The roadmap item still shows the rollout of hold reports scheduled for November, but imagine my surprise on Friday when I saw a new “Dashboard” section in the left-hand menu, which included a link to Hold Reports:
Here’s why this is such a big problem. Microsoft recommends blocking Copilot from accessing sensitive information in emails, meetings, documents, and related content by assigning a label to those items and creating a DLP policy that defines the block. This bug renders the system unusable for the affected emails. You simply can’t provide a governance tool that doesn’t deliver the governance it claims to provide. It’s a bad look, Microsoft. It doesn’t help build customer trust.
No, Copilot did not make these emails public or access private information and make it non-private. It accessed information in response to your prompt that it should ignore. That creates a risk that many users might assume does not exist. That is a significant issue, but it’s not equivalent to a data breach. There is another check in place before data leaks out: the end user.
I want to be charitable and say that this doesn’t reek slightly of desperation, but is instead a strategic decision, possibly to be followed by a price increase next year. Or even that they are trying to lessen the confusion around the different versions of Copilot.
Then I counted the number of “Try Copilot Chat Now!” buttons on that page and immediately realized how desperate they are to get people to use Copilot.
I do appreciate that the water between the two tools is less muddy. It’s still not clear. There is still confusion among the average users, but it’s a little less murky. That’s a good thing.
There is more detail in the announcement above, but the bottom line is this. You can get Defender and a range of e5 Purview tools for an additional $15 USD per month per user. With Business Premium costing $22 per month per user when paid annually, that’s a significant savings over a full E5 license if you have fewer than 300 users.
One of the tools he mentions is the Audit log, and I agree. It can be difficult in SharePoint and OneDrive to determine who saw a document and who didn’t, because there are often so many changes being made at once. It’s easy to get lost in an avalanche of versions and permissions that leave doubt as to whether something was even shared with a user during the time in question.
That’s where the audit log comes in. However, just because events are logged doesn’t mean they will still be there months from now. If you’re in a highly litigious industry, the retention and preservation of audit log data might be something worth considering.
Reposts