Getting Your Business Ready for Microsoft 365 Copilot

Microsoft 365 Copilot is an AI-powered productivity tool that has been designed to help organisations and their staff work faster, smarter, and more creatively. The release date for non-enterprise customers is yet to be announced, but it is currently in the testing phase, so it is anticipated to be available at some point over 2024 for small-to-medium businesses.

In our latest tech focus article, Andy Turner, Security Lead at Nimbus Blue, shares his perspective on how Microsoft 365 Copilot works, what the main benefits are, and potential security risks to consider for your business.

Q: How does Microsoft 365 Copilot work?

Microsoft 365 Copilot uses large language models (LLMs) to understand your questions and generate relevant suggestions, insights, and content. It works with data in the Microsoft 365 apps that your company uses every day, such as Word, Excel, and Outlook, and uses this data to provide staff members with the answers, or information, that they have requested.”

Q: What are the main benefits of using Microsoft 365 Copilot?

“As an example of how LLMs can be used, we asked Bing Chat Enterprise, a close relative of Copilot, what the main benefits are, and some examples of what it can help with. Here’s what we got back on this:

  • Assistance with writing: Copilot can help you write emails, documents, and presentations by suggesting phrases, sentences, and even entire paragraphs based on your writing style and organisational data.
  • Assistance with scheduling: Copilot can help you schedule meetings by suggesting meeting times based on your calendar and the calendars of other attendees.
  • Assistance with research: Copilot can help you research topics by suggesting relevant articles, websites, and other resources based on your search queries and organisational data.


Q: Are there any security risks with using Microsoft 365 Copilot?

“Copilot uses all data available to the staff member that is logged into the Microsoft 365 service. Although this means that it won’t use anything that the user should not have access to, it does mean that if the access permissions for the data stored within Microsoft 365 (Outlook, SharePoint, Teams, OneDrive, etc.) are not correct, then it may turn up information that the staff member was unaware they had, or should have, access to.

Care must be taken when setting up new staff accounts or sharing data, as this may expose sensitive data to the wrong staff members.”

Q: What steps should businesses take to ensure Microsoft 365 Copilot is rolled out safely and securely?

The first step is to prepare an AI usage policy to govern the use of tools such as Copilot, and to ensure that staff use the tool to help with productivity in a manner that has been authorised by the company, as well as to adhere to any guidelines you set regarding the use of these tools and the data that may be fed into them.

The second step is to get all the relevant business data, which may be residing on legacy servers, into Microsoft 365 so that Copilot has access to the information it requires. Alongside this, staff permissions should be considered and implemented to ensure that no data is accessible by anyone that should not have access.

Once the above has been completed, a structured rollout, in addition to training, should be scheduled, and metrics put in place to determine the effectiveness of the tool.”

Q: Is there anything else useful to consider or know about Microsoft 365 Copilot?

“Copilot is not for every company – it may not be an appreciable ROI in terms of staff hours saved on research tasks, or you may not be a company that produces a lot of documentation that requires Copilot to assist with formatting and content.

The one point to consider is that if any of the use cases for Copilot would benefit your company, then it may be worth looking into further.”

If you need advice or support with your cybersecurity processes, or you need help to create an AI policy for your business, connect with our team to find out more. We’d be happy to discuss how we can help you to navigate the complexities of AI adoption and usage in your business.