Atech Case Studies

Copilot for Microsoft 365 Zero Trust essentials

Posted on March 28, 2024

Estimated reading time 3 minutes

Are your teams overwhelmed with manual, repetitive tasks? Are they struggling to manage their workload amidst overflowing inboxes, incomprehensible spreadsheets and constantly playing catch-up in meetings?

Microsoft 365 Copilot delivers a game-changing solution for boosting productivity, creativity and decision-making. Powered by the latest Generative AI technologies, Copilot for Microsoft 365 can summarise meetings, generate reports and craft compelling presentations effortlessly.

However, many organisations are hesitant to pull the trigger on full-scale Copilot adoption as they fear their data may be misused or fall into the wrong hands.

But fear not, because in our latest webinar, Atech’s Elaine Riley (Microsoft Go-to-Market Lead), joined by Rob Metcalf (Atech Head of Cloud) and Microsoft Security Specialist, Eoin Fahy, explain how implementing Zero Trust Essentials facilitates a smooth and secure Copilot launch.

You can watch a recap of the full webinar here, or read on to see four key takeaways from the presentation.

1. Evaluate the Copilot for Microsoft 365 use cases carefully

Elaine opened the webinar with an overview of Microsoft 365 Copilot’s capabilities and tips for demonstrating ROI. In last week’s webinar, we explored building the business case for Copilot adoption in more detail (see a recap of the presentation here or watch the replay).

In summary, we recommend:

  • Defining your organisation’s objectives and end goals for Copilot adoption.
  • Understanding each department’s needs by trialing Copilot with five to ten users.
  • Determining specific use cases by setting benchmarks and using Microsoft’s research and Viva Insights resources to measure Microsoft 365 Copilot success.


2. Your Copilot success is only as good as the security that underpins it

Microsoft ensures the security of its tools and doesn’t share your data to train its AI learning models. However, Eion emphasised that you must manage access, protect your data and enforce AI use policies.

He outlined four steps to maintaining Zero Trust foundations for effective Copilot for Microsoft 365 usage, including:

Manage overprivileged and risky users with identity and access management: This may include employees who have been promoted or transferred offices. Establish managed corporate identities with multi-factor authentication, conditional access controls, and regular activity monitoring.

Mitigate device risk with Unified Endpoint Management: Implement app protection policies for all devices and restrict actions users can take on personal devices, such as copying company information into non-work apps. Also, wipe all content if a device is lost, stolen or no longer in use.

Secure and govern data in Copilot interactions: Leverage Restricted SharePoint Search during your pilot phase to control access to predetermined repositories while organising your data for border use. Eion highlights that this approach is not scalable and, therefore, not recommended for use after the pilot stage. Check your Microsoft license, as E5 subscribers can automate sensitivity labelling and access advanced data security and compliance controls to help detect risky usage patterns.

Discover and control AI apps: Use AI Hub in Microsoft Purview to monitor how your employees use third-party Gen AI apps, and restrict access when needed to prevent data loss.

Completing these vital steps will ensure you’re adhering to the Zero Trust principles of least privilege access, assuming a breach is always possible, and explicitly verifying who can consume specific data at any given time. These principles prevent bad actors from gaining access to your data and users from inadvertently oversharing sensitive information.

3. Atech’s Zero Trust journey to Microsoft 365 Copilot adoption

Rob revealed key Zero Trust steps for deploying and validating Copilot within your Microsoft 365 tenant, including:

Identity and access policies: Prevent bad actors from gaining system access by using strong authentication methods, Conditional Access and tools such as Entra Password and ID Protection, as well as Privileged Identity Management (PIM).

App protection policies: Ensure your data remains safe or contained within a managed app by using Intune App Protection Policies (APP) and Conditional Access for policy enforcement. This will create a wall between your data and users’ personal data and limit the potential blast radius of an attacker using a breached device.

Device management and protection: Enroll devices in Microsoft Intune with health and compliance checks. This will prevent bad actors from compromising devices to access your Copilot. Use Defender for Endpoint for continuous device monitoring.

Threat protection services: Detect and respond to incidents rapidly with Microsoft’s comprehensive suite of threat protection products, including Defender for Office, Endpoint, Cloud Apps, Identity and Microsoft Sentinel. This will prevent common email or device-based attacks.

Secure external collaboration and Microsoft Teams: Review your environment to ensure appropriate protections for sharing files with people outside your organisation. This includes securing Teams for highly sensitive data, verifying users explicitly, and adhering to the principle of least privileged access.

Minimise user access permissions to data: Implement Just Enough Access (JEA) controls, so users get enough information to do their jobs and more. Conduct a SharePoint permissions review and use Restricted SharePoint Search (available from April 2024).

Data Protection: Implement data governance and protection controls using Microsoft Purview, incorporating sensitivity, loss prevention, and retention labels.

4. Launch your business to new heights with Microsoft 365 Copilot and Atech

Elaine concluded the presentation by reiterating the importance of taking a carefully-planned, phased approach to Copilot adoption to ensure all users can make the best use of its transformative tools.

We offer a comprehensive Copilot for Microsoft 365 Zero Trust Essential Service, which includes a discovery assessment workshop, training and change management support; plus, we help with the vital deployment and validation steps Rob mentioned above.

Schedule your Copilot Readiness Assessment today, or contact us to find out if you qualify for a Microsoft-funded engagement. We want to thank all our speakers and encourage you to sign up for our future webinars here.

How can we help?

As Microsoft accredited cloud service providers we’ve got the tools and talent to put the incredible potential of cloud technology at the heart of your operation.

Fill in the form to speak to one of our cloud consultants about your cloud project. Let’s get the conversation started.


    First name
    Last name