In a previous article, I outline the security and data privacy risks related to Microsoft 365 Copilot. I also outlined some process definitions you should take to help protect your data before onboarding Copilot at scale. In this article, I break down the native security and compliance features that come part of the Business and Enterprise plans. I built this into a feature matrix that showcases the specific security and compliance features for Copilot. In this article, I also cover these features in a demo format from my YouTube channel.
Feature Matrix
I bucketized these into Data Protection and Access Controls to follow the CIS Controls. As you can see, Business Premium checks a decent amount of boxes across both categories. I think it is interesting it checks the same amount as M365 E3. Keep in mind, this matrix is really just looking in the lens of protecting data as it relates to Copilot. E3 has a ton of other features that I am not highlighting here. For the full breakdown, check out these resources from Microsoft:
E5 has one of the most important features which is Data Classification. This allows you to automatically discover and tag data within your entire organization based on common types of sensitive information such as PII, Credit cards, etc. as well as your own custom definitions. Trainable classifiers can be created against SharePoint repositories to discover new information you might want to protect was well. This is going to be out of reach for most of SMB so I think most businesses will turn to a 3rd party solution as part of an ongoing strategy to protect data.
This is another matrix I created to showcase potential add-ons for the business plans that might bridge the gap between E5, at a lower price point. Entra ID P2 and EMS + E5 can be bolted on to Business Standard and Business Premium. Combined, their costs would be lower than moving to E5. While you do get to check all the boxes in the Access Control section, there is limited additional capabilities as it relates to data protection. Auto-labeling with EMS+E5 would be the highlight.
Finally, there is a E5 Infromation Protection and Governance add-on that does not require an Enterprise license prerequisite. While only a subset of the features of E5 Compliance, it checks a ton of our data protection boxes and is only an additional $7/user/month which you could bolt on to BP. Other Enterprise considerations:
- E5 Compliance requires at least E3 base plan
- E3 + E5 Compliance combined is $9/user/month cheaper than moving to E5
Feature Demos
Check out a small demo of all of these features in my YouTube video:
Feature Resources:
- Securing data in an AI-first world with Microsoft Purview – Microsoft Community Hub
- Manage sharing settings for SharePoint and OneDrive in Microsoft 365 – SharePoint in Microsoft 365 | Microsoft Learn
- Sharing & permissions in the SharePoint modern experience – SharePoint in Microsoft 365 | Microsoft Learn
- Get started with trainable classifiers | Microsoft Learn
- Learn about data loss prevention | Microsoft Learn
- Data loss prevention and Microsoft Teams | Microsoft Learn
- Learn about Endpoint data loss prevention | Microsoft Learn
- Prevent data leak through web apps with Microsoft Purview Data Loss Prevention – Microsoft Community Hub
- eDiscovery Standard Vs Premium: Microsoft Purview eDiscovery solutions | Microsoft Learn
- The Next Era of eDiscovery: Embracing Advanced Capabilities for a Comprehensive Digital Landscape – Microsoft Community Hub
- Search for and delete Microsoft Copilot for Microsoft 365 data | Microsoft Learn
- Entra ID Governance Plans: Microsoft Entra ID Governance licensing fundamentals – Microsoft Entra ID Governance | Microsoft Learn
- Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite | Microsoft Security Blog
- Learn about retention for Microsoft Copilot for Microsoft 365 | Microsoft Learn
- Security for AI: Discover, protect, and prepare in the AI era (microsoft.com)
- What are lifecycle workflows? – Microsoft Entra ID Governance | Microsoft Learn
- What are access reviews? – Microsoft Entra – Microsoft Entra ID Governance | Microsoft Learn