Download to read offline
Uploaded byNikki Chapple
Managing Microsoft 365 Copilot and Third-Party Generative AI: Securing Data, Monitoring Usage, and Mitigating Risks with Purview and Defender
Title | Managing Microsoft 365 Copilot and Third-Party Generative AI: Securing Data, Monitoring Usage, and Mitigating Risks with Purview and Defender Presenter | Nikki Chapple, 2 x MVP and Principal Cloud Architect at CloudWay Event | Commsverse 2025 Format | In person, Deep Dive Technical Session Location | Mercedes-Benz World, Brooklands, UK Date | 19 June 2025 Description: With generative AI tools such as Microsoft 365 Copilot and third-party platforms rapidly entering the workplace, organisations face new challenges in protecting sensitive data and maintaining compliance. This session, led by Nikki Chapple—Microsoft MVP and Principal Cloud Architect at CloudWay—offers practical strategies for IT professionals, architects, and compliance managers to monitor, secure, and govern AI usage across Microsoft 365. – Begin your AI journey with a clear understanding of how Copilot and third-party generative AI apps interact with organisational data. – Discover how Microsoft Purview and Defender for Cloud Apps provide visibility into AI activity, helping you identify data exposure risks and detect shadow AI usage. – Learn to assess the risk profile of over 1,000 generative AI apps using Defender’s Cloud App Catalog, and find out which apps are being used in your environment with Cloud Discovery. – Apply real-time controls to block access to unsanctioned AI apps, sync policies to Defender for Endpoint, and enforce URL restrictions on managed devices. – Stay ahead of emerging threats by tracking new generative AI apps and setting up governance actions and alerts for suspicious activity. – Explore Data Security Posture Management for AI, including prerequisites such as audit enablement, device onboarding, and Purview extension deployment. – Understand licensing requirements, including E5 Compliance and role-based access controls for policy configuration and monitoring. – Monitor Copilot and third-party AI usage trends, track sensitive and labelled data shared with AI apps, and investigate insider risks and external access scenarios. – Use Activity Explorer to see who is using which AI app and for what purpose, and review Copilot prompts and responses for compliance. – Leverage DLP triggers and analytics to refine your policies and respond quickly to potential data loss incidents. This session is designed for those responsible for data security, compliance, and governance in Microsoft 365 environments. You’ll leave with actionable advice to secure your organisation’s AI adoption, maintain regulatory compliance, and empower users—while keeping sensitive data protected. 🔐 Take control of your AI landscape. 📊 Monitor usage. ✅ Protect your data. Don’t miss this essential guide to managing AI risk in the modern workplace—download, share, and join the conversation!
Managing Microsoft 365 Copilot and Third-Party Generative AI: Securing Data, Monitoring Usage, and Mitigating Risks with Purview and Defender
- 1. Managing Microsoft 365 Copilot& Third-Party Generative AI Usage with Purview and Defender Nikki Chapple | MVP
- 2. About Me Nikki Chapple Expertin Microsoft 365 & Purview NikkiChapple.com All Things M365 Compliance Video Podcast
- 3. Agenda • How dowe assess which Gen AI Apps are risky? • How can we find out what Gen AI Apps are used? • How can we block access to unwanted Gen AI apps? • How do we keep track of new Gen AI Apps? Part A Defender for Cloud Apps • How can I track our Gen AI Usage? • Can I see what sensitive data is shared with Gen AI Apps? • Can I see who is using which Gen AI App and for what purpose? Part B Data Security Management for AI
- 4. The Issue of AIusers are bringing their own AI tools to work AI at Work Is Here. Now Comes the Hard Part - 2024 Work Trend Index Annual Report
- 5.
- 6. How do weassess which Gen AI Apps are risky? Defender for Cloud Apps > Cloud App Catalog
- 7. View Gen AIApp Catalog 1123 Apps
- 9. Assess the riskof an App
- 14. How can wefind out what Gen AI Apps are used? Defender for Cloud Apps > Cloud Discovery
- 15. Discover what GenAi Apps are being used
- 19. How can weblock access to unwanted Gen AI apps?
- 21. Sync Unsanctioned Appsto Defender for Endpoint
- 22. Block URLs onManaged Devices
- 23. Get Notified ofNew apps
- 24. How do wekeep track of new Gen AI Apps? Defender for Cloud Apps > Policy Management
- 27.
- 28. Prerequisites Audit enabled Devices onboarded Purview Extension deployed Licensing E5Compliance Copilot licenses not required Configuration eDLP Polices IRM policies (optional) RBAC Compliance Admin – configure policies Security reader – view IRM – view Risky user info Set Up
- 29. How can Itrack our Gen AI Usage? Data Security Posture Management for AI
- 30.
- 32. View 3rd PartyGen AI Usage
- 33.
- 34. Can I seewhat sensitive data is shared with Gen AI Apps?
- 35. View your customSITs Track Sensitive data
- 36.
- 37.
- 40. Can I seewho is using which Gen AI App and for what purpose? DSPM for AI > Activity Explorer
- 42. View Copilot Prompt& Response
- 44. Who is accessingwhich App
- 45.
- 46.
- 47. Summary • How toassess which Gen AI Apps are risky • How to find out what Gen AI Apps are used • How to block access to unwanted Gen AI apps • How to keep track of new Gen AI Apps Part A Defender for Cloud Apps • How to track our Gen AI Usage • See what sensitive data is shared with Gen AI Apps • See who is using which Gen AI App and for what purpose Part B Data Security Management for AI
- 48.
- 49. Thank you tothis year’s Sponsors