into an email and sending that to lots of people. In that case, those recipients have access to the content and will be able to search for it immediately. -Related to this is granting permissions to the everyone except external users group, as you define membership for your SharePoint sites. This group gives everyone in your organization access and the ability to search for that information too. And you’ll also want to look into permissions granted to other large and inclusive groups, which are often maintained using dynamic group membership. And if you’re using Data Loss Prevention, information protection, or other classification controls from Microsoft Purview, labeled content can also trigger sharing restrictions. -So, let’s move on to addressing these common issues and the controls you will use in Microsoft 365, Microsoft Purview, and SharePoint Advance Management. At a high level, there are two primary ways to implement protections. The first approach is to restrict content discovery so that information doesn’t appear in search. Restricting discovery still allows users to access content they’ve previously accessed as well as the content shared with them. The downsides are that content people should not have access to is still accessible, and importantly, Copilot cannot work with restricted content even if it’s core to a person’s job. So, we recommend restricting content discovery as a short-term solution. -The second approach is to limit information access by tightening permissions on sites, folders, and individual files. This option has stronger protections against data loss and users can still request access, if they need it to do their jobs. Meaning only people who need access have access. We recommend limiting access as an ongoing best practice. Then to scope the sites that you want to allow and protect, we provide a few options to help you know where to start. First, you can use the SharePoint Active sites list where you can sort by activity to discover which SharePoint sites should be universally accessible for all employees in your organization. Then as part of the new Data Security Posture Management for AI reporting in Microsoft Purview, the oversharing report lets you easily find the sites with higher risk containing the most sensitive information that you want to protect. The sites you define to allow access and limit access will be used in later steps. Now, let’s move on to the steps for repairing your data from Microsoft 365 Copilot. We’ve mapped best practices and tools for Copilot adoption across Pilot, Deploy, and Optimize phases. -First, in the Pilot phase, we recommend organization-wide controls to easily restrict discovery when using Copilot. This means taking your list of universally accessible sites previously mentioned, then using a capability called Restricted SharePoint search, where you can create and allow list of up to 100 sites, then allow just those sites to be used with search in Copilot. Then in parallel in Microsoft Purview, we’ll configure ways to get visibility into Copilot usage patterns where you can enable audit mode using Data Loss Prevention policies to detect sharing of labeled or unlabeled sensitive content. And likewise, you’ll enable analysis of Copilot interactions as a part of communication compliance. Again, these approaches do not impact information access only discoverability via Copilot and search. -Now, let’s move on to the broader Deploy phase where you will enable Copilot for more users. Here you’ll use the list of identified sites from Microsoft Purview’s oversharing report to identify sites with the most sensitive information. Controls in Microsoft Purview provide proactive information protection with sensitivity labels for your files, emails, meetings, groups, and sites. For each item, you can use more targeted controls to right-size site access by assigning permissions to specific users and groups. And when applied, these controls on the backend will move public sites to private and control access to defined site members based on the permissions you set. Next, you can enable new Data Loss Prevention from Microsoft 365 Copilot policies to exclude specific labels from Copilot prompts and responses. And you can change your DLP policies from the audit mode that you set during the Pilot phase to start blocking unnecessary sharing of labeled content where you’ll now turn on the policies in order to enforce them. -Then, two options from SharePoint Advance Management are to use restricted access control to limit access to individual sites. That way only members in defined security groups will have access, and to limit site access by operationalizing site owner access reviews. Then as an additional fine-tuning option, you can target restricted content discovery on individual sites, like you see here with our leadership site to prevent Copilot from using their content as you continue to work through access management controls. And as part of the Deploy phase, you’ll disable restricted SharePoint search once you have the right controls in place. Together, these options will impact both access permissions, as well as discovery via Copilot and search. -Next, the final Optimize phase is about setting your organization up for the long term. This includes permissioning, information classifications, and data lifecycle management. Here you’ll continually monitor your data security risks using oversharing reports. Then implement auto-labeling and classification strategies using Microsoft Purview, and ensure that as new sites are created, site owners and automated provisioning respect access management principles. These processes help ensure that your organization doesn’t drift back into an oversharing state to keep your data protected and ongoing permissions in check. Now, if we switch back to our initial user examples in Business Chat with our controls in place, if we try the same prompts as before, you’ll see that Adele can no longer access sensitive information, even if she knows exactly what to look for in her prompts. The data is now protected and access has been right-sized for everyone in the organization. -So, those are the steps and tools to prepare your information from Microsoft 365 Copilot at enterprise scale, and help ensure that your data is protected and that everyone has just enough access to do their jobs. To learn more, check out aka.ms/DeployM365Copilot. Also, watch our recent show on the basics of oversharing at aka.ms/SMBoversharing for more tips to rightsize permissions for SharePoint site owners. Keep watching Microsoft Mechanics for the latest updates and thanks for watching.
