News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | Decoding the Security Profile of Microsoft’s CoPilot in

I wanted to dive into an article about the security profile of Microsoft’s CoPilot.  Not the GitHub one covered earlier, but the one within Microsoft 365.    CovereScd in Bleeping Computer, its access to sensitive data raises concerns for information security teams. Copilot can generate new sensitive data and access organizational data based on user permissions. While security measures are in place, such as tenant isolation and training boundaries, organizations must ensure proper permissions and labeling practices to mitigate risks.    While a sponsored content piece, the linked article gives insights into the considerations.  

Some quick insights — Copilot only uses data from the current user’s M365 tenant.    Copilot does not use any of your business data to train the foundational LLMs that Copilot uses for all tenants.   Copilot surfaces all organizational data to which individual users have at least view permissions.  Copilot-generated content will not inherit the MPIP labels of the files Copilot sourced its response from.  Copilot’s responses aren’t guaranteed to be 100% factual or safe; humans must take responsibility for reviewing AI-generated content.

Why do we care?

CoPilot’s ability to access organizational data based on user permissions is a double-edged sword. While convenient, it requires strict permission management. MSPs have an opportunity to offer finely tuned access control as a service.

CoPilot does not inherit the Microsoft Information Protection labels of the source files. This can be a significant issue in regulated environments where data classification is crucial. Again, MSPs have a service opportunity to assist clients in setting up and maintaining proper labeling practices.

Layer in the educational services about the limitations of AI and best practices for using these tools, including a reminder about how human review is necessary.. and a note that fatigue may be a problem as the results look increasingly human-like.

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories