AI readiness and a strong security posture—you can’t have one without the other. Establishing a solid security foundation for your clients and sound data governance is critical for success with Copilot for Microsoft 365 adoption and getting the most out of the tool post-deployment.
While security can be complex, with the right tools, partners and knowledge, managed service providers (MSPs) can tackle this task with ease. Remember that security is evaluated based on the needs of your clients and their data compliance requirements. It won’t look the same for every organization, so stick to what is necessary for your industry and business needs to tackle security in a way that works for you and your clients.
So, let’s explore how to prepare your clients for Copilot for Microsoft 365 adoption regardless of your security expertise and with your existing stack. While this is not an exhaustive list of everything that needs to be done pre-deployment, this framework is a great starting point when it comes to security preparedness for AI tools.
Level up your MSP’s AI readiness: Download your free guide to get started today!
Lay the groundwork: Security best practices for Copilot for Microsoft 365
The first step is easy, stick to the basics. There are a couple of fundamental requirements for any organization wishing to use an AI tool like Copilot for Microsoft 365.
Get your clients’ data into the Microsoft 365 Cloud (if it’s not already)
To provide quality output, Copilot needs access to data in the Microsoft 365 cloud. This means any clients still using on-prem servers or not yet using Microsoft 365 will first need to move their data over.
Have a lot of clients who still need to migrate to Microsoft 365? This is an opportunity to package migration services with Copilot for Microsoft 365 as part of your Copilot for Microsoft 365 offer to help boost your profits, add value and enhance client satisfaction with AI and your MSP.
Set a security baseline
Before creating an action plan, get to know your clients’ current state when it comes to security.
- Use Microsoft’s Secure Score to get a snapshot of your clients’ security posture and where they could strengthen their defenses.
- Microsoft 365 Lighthouse is another tool you can use to get a holistic view with the ability to drill down into specific devices without having to navigate multiple portals or tenants.
- Sherweb also offers exclusive tools to help partners get AI ready and secure their clients’ Microsoft tenants. Contact our team to start a Copilot security discussion with our experts.
Ensure your clients have proper Microsoft licensing
While there are several licenses that can be used with Copilot for Microsoft 365 (more on that below), Microsoft 365 premium licensing offers the best of security and Copilot functionality. This includes Microsoft 365 Business Premium, E3, E5, plus an E5 security add-on available for Business Premium and E3.
These licenses may not suit all your clients’ needs but for those using these licenses, security is largely pre-configured, lightening the load for you and your clients.
Get to know Copilot for Microsoft 365 security principles
Once you’ve checked these foundational items off your list, time to dig a bit deeper into AI security preparedness by getting to know Copilot for Microsoft 365’s security principles.
If you’re already familiar with Microsoft’s security principles, there will be no surprises. Copilot adheres to Microsoft’s existing commitments to data privacy, security and compliance, including General Data Protection Regulation (GDPR) and regional data boundaries.
Since Copilot is integrated into Microsoft 365 apps, it also automatically inherits the valuable security, compliance, and privacy policies and processes that have already been put in place within a company’s tenant.
Data stored in the tenant is encrypted and only users within that tenant can access it. Existing policies along with the data permissions model within the tenant ensure the data doesn’t leak between users, groups and tenants as you start to roll out Copilot for Microsoft 365. Users will only be able to search for information they already have access to and Copilot’s output is based on the same underlying controls for data access used in other Microsoft 365 services.
Zooming out a bit, a company’s tenant sits within the Microsoft 365 service boundary. The large language models (LLM) that are used to process data and provide Copilot outputs sit in that same boundary. Microsoft does not have access to view your data and prompts are not used to train or optimize the LLM.
With this in place, you can confidently assure your clients that Copilot respects their data and security, and they can rest assured that their organization’s data is secure as they prepare to introduce AI tools into their workflows.
Establish best practices for data governance
The next piece of the puzzle is data governance. Since Copilot draws responses from all accessible data in your tenant, data governance is an essential part of the AI readiness conversation.
In short, data governance is the process of discovering and classifying data, creating policies and rules to enforce these policies, and applying metadata to describe what the data asset is. If you don’t have proper data governance in place, there are security concerns when using an AI tool like Copilot, such as a risk of data oversharing and leaks.
Benefits of good data governance
Luckily, there are ways to avoid this. Establishing best practices provides good data hygiene habits, proper data classification, removes obsolete data, prevents Copilot from accessing outdated information and restricts access to only the necessary data. This also gives you the opportunity to improve data governance and properly map your clients’ data to provide the best possible experience as they prepare to adopt Copilot and roll it out to their employees.
Not sure where to start when it comes to data governance? Specific Microsoft licenses like Business Premium offer tools that can help streamline this process of building a modern security practice and will work with Copilot immediately. For clients that would benefit from a more premium license, this is a prime upsell opportunity from Business Standard, providing not only the foundational licenses your clients need to use Copilot, but also providing tools to help them with security and data governance so they can succeed with AI.
Get your clients’ data ready for search: Access controls and policies
With Business Premium, one of those tools is Microsoft Purview, a simple way to secure and govern your data. This is an amazing tool for helping you ensure your clients are ready to tackle any security concerns related to Copilot for Microsoft 365.
- Discover and classify sensitive data: AI hub in Purview provides visibility into prompts, giving you an overview of sensitive data and context around user risk.
- Create an endpoint data loss prevention (DLP) policy: Purview can help you do this for specific devices to prevent data being uploaded or copied to other AI apps by identifying high-risk users. Adaptive Protection ensures those users can still carry out legitimate business activities, despite the DLP policy.
- Automate data labeling: You can define data that should be labelled as sensitive, whether it includes credit card numbers or specific keywords, to automate the process and ensure only authorized users can access this type of data through Copilot prompts.
Depending on where your clients fall in terms of readiness, Restricted SharePoint Search gives you and your clients time to review and audit site permissions while maintaining momentum with their Copilot roll-out. Included with Copilot for Microsoft 365 subscriptions, this is a great way to minimize the risk of oversharing or exposing unauthorized content to users.
- This tool applies access controls across an organization. It allows you to disable organization-wide search and restrict Copilot searches to SharePoint sites of your choice.
- By default, Restricted SharePoint Search is disabled. If enabled, search results are limited to:
- An allowed list of curated SharePoint sites set up by admins (with up to 100 SharePoint sites), honoring sites’ existing permissions
- Content from their frequently visited SharePoint sites
- Users’ OneDrive files, chats, emails, calendars they have access to
- Files that were shared directly with users
- Files that users viewed, edited, or created
- Copilot will also have less information to search and reference which can affect its ability to provide comprehensive, accurate responses. For this reason, you’ll want to disable it before deployment.
- Combined, Purview and Restricted SharePoint Search are valuable tools in the pre-deployment stage of Copilot to ensure data is discovered, protected and proper governance is in place.
Make sure your clients have all prerequisites in place
Since Copilot is integrated into Microsoft 365 Apps, the requirements for using it are nearly identical to what you need to use Microsoft 365 with some added steps around security.
Here’s what your clients need before deployment:
- Microsoft 365 Apps must be deployed
- Users must have Microsoft Entra ID accounts
- Users must have a OneDrive account
- One of the following licenses:
- Microsoft 365 E5
- Microsoft 365 E3
- Microsoft 365 F1
- Microsoft 365 F3
- Office 365 E5
- Office 365 E3
- Office 365 E1
- Office 365 F3
- Microsoft 365 Business Basic
- Microsoft 365 Business Premium
- Microsoft 365 Business Standard
- Microsoft 365 Apps for Business
- Microsoft 365 Apps for Enterprise
- Microsoft Teams Essentials
- Microsoft Teams Enterprise
- Microsoft Teams EEA (European Economic Area)
- Exchange Kiosk
- Exchange Plan 1
- Exchange Plan 2
- SharePoint Plan 1
- SharePoint Plan 2
- OneDrive for Business Plan 1
- OneDrive for Business Plan 2
- Microsoft Planner Plan 1 (formerly Project Plan 1)
- Microsoft Project Plan 3
- Microsoft Project Plan 5
- Project Online Essentials
- Visio Plan 1
- Visio Plan 2
- Microsoft ClipChamp
- The appropriate update channel—using the Microsoft 365 Apps admin center, choose either Monthly Enterprise Channel, Current Channel or Current Channel (Preview).
- The proper network configuration
With updates happening constantly to the licensing requirments be sure to check the latest announcements from Microsoft and their FAQ. For additional details on network and channel requirements, check out Microsoft’s Copilot for Microsoft 365 requirements or visit the Microsoft 365 admin center under Setup. Here you’ll find the Copilot for Microsoft 365 set up guide to make any remaining configurations. This tool walks you through readiness, licensing, and rolling out Copilot to users.
Assign licenses and create a user group
When your clients are ready to deploy, a great way to test security and data protections that have been put in place is to start with a pilot group of users. Organizing and running this pilot group for your clients is another professional service you can package with your Copilot offer.
Once deployed to the pilot group, work with your clients to test and adjust based on the findings from the group.
When all is working as intended, you can broaden deployment to new user groups. Be intentional about who you roll it out to and test across functions to ensure your clients get the most from this powerful AI tool.
Simplifying Copilot for Microsoft 365 for MSPs
Getting started with Copilot and driving Copilot adoption doesn’t have to be overwhelming. Sherweb’s team of experts is here to help you every step of the way. We’ve been mastering the Microsoft ecosystem since 2005 and we have the expertise and the resources to help you get more from Microsoft and Copilot for Microsoft 365.
If you’re looking for an experienced partner you’ve come to the right place!
Want to stay on top of Microsoft Copilot developments? Ready to experience the future of work? Copilot is now available for MSPs to offer to their clients via Sherweb’s portal. Not yet a Sherweb partner? Getting started is easy, learn more about the Microsoft Cloud Solution Provider Program at Sherweb.
Sherweb is committed to helping MSPs not only make the most of their Microsoft relationship, but capitalize on opportunities that will drive growth for their business as well. As Microsoft 365 Copilot rolls out and evolves, we’ll continue to provide updates and assist partners and their clients in leveraging this AI technology for their benefit. Our expert team will guide you through the implementation process and help you unlock the full potential of this revolutionary tool.
Don’t wait to unleash the power of AI in your organization. Discover how AI can transform your business.
Download your guide to Copilot today!