Microsoft 365 Copilot and Agents in Microsoft 365: What You Need to Know about Copilot Security and Governance
The Power and Risks of Generative AI
On May 8, 1793, during the French Revolution, the French National Convention, in a collection of decrees, wrote: “With great power comes great responsibility.” Years later, in 2002, Stan Lee featured this quote in the first Spiderman movie, where Uncle Ben imparted these wise words to his young nephew, Peter Parker, just before Peter gained his superpowers. Little did either the French National Convention members or Stan Lee know that this would apply well to artificial intelligence (AI) in 2024, including Copilot security.
In June 2024, Sam Altman, the CEO of OpenAI, said, “Generative AI is one of the most exciting and powerful technologies of our time, but it also presents new challenges and risks that we need to address thoughtfully and proactively.”
Microsoft is Rapidly Innovating in AI
Microsoft has been rapidly innovating in AI, and nowhere was this more visible than at Microsoft Ignite, which I attended in Chicago in November 2024. Microsoft 365 Copilot has been commercially available since January 2024 with new features being constantly released.
During Ignite, Microsoft introduced additional Copilot offerings, including the out-of-the-box, purpose-built “Copilot Actions, new agents and tools.” The agents have particularly powerful capabilities and are built into many Microsoft products. The Copilot capabilities can save you and your organization a significant amount of time, making you far more productive.
Develop an AI Strategy and Roadmap for Your Business
Are you ready to join the AI revolution? Early and effective AI adoption is crucial for maintaining a competitive edge.
What are Agents in Microsoft 365?
First Microsoft 365 Copilot was introduced, and now we have agents – why should you care? Microsoft 365 Copilot and agents in Microsoft 365 promise to change the way we work and significantly increase productivity. I have no doubt that they will hold true to their promise, if not all immediately, then in time. At the pace Microsoft and some of its competitors are moving, I predict that it will not be long.
According to Microsoft, agents “will take on unique roles, working alongside or on behalf of a team or organization to handle simple, mundane tasks as well as complex, multi-step business processes.”
The range of agents that Microsoft introduced is broad. The agents that stood out to me are agents in SharePoint, custom agents created from the Copilot Studio agent builder and Microsoft’s first-party agents.
Agents in SharePoint
These agents are built to empower teams to gain insights faster and make informed decisions based on specific SharePoint content. Agents in SharePoint allow users to easily create their own agents tailored to specific files, folders or sites that support common business processes.
Example: A team uses a SharePoint document library to track all their requests for proposals (RFPs) and the team has been using this document library for a year. In each case folder, files track the name of the client, primary workload, due date, response owner and response participants. The team creates a SharePoint agent tailored to this document library that allows them to work on RFPs more efficiently and consistently.
Copilot Studio Agent Builder
Users with appropriate permissions can build custom agents directly within the Copilot Studio agent builder in Microsoft 365 Copilot Business Chat (or “BizChat”), personalizing the agent’s name and behaviors. These agents can be used across emails, meetings and chats, with users being able to ask the agents questions and get real-time responses.
Example: A team needs to quickly prepare a presentation for an upcoming client meeting to pitch their new “data shield” offering. The collateral for the offering is stored in a SharePoint site. The team can build an agent directly from BizChat using the Copilot Studio agent builder and instruct it to use the Data Shield site as its information source. The team’s use cases for the agent are:
- Quick Summaries: “Please create a five-minute elevator pitch about the ‘data shield’ offering.”
- Comparative Analysis: “Create a custom pitch, highlighting the rigorous research and development process, the benefits and the differences between the ‘data shield’ offering, and the ‘data protect’ offering.”
- Faster File Searches: “Find the latest employee engagement survey results.”
First-Party Agents
First-party agents are specialized AI assistants that Microsoft has built to enhance the capabilities of Microsoft 365 Copilot. They include:
- Interpreter Agent in Microsoft Teams
- Teams transcription capabilities can give you a summary of the meeting so far when you join late or a summary of the entire meeting in the supported language of your choice. The Interpreter agent adds to those capabilities to provide real-time speech-to-speech interpretation during meetings.
- You can also opt to have an agent simulate your speaking voice for a more personal and engaging experience. (Author’s note: Ok, I will admit, I find this one a bit creepy).
- Facilitator Agent in Teams Meetings and Chats
- Takes real-time notes in Teams meetings and chats.
- Employee Self-Service Agent
- Quickly answers common HR, IT and other policy questions.
- Can help employees understand their benefits, request new hardware or software from IT and more.
- Can be customized by your staff to meet the unique needs of your organization.
- Project Manager Agent
- Automates project plan creation.
- Completes tasks in Microsoft Planner.
These agents, pre-built by Microsoft, quickly provide value for a variety of customer types. At Withum, as a services company, we’re using these agents today, including the Project Manager agent to automate the creation of project plans, the Facilitator agent to help us take real time notes in customer meetings and to catch up on what has been discussed in a meeting if one of us is late to a meeting.
Agent Availability
The following table outlines the availability for the agents discussed in this article, which were announced at Microsoft Ignite:
Examples | Availability |
---|---|
Agents in SharePoint | Available immediately |
Copilot Studio agent builder | Available immediately |
Employee Self-Service Agent | Available in private preview |
Facilitator agent within Teams meetings and chats | Available in public preview (on a slow rollout basis) |
Interpreter agent | Available in preview early next year. |
Check out Withum and Microsoft’s webinar, where we discuss securely rolling out Copilot
Click to watch anytime: Key Steps to a Secure Copilot Deployment – Withum
Copilot Security and Governance in Microsoft 365 Copilot and Agents in Microsoft 365
As agents roll out across your Microsoft 365 environment(s), it is critical that you pay attention to them. As powerful as they are, all of them require the technical equivalence of “great responsibility” – great governance, strong security and more to prevent them from being misused.
Information that you thought was secure but was “secure by obfuscation” and is accessed by Copilot and agents will quickly and easily be accessible to users who should not be accessing it. Therefore, it is crucial to ensure high-quality data management and use a mix of governance approaches, combining products like Microsoft Purview with human analysis to identify security and information management policies and ensure that access rights are properly enforced. Once you have done that, you can then safely and securely benefit from agents.
To get started, your first step can be to view Withum’s secure Copilot deployment webinar, presented with Microsoft. In the webinar, we address common concerns about securely deploying Microsoft 365 Copilot and introduce our answer to these challenges: Microsoft Copilot Data Shield. Our Data Shield solution tackles critical challenges in data transparency and governance, as well as legacy permission issues, providing you with a robust framework to protect sensitive information and maintain compliance.
Be on the lookout for additional webinars we will be offering focusing on the Copilot security and agents mentioned above. Our Data Shield offering for regular Windows Copilot is also on the Azure Marketplace, located here.
Contact Us
Whether you’re just starting your AI journey or looking to enhance your existing capabilities, Withum will meet you where you are. Contact our AI Services Team today to see what’s possible.