Monitor Microsoft 365 Copilot interactions with Communication Compliance
Microsoft Purview Communication Compliance is a tool within Microsoft Purview designed to help organizations monitor and manage various communication channels, including Microsoft Copilot. This solution helps identify and address potential issues in messages to ensure they meet organizational standards. It addresses the challenges of modern communication, such as the huge amount of message data and the diversity of channels like email, Microsoft Teams, and Microsoft 365 Copilot. With preset and custom policies, Communication Compliance plays a crucial role in maintaining compliance and reducing the risk of regulatory penalties, making it a valuable tool for organizations looking to protect its communication channels.
Communication Compliance policies for Microsoft 365 Copilot
Communication Compliance extends to Copilot interactions, enabling organizations to monitor and manage these AI-driven communications. To set up policies for Copilot, navigate to the Microsoft Purview compliance portal. Users with the Communication Compliance Admins role can create and manage policies, defining:
- The scope of communications and users under review.
- Custom conditions that the communications must meet.
- Who is responsible for conducting the reviews.
Microsoft Purview offers predefined policy templates, simplifying the creation of policies for common compliance scenarios. For Copilot interactions, you can use the Detect Microsoft 365 Copilot interactions template. Default configuration options for this template include:
- Location: Microsoft 365 Copilot
- Direction: Inbound, Outbound, Internal
- Review Percentage: 100%
- Conditions: No conditions are selected by default, but you must select at least one condition.
Communication compliance policies can be adjusted as needed but can't be renamed. Once policies are no longer needed, they should be deleted. Modifications to policies, including alert status and resolved items, can be exported to a CSV file for record-keeping.
Policies scan communications every 24 hours from their creation. For instance, if a policy is created at 11:00 AM, it gathers compliance signals daily at the same time. The Last policy scan column on the Policy page provides information about the last scan date and time. It might take up to 24 hours after creating a new policy to see the first policy scan data.
Manage Copilot interactions with Communication Compliance
Communication compliance supports Microsoft 365 Copilot, analyzing interactions (prompts and responses) entered into Copilot to detect inappropriate or risky interactions or sharing of confidential information.
For example, a marketing firm uses Copilot for creating social media content can use communication compliance policies to monitor for unintentional use of language that might be considered offensive or insensitive. This approach helps the firm quickly address and rectify potential issues to maintain its brand integrity.
Supported Copilot apps include:
- Teams (chats/channels/meetings) Copilot
- Word Copilot
- PowerPoint Copilot
- Excel Copilot
- OneNote Copilot
- Loop Copilot
- Whiteboard Copilot
- Microsoft 365 Chat in Teams
- Microsoft 365 Chat in Bing
Any prompt or response entered into a supported Copilot app that matches a communication compliance policy is displayed as a policy match on the Policies page on the Pending tab, with separate entries for prompts and responses. If only the prompt or only the response matches a policy, an item is created on the Pending tab just for that policy match. You can remediate policy matches for Copilot in the same way that you remediate any other policy match.
For each item on the Pending tab for Copilot policy matches, you find:
- Copilot icon: This icon (
) identifies the policy match as a Copilot interaction. - Subject column: The value in this column identifies the policy match as a Copilot interaction and lists the name of the app that was used. For example: Copilot in Excel.
- Sender column: Sender of the message. If the policy match is a response from Copilot, the value is Copilot.
- Recipient column: Recipients included in the message. If the policy match is a prompt to Copilot, the value is Copilot.
- Message text: The message text that the user entered (the text that caused the policy match) is shown on the right side of the screen in its entirety.
Learn more about Microsoft Purview support for Microsoft 365 Copilot
Prerequisites for setting up communication compliance policies
Before creating communication compliance policies for Microsoft Microsoft 365 Copilot, make sure your environment is ready with the required tools and permissions. Here are the prerequisites:
| Step | Description | Learn more |
|---|---|---|
| Understand communication compliance policies | Understand how communication compliance policies help you detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within your organization. | Learn about communication compliance |
| Check licensing requirements | Ensure you have the right Microsoft 365 E3/E5 licenses for Microsoft Purview Communication Compliance. | Microsoft Purview Communication Compliance service description |
| Enable permissions | There are six role groups that define initial permissions for communication compliance features. To access and configure these features in the Microsoft Purview Compliance Portal, you must be assigned to one of these roles or role groups. | Enable permissions for communication compliance |
| Enable the audit log | Communication compliance requires audit logs to show alerts and track remediation actions taken by reviewers. | Turn auditing on or off |
Create a communication compliance policy with the Detect Microsoft 365 Copilot interactions template
To create a communication compliance policy with the Detect Microsoft 365 Copilot interactions template in Microsoft Purview:
- Sign into the Microsoft Purview compliance portal using credentials for an admin account in your Microsoft 365 organization.
- In the Microsoft Purview compliance portal, select Communication compliance.
- Select the Policies tab.
- Select Create policy then select the Detect Microsoft 365 Copilot template.
- From the flyout page on the right, confirm or update the policy name. Policy names can't be changed once the policy is created.
- Choose the users or groups to apply the policy to, including the users or groups you'd like to exclude.
- Choose the reviewers for the policy. Reviewers are individual users, and all reviewers must have mailboxes hosted on Exchange Online. Reviewers added here are the reviewers that you can choose from when escalating an alert in the investigation and remediation workflow. When reviewers are added to a policy, they automatically receive an email message that notifies them of the assignment to the policy and provides links to information about the review process.
- Choose a limited condition field, usually a sensitive info type or keyword dictionary to apply to the policy.
Best practices for managing alerts in communication compliance
After configuring Microsoft Purview Communication Compliance, you might want to make adjustments to manage the volume of alerts that you receive. For best practices for managing alerts in communication compliance, see Best practices for managing the volume of alerts in communication compliance
Learn more
- Learn about communication compliance
- Detect channel signals with communication compliance
- Create and manage communication compliance policies