Microsoft Purview compliance portal: Microsoft Purview capabilities for M365 Copilot

🚨 The Signal: Microsoft Purview now extends its data governance and protection capabilities to Microsoft 365 Copilot in government clouds. This enables security teams to apply existing policies for information protection, data lifecycle, audit, eDiscovery, and communication compliance to Copilot interactions and data.

The Impact

Security and compliance teams are affected, gaining new tools to manage data risk within Copilot.

• Security Teams: Reduced risk of data leakage via Copilot.
• Compliance Teams: Enhanced ability to meet regulatory obligations for AI data.
• Legal Teams: Improved eDiscovery capabilities for Copilot-generated content.
• Audit Teams: Greater visibility into Copilot data access and usage.

The Action

1. Review existing Microsoft Purview Information Protection policies for applicability to Copilot data.
2. Verify Data Lifecycle Management retention and deletion policies cover Copilot-generated content.
3. Confirm audit logging is configured for Copilot activities within Microsoft Purview.
4. Assess eDiscovery holds and search scopes to include Copilot data sources.
5. Evaluate Communication Compliance policies for monitoring Copilot interactions.

Impact: medium · Workload: Microsoft Purview