Apply sensitivity labels with Microsoft 365 Copilot for secure collaboration

  • 7 minutes

Applying sensitivity labels in Microsoft 365 is essential for securing sensitive information while utilizing AI-driven tools like Microsoft 365 Copilot. These labels ensure that only authorized individuals have access to critical data, maintaining high data security standards. They also support compliance across various applications such as Word, Excel, PowerPoint, Outlook, and Teams. By integrating sensitivity labels with Copilot, organizations can enhance productivity without compromising data protection.

As our marketing team gears up to launch a new service utilizing data analysis and AI, the security of sensitive information remains a top priority. Combining sensitivity labels in Microsoft 365 with Copilot's advanced AI capabilities ensures that our firm's critical data is protected throughout the service launch. This strategy safeguards our data and allows our teams to collaborate seamlessly, boosting productivity and ensuring efficient and safe operations.

Here you learn how to:

  • Understand the function and importance of sensitivity labels in Microsoft 365.
  • Apply sensitivity labels within Microsoft 365 Copilot to enhance data security.
  • Configure sensitivity labels in the Microsoft Purview compliance portal for comprehensive data protection.

Understand Microsoft 365 Copilot

Microsoft 365 Copilot is an AI tool that enhances user interaction with Microsoft 365 applications, including Word, Excel, PowerPoint, Outlook, and Teams. It uses advanced language models, such as GPT-4, to understand, summarize, create, and predict content. Copilot connects with Microsoft Graph, allowing it to access emails, chats, and documents that users have permission to access, offering relevant and context-aware assistance. Its uses include:

  • Drafting documents in Word with advanced language models.
  • Creating presentations in PowerPoint, including generating images using AI tools.
  • Summarizing email conversations in Outlook using natural language processing.
  • Assisting in real-time during Teams meetings with transcription, translation, and response suggestions.

Copilot is designed with a focus on maintaining high standards of security, compliance, and privacy.

The importance of sensitivity labels with Copilot

Integrating sensitivity labels with Copilot prevents unauthorized access to confidential information within the organization. Sensitivity labels ensure that only individuals with the appropriate permissions can access sensitive data, even when Copilot is used to generate or analyze content. This prevents scenarios where unauthorized personnel might inadvertently access sensitive data through Copilot's assistance.

Copilot's role with sensitivity labels

Integrating Copilot with sensitivity labels enhances data protection in Microsoft 365. Copilot can:

  • Recognize and use sensitivity labels during user interactions, ensuring labeled data remains secure and compliant.
  • Respect the encryption specified by sensitivity labels, checking user permissions before accessing labeled data.
  • Apply appropriate labels to content generated by Copilot, based on the data source and user preferences.

For example, if a marketing manager uses Copilot to create a report from documents with different sensitivity levels, Copilot recognizes these labels and ensures the report meets required privacy standards. This integration allows Copilot to boost productivity without compromising data security.

Use sensitivity labels with Microsoft 365 Copilot

Combining sensitivity labels with Microsoft 365 Copilot offers significant benefits in both security and productivity:

  • Automated label inheritance: Copilot automatically adopts the sensitivity labels of the source files it uses, ensuring consistent data security in new documents.
  • Data security: Copilot adheres to the protection settings of sensitivity labels, maintaining data security even when using AI features.
  • Compliance: Copilot manages sensitive data according to the organization's security protocols and compliance standards.

Imagine our global consultancy firm is working on the launch of the new AI-powered service. The project involves drafting various documents and presentations, some of which contain sensitive client information. Using Copilot, the team can efficiently generate these materials while ensuring data protection. For instance, Copilot can draft a presentation in PowerPoint, summarizing key points from highly confidential documents. The sensitivity labels applied to these source documents ensure that the generated presentation inherits the same level of protection, preventing unauthorized access. This way, only the team members with the right permissions can see the confidential information, maintaining strict data security protocols.

Getting started with sensitivity labels and Copilot

To start using Microsoft 365 Copilot with sensitivity labels:

  • Verify prerequisites: Ensure your IT infrastructure supports Copilot and sensitivity labels, including necessary network configurations and software updates.
  • Understand label interaction: Familiarize yourself with how Copilot recognizes and adheres to sensitivity labels, including respecting permissions set by these labels for different types of content.
  • Check licensing requirements: Confirm that you have the appropriate Microsoft 365 E3/E5 licenses for Copilot and Microsoft Purview Information Protection for sensitivity labels.
  • Create and publish sensitivity labels: Use the Microsoft Purview compliance portal to create and publish sensitivity labels. Set up auto-labeling policies if needed, considering both client-side and service-side labeling.

Limitations and considerations

Understanding these limitations and considerations is important for effectively using sensitivity labels with Copilot:

  • Label inheritance and overrides: Copilot honors the inheritance of sensitivity labels, where inherited labels can replace lower-priority manually applied labels but not higher-priority ones.
  • Double Key Encryption (DKE): Copilot can't access or use data protected by DKE, which is reserved for highly sensitive data requiring stringent protection.
  • Context recognition: Copilot doesn't recognize sensitivity labels in certain contexts, such as Teams meetings and chats.
  • App-specific exceptions: In applications like PowerPoint and Word, Copilot can't generate content from encrypted files. -Microsoft 365 Chat considerations: Copilot's ability to retrieve specific content in Microsoft 365 Chat depends on user permissions and involves separate encryption from its sensitivity label.