Making the most of Microsoft 365 Copilot


  • Authored by Jessie Jeffery Business Development Guru at CyberGuru and self-confessed proud geek, learn more about considerations for Microsoft Copilot guard rails and security, and how it can best be adopted to free up time and administrative tasks in your organisation.
Blog article tiles - 20240710 Microsoft 365 Copilot

In the past few months Microsoft has made Copilot for Microsoft 365 available to the general public. It’s a big opportunity for businesses to become more productive, although it needs guard rails in place to protect businesses ensure data security.

Copilot for Microsoft 365 provides the integration of ChatGPT into the Microsoft 365 services such as Outlook, Teams and Word. It also gives users the ability to ask questions about their own data in Outlook, SharePoint and OneDrive. It is different to Microsoft Copilot (formerly known as Bing Chat) and requires a paid licence.

It works by building a semantic index of the user based on the user’s data in SharePoint, OneDrive and Outlook. This index helps Copilot for Microsoft 365 to provide more personalised responses to user, based on their role in the organisation. The security settings of the Microsoft tenant apply to Copilot for Microsoft 365, and the data never leaves the tenant. Copilot for Microsoft 365 is backed by Microsoft’s Copilot Copyright Guarantee.

Analysis of Microsoft’s early access program revealed 70% of users became more productive, which was achieved by empowering users to spend less time managing email, finding information and other boring and mundane tasks. The net result was that on average, users saved 10 hours per month. With Copilot for Microsoft 365 licences costing USD$30/user/month, it represents an excellent return on investment.

Personally, I’m saving up to six hours per week, with some of my favourite use cases being:

-    Writing emails in Outlook in my style

-    Creating meeting notes and to do lists from Teams calls and webinars

-    Content generation in Word and PowerPoint

-    Data analysis and trend identification in Excel

-    Asking questions of my data such as what emails need to be on my radar

This allows me to spend my time doing more meaningful activities as it reduces the time I spend doing routine administrative tasks and procrastinating. Ultimately, at a time when recruiting and retaining staff is such an issue, Copilot for Microsoft 365 could potentially provide a competitive advantage by helping staff manage their work loads and reducing the administrative tasks.

Some companies have experienced the effects of redundant, obsolete, trivial (ROT) data in affecting the quality of their Copilot for Microsoft 365 outputs. In these cases, a data cleansing and archiving step has been required to improve the quality of the outputs. Data hygiene also plays a significant role in the output, as data saved haphazardly can make it more difficult to identify and lock down access to sensitive information.

As with any technology, there are significant security risks which need to be managed. Where a Microsoft 365 tenant has not been secured effectively, the risks of both internal and external threats are amplified by the use of Copilot for Microsoft 365. For example, with the ability to generate a draft email which sounds like the user, the potential for harm if account is hacked is magnified as it becomes more difficult for other users to identify compromised emails sent from the account. Similarly, the hacker could ask Copilot for Microsoft 365 about any sensitive information accessible by that account.

At a recent Microsoft event, the speaker gave a harrowing example of the potential for insider threats goes up dramatically when access to files is not limited to only those who need access. A construction firm in Sydney failed to lock down their HR files, so when an employee asked Copilot for Microsoft 365 to generate a list of all female employees under the age of 35, and their contact details, it did. The employee was only caught because he tried to email the list to his friends, and the message was flagged by the company’s data loss prevention (DLP) policies.

This scenario highlights the need for a Copilot for Microsoft 365 readiness assessment accompanying strategic plan to ensure that Microsoft 365 is sufficiently secured before rolling it out. There are various methods of securing Microsoft 365, but an important one is managing the Microsoft Secure Score.  Industry best practice suggests a minimum score of 80% but the average Australian business sits at 30%. We see Microsoft Secure Score management, which is an ongoing process, as being a fundamental risk minimisation strategy for Copilot for Microsoft 365.

Copilot for Microsoft 365 is a powerful tool with widespread applications across a range of different industries and organisation sizes. As with the implementation of any technology, a considered approach is required to ensure the readiness of the organisation and its data, as well as monitor and mitigate cyber threats.