Forum Discussion
M365 Copilot governance
Hi all, super excited for that buy button!
I have enterprise clients asking about governance, is there a way to audit the semantic index or user queries to M365 copilot as an admin?
Couldn't find relevant info on the docs or the how to prepare blog.
- nothing yet im afraid, I have asked the same question maaaany times already. Since the semantic search feature is still rolling out I am on a regular basis checking the graph API for new info that is available
- nothing yet im afraid, I have asked the same question maaaany times already. Since the semantic search feature is still rolling out I am on a regular basis checking the graph API for new info that is available
- Thank you Marius. We really need more details to ensure clients that they can safely move forward without losing their Purview controls or users gaining unwanted access.
- GabeHo
Microsoft
Hey mbrg0, nothing announced on auditing the index itself yet. Admins will be able to monitor usage through the usage reports in the admin center, check this out for more details Microsoft 365 admin center Microsoft 365 Copilot usage - Microsoft 365 admin | Microsoft Learn.
The permissions model within your Microsoft 365 tenant can help ensure that data won't unintentionally leak between users, groups, and tenants. Microsoft 365 Copilot presents only data that each individual can access using the same underlying controls for data access used in other Microsoft 365 services. Semantic Index honors the user identity-based access boundary so that the grounding process only accesses content that the current user is authorized to access. For more information, see Microsoft’s privacy policy and service documentation.
Data protected using Microsoft Purview Information Protection (MPIP or AIP) labeling will continue to be protected according to those policies. While Copilot generated content currently doesn't inherit MPIP labels from the source, Copilot cites the original source, which will retain the label.
Thank you GabeHo! I appreciate the detailed response.
Would there be a way for admins to audit what users actually did though copilot? What questions they've asked, which documents were accessed, etc'
Re: Purview, could you help me understand the following scenario? If Copilot reads a sensitive word doc on behalf of a user and then writes that response into a new word doc, would the generated word doc have a sensitive data label?
Thanks again! Super excited to start using Copilot!
- It's hard to say at this early stage in the project. As with Audit premium that serves as a way to provide closer monitoring of high-value events within the platform. Saying this though, there's not evidence at the moment of that type of auditing being available. You could look at Microsoft Syntex and Viva Topics to understand how that ML solution provides protection and indexing.
- Thank you!
