Sdílet prostřednictvím


Configure a communication compliance policy to detect for Copilot interactions

Important

Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.

You can use communication compliance to analyze interactions (prompts and responses) entered into Microsoft 365 Copilot and Microsoft Copilot to detect for inappropriate or risky interactions or sharing of confidential information. Communication compliance can detect interactions in any of the following Copilot apps:

  • Excel Copilot
  • Forms Copilot
  • Loop Copilot
  • Microsoft 365 Chat in Bing
  • Microsoft 365 Chat in Teams
  • OneNote Copilot
  • Outlook Copilot
  • Planner Copilot
  • PowerPoint Copilot
  • Stream Copilot
  • Teams (chats/channels/meetings) Copilot
  • Word Copilot
  • Whiteboard Copilot

You can take advantage of all communication compliance features when you create a communication compliance policy that detects for Microsoft 365 Copilot and Microsoft Copilot interactions, including:

Tip

Get started with Microsoft Copilot for Security to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Copilot for Security in Microsoft Purview.

How it works

Important

Microsoft is committed to making sure artificial intelligence (AI) systems are developed responsibly and in ways that warrant people's trust. As part of this commitment, Microsoft Purview engineering teams are operationalizing the six core principles of Microsoft's Responsible AI strategy to design, build, and manage AI solutions. As part of our effort to responsibly deploy AI, we provide documentation, role-based access, scenario attestation, and more to help organizations use AI systems responsibly.

Any prompt or response entered into a supported Copilot app that matches a communication compliance policy is displayed as a policy match on the Policies page on the Pending tab, with separate entries for prompts and responses. If only the prompt or only the response matches a policy, an item is created on the Pending tab just for that policy match. You can remediate policy matches for Copilot in the same way that you remediate any other policy match.

communication-compliance-microsoft-365-copilot.

The following information is displayed for each item on the Pending tab for Copilot policy matches:

  • Copilot icon: This icon (Copilot icon.) identifies the policy match as a Copilot interaction.
  • Subject column: The value in this column identifies the policy match as a Copilot interaction and lists the name of the app that was used. For example: "Copilot in Excel".
  • Sender column: Sender of the message. If the policy match is a response from Copilot, the value is "Copilot".
  • Recipient column: Recipients included in the message. If the policy match is a prompt to Copilot, the value is "Copilot".
  • Message text: The message text that the user entered (the text that caused the policy match) is shown on the right side of the screen in its entirety.

Prerequisites

To investigate Copilot interactions in communication compliance, you must have one of the following roles: Communication Compliance, Communication Compliance Investigators, Communication Compliance Analysts. You must also be assigned as a reviewer of the policy in the Reviewers field during policy creation.

Create a policy that detects for Microsoft 365 Copilot and Microsoft Copilot interactions

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
  2. Go to the Communication Compliance solution.
  3. Select Policies in the left navigation.
  4. Select Create policy, and then select the Detect Microsoft 365 Copilot and Microsoft Copilot interactions template.
  5. Enter the policy name, select the users and groups to apply the policy to, and then select the reviewers for the policy. Learn more about these options when creating a policy from a template
  6. Review the list of settings chosen for you based on the template, and then select Create policy to create the policy or select Customize policy if you want to make any changes before creating the policy.

Add Copilot as a location for an existing policy

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.

  2. Go to the Communication Compliance solution.

  3. Select Policies in the left navigation.

  4. Select the More actions (ellipsis) in the row for the policy you want to change, and then select Edit.

  5. Select Next two times in the policy creation wizard to go to the Choose locations to detect communications page.

  6. Select the Microsoft 365 Copilot and Microsoft Copilot checkbox to add Microsoft 365 Copilot and Microsoft Copilot as a location.

    Communication compliance locations.

  7. Make any other changes to the policy, and then on the Review and finish page, select Save.

Create a policy to review all Copilot interactions

When you're first working with Copilot interactions, you may want to review all Copilot interactions to get a feel for how people in your organization are using Copilot. To create a policy to review all Copilot interactions, when you create or edit the policy:

  • Make sure that the location is set to Microsoft 365 Copilot and Microsoft Copilot.
  • Make sure that the Review percentage option on the Choose conditions and review percentage page is set to 100%.
  • Do not set any conditions for the policy.

Note

Depending on the size of your organization, a policy that detects all Copilot interactions might result in a high volume of detected messages, which could cause your organization to reach its storage limit. In that case, you may need to make adjustments to the policy to reduce the number of detections.

Remediate policy matches and alerts that contain Copilot interactions

You can remediate policy matches and alerts that contain Copilot interactions in the same way that you remediate any policy match or alert in communication compliance. For example, you can tag a policy match, escalate it, resolve it, download it, or export it. Learn more about resolving policy matches and alerts in communication compliance.

Reports

Copilot interactions that are brought into the scope of a communication compliance policy appear in communication compliance reports and audit data. Learn more about communication compliance reports and audits.

See also