I'm exploring options for data loss prevention (DLP) solutions that could work between user workstations and AI engines, specifically CoPilot. I want to enable our employees to use AI for tasks like proofreading and data analysis while preventing them from accidentally entering sensitive information such as Social Security numbers, payment details, or other keywords that require protection. Is this the right approach, or am I missing something crucial?
5 Answers
Have you looked into Purview? It allows you to set up DLP policies for CoPilot, blocking access to documents with specific sensitivity labels. Plus, there's a public preview feature for communication compliance you might find useful.
Your strategy could work well with Purview for data classification and sensitivity. Also, consider using Microsoft Defender for Cloud Apps, which includes CoPilot in its scope. There's actually a skill test about preparing M365 for CoPilot that could provide some insights!
Just a heads-up: the chat is encrypted, so intercepting traffic can be tricky. Using tools like Defensx might help ensure that only corporate accounts access these AI services, mitigating risks with free versions.
Your approach sounds reasonable, but traditional DLP solutions mainly focus on preventing data leaks through channels like email or file sharing. For AI services, you might want to check out Microsoft Purview since you're considering CoPilot; it offers built-in protections for sensitive data. Another option is to use proxy solutions that can monitor API calls, though they can be somewhat imposing.
If you're using CoPilot with M365, you can rest easy knowing that enterprise data protection ensures none of your data is used to train or improve the LLM. That's a big plus!

How does Defensx enforce that?