Copilot and Agent Administration

AB-900

https://www.youtube.com/watch?v=DUydgD7SkEo

Zero trust

  • Verify explicitly (every request user, device, application is authenticated and authorised)
    • Authentication (AuthN) – that person is that person – MFA, passkey, Hello for business (H4B), certificate based authentication, password (bad) etc.
    • Authorisation (AuthZ) – what you can do. Conditional access (feature of Entra). 
  • Least privilege access
    • Just Enough Administration JEA: Role Based Access Control (RBAC), Identity governance (entitlement management access packages).
      • Security groups that users are put into. That group gets a role. Global Admin is highest role, it can do anything. Assigning these roles is called Role Assignment
        • Dynamic group, rule and if true you are in the group, e.g. department=IT.
      • M365 Group – for collaboration like shared mailbox or shared calendar.
        • M365 Admin Portal to manage these, distribution lists etc.
    • Just In Time JIT – get the permission just at the time needed then lose it: Privileged identity management PIM – to activate higher privileges for that role for limited time
  • Assume breach – Look at and correlate signals. Microsoft Sentinel does this. All the signals come in, e.g. Defender for Endpoint. Domain Controllers (Defender for Identity). Sentinel can then Hunt for threats, use AI to detect threats.
    • Defender XDR – coordinated and adapted protections
    • Identiy important. If on prem in AD, and also in cloud, it is hybrid. In AD you have a password hash. Cloud needs it to so you create a hash of the hash.
    • Single Sign on (SSO) Authenticate once, and then can use all the related services

M365 Capabilities

  • M365 tenant is made up of 1 or more domains
  • Exchange online – mail, calendar
  • Teams – chat, meetings
  • SharePoint Online – Content management, intranet platform, co-authoring
    • Visitor: read only
    • Member: edit capabilities
    • Owner: full control
  • OneDrive – personal collection of documents
  • A Semantic Index sits above Microsoft Graph that spans all the data in these tools. RBAC is enforced here. If requestor doesn’t have access to a document or piece of data, neither does the Semantic Index.
  • Microsoft Graph spans all these tools. Understands all the data that is in all these different services. Provides a single API to work with that M365 data.
  • Work IQ does the same as Graph but for other AI apps (uses the semantic index)
  • AI
    • LLMs powering Copilot and Agents, use Retrieval Augmented Generation RAG, by asking Microsoft Graph (which goes to the Semantic Index). No training is done on your data or prompts, the LLMs aren’t trained on it. Your business interactions don’t train the model for future use.
    • Copilot – assistant – working with the human (on behalf of a user). It can only see and do what the user can see and do.
    • Agents – can be autonomous – (on behalf of a business process) retrieve info, performing task when asked, acting autonomously. Have their own identity as typically need to access a broader range of data than a user. Identity fully customisable.
      • Prebuilt – writing coach, prompt coach, researcher, analyst agent (a data scientist), sharepoint has an agent for each of its sites
      • Custom (CoPilot Studio or VS Code).
    • Prompts can be saved, shared, scheduled.
  • Responsible AI
    • Transparency (know the source data )
    • Auditability (prompt history etc for admin)
    • Safe (block offensive content)
    • Data minimised

Getting Data AI Ready

  • Semantic Index finds everything. Might have had a SharePoint site ages ago and I forgot about. Semantic Index now expose it. 
  • Before there was security by obsurity (which is terrible, but it kind of worked and it doesn’t work anymore)
  • Big problem is SharePoint sites that are mispermissioned, they have not restricted things correctly
  • SharePoint advanced management, part of M365 copilot licensing. Permission site report (PSR) can be generated (oversharing report) that will show sites we think are overpermissioned
  • Site owner can then do a site access review (SAR) to validate the people that have access and what should be restricted.
  • If I believe a site is completely mispermissioned, I can do a Restricted Content Discovery (RCD). I set this at the site level and now the semantic index and co-pilot will not use it to search and ground on the content.
  • If organisation in a really bad state, can use Restricted SharePoint Search (RSS). 100 sites max. If it’s a hub site, it includes the child sites (they don’t count towards the 100). Can restrict to only those sites I add to this Restricted SharePoint Search. E.g. Big mess, but HR site and a few others are ready, I can add to this and use copilot with that. 

Content Protection

  • Purview protects whole M365 stack.
  • Information Protection
    • define sensitivity labels that can be applied to data like OneDrive, SharePoint.
    • labels can mandate certain things like, I have to encrypt the data, show watermarking on the data, restrict who is allowed to access that data
    • will go and discover where sensitive data is. Will then automatically classify it using built-in rules, custom rules. Labels can be manually applied but also automatically applied based on these.
    • There are trainable classifiers, so I can feed in a whole set of data and it’ll use AI to work out, what are the characteristics of these documents that make it this certain classification, and it just does all of that for me.
  • Data Loss Prevention (DLP)
    • Stopping of leaking of sensitive data
    • Blocking (cannot share the data or it notifies you)
    • Notifications: this person is sharing / copying this data
    • Can target Copilots. So say, I don’t want copilots accessing this data and reasoning on it.
  • Data lifecycle management (DLM)
    • Retention policies – keeping, archiving, deleting
  • Insider Risk Management
    • Activties that are unusual, e.g. someone suddenly copies 300 documents to Dropbox
    • Can be paired with Data Loss Prevention for something called Adaptive Prevention. So as risk increases, more restrictive DLP policy to block them from copying out the data.
  • Communication Compliance
    • Looking at email, Teams, Yammer. Meeting regulatory and organisational policies on standards of communication between people
  • Data Security Posture Management (DSPM) for AI
    • Looks at sensitive data being used by AI to help assess and enforce policies over the AI use of the data.
    • Capture AI prompts used, the responses, use an activity explorer to actually go and see it and look at co-pilot interactions for the last 30 days.
  • Tools
    • Compliance Manager
      • Specify a regulation and then get a compliance score. Then get a list of controls I need to enable and assign them to people to help improve and track that progress.
    • Data explorer
      • helps see where sensitive data is, find all my social security numbers, find credit card numbers.
    • Content search and eDiscovery
      • To locate, review, preserve information based on an audit or legal request or internal investigations

Licensing

  • Copilot chat – works with web content. Cannot work against Microsoft Graph (no work data) – free
  • Copilot agent support for personal or family plans that is not ground in work data
  • M365 Copilot – Can access Microsoft Graph – paid
    • Business plan – lacks Purview and insider risk management
    • Enterprise add on for M365 E3 E5 has Purview and Insider Risk Management
    • Office E3 E5 S3 has Purview and Insider Risk Management
    • Paid can be per user per month or pay as you go (uses Azure subscription)
    • Licenses can be assigned per user, but makes more sense to assign it to groups, then add users into those groups.
  • Copilot Studio – Can access Microsoft Graph – paid
    • Per user per month or Credit packs 

Adoption

  • Can be enabled or diabled at tenant level or group level (preferred)
  • Pilot > training > broader adoption > feedback
  • In M365 admin portal
    • under billing > licenses, I can see number of active copilot licenses and how many have been assigned.
    • Can also see who is using it and who just has a license. When are they using is and where are they using it. Reports > usage
  • Viva Insights
    • Gives Copilot analytics. How many meetings were summarised. How often Copilot summarised email threads. What ares of work are seeing the heaviest AI interaction

Tools

  1. Current Security Posture
    1. Microsoft Secure Score: score, dashboard recommendations
    2. Microsoft Purview Compliance Manager: Compare to HIPAA, ISO 27001 etc.
  2. Identity Protection
    1. Microsoft Entra ID
      1. Conditional Access Policies
      2. Risk based authentication (impossible travel)
      3. Identity governance (access reviews)
      4. Cloud based identity and access management system for M365. Signing in goes through this.
  3. Endpoint Compliance
    1. Microsoft Intune
      1. Endpoint compliance policies
      2. App protection policies (prevent copy paste, require PIN etc)
      3. Endpoint analytics: identify outdated software, device crashes etc)
  4. Classify and Protect Data
    1. Microsoft Purview Information Protection and Data Loss Prevention (DLP)
      1. Sensitivity labels
      2. DLP policies (emailing list of social security numbers, block, warn, or require justification)
      3. Policy tuning and incident response (monitor policy violation, investigate incidents)
  5. Monitor and Respond to Threats
    1. Microsoft Defender for Endpoint
    2. Microsoft Sentinel:
      1. Aggregate logs and alerts from M365 and non-Microsoft sources
      2. Hunting for threats
    3. Microsoft Defender for Identity: monitors Entra ID traffic for signs of compromise
  6. Educate Users
    1. Defender for Office 365: attack simulation
    2. Viva learning: security awareness campaigns

Microsoft Defener XDR:

  • A comprehensive security solution
  • Integrated with Purview for data security investigation and insider risk management
    • Purview is designed to complement Defender XDR by providing compliance, governance, and data protection capabilities. E.g. If a user attempts to email a sensitive document to an external recipient, Purview can block the action or require further approval, reducing the risk of accidental data exposure.
  • Includes:
    • Defender for Office 365
    • Defender for Endpoint
    • Defender for Identity
    • Defender for cloud apps

Zero Hour Auto purge (ZAP)

  • Retroactively removes malicious messages from mailboxes after new threat identified.

Threat Explorer

  • Investigative tool in Microsoft Defender for Office 365 Plan 2

Threat Analytics

  • Reports by Microsoft’s security researchers

Microsoft Threat Intelligence Center (MTIC)

  • Nerve center of MS’s global security operations