Copilot Branding Applied Liberally Across All Product Announcements at Ignite 2024

I decided to stay away from the Ignite 2024 conference in Chicago this week. The monetary investment to fly to Chicago, stay in a hotel, meals, lost time, and the conference fee outweighed the potential return. I would have liked to meet up with people, but the cost to attend what’s essentially a marketing event was way too high.

What’s clear from the announcements made at Ignite is that Microsoft is heavily focused at recouping the massive investments they’ve made to build out the datacenter infrastructure to deliver artificial intelligence functionality. That’s understandable in light of quarterly investments of around $20 billion in hardware, software, and datacenter fabric. Another factor is the need to extract more revenue from the Microsoft 365 installed base to offset a slowing in the growth of overall user numbers.

A Slew of AI Announcements at Ignite 2024

The net result is a slew of announcements for AI-infused functionality helpfully captured in the Ignite 2024 “Book of News.” The online document mentions Copilot 259 times and AI 278 times, which is a clear statement of where Microsoft’s PR priorities lie.

The announcements range from general availability for features that are already shipping (like Agents in SharePoint Online) to some very interesting developments for Teams, like the ability for Copilot in Teams to analyze information shared on-screen during meetings. Another thing that seized my attention was how Copilot can schedule focus time or 1:1 meetings similar to the way that the now-defunct Cortana Scheduler attempted to help users select optimum meeting slots. The ability to have live translation for multilingual meetings (rather than just from a single language into other languages) should also be popular in multinational organizations.

A welcome development is the introduction of detection of prompt injection in Purview Communication Compliance. After researchers at Black Hat 2024 described some vulnerabilities in Microsoft 365 Copilot Chat, including prompt manipulation, Microsoft said that they had addressed the issue without giving details. Now, Communication Compliance will detect and report attempts to inject prompts to “elicit unauthorized behavior from the large language model (LLM).”

Restricting Access to Information

On the tenant administrative side, the work to help organizations restrict the ability of Microsoft 365 Copilot to process documents continues. For example, a new DLP rule condition based on the sensitivity label assigned to documents can prevent Copilot summarizing information from documents or using content from documents in its responses. On the downside, it’s unbelievable that Microsoft can justify calling one new rule condition “Microsoft Purview Data Loss Prevention for Microsoft 365 Copilot.”

At a broader scale, Restricted Content Discoverability (RCD) will stop Copilot accessing documents in sites on a deny list. RCD is a more sensible and scalable approach than the 100-curated site allow list implemented in Restricted SharePoint Search.

I was pleased to hear that Microsoft plans to make SharePoint Advanced Management (SAM) licenses available to tenants with Microsoft 365 Copilot. I called for this to happen in an October 3 post. It didn’t make sense to ask customers to pay the $3/user/month fee for SAM to control aspects of Microsoft 365 Copilot that they pay $30/user/month for. Apparently, the roll-out of SAM licenses to eligible tenants will happen in early 2025.

Also in SharePoint Online, a new sensitivity label option will extend SharePoint site permissions to downloaded documents. The new configuration handles situations like when a user loses access to a site, or a file is deleted from a site. In these situations, the sensitivity label will recognize that the situation for a document has changed and block access. To implement the protection, you’ll need both an E5 license (to set a default sensitivity label for the site) and a SAM license.

Conditional Access for Generative AI

Not to be outdone by announcements by other development groups, the Entra ID team released details of Protect AI with a Conditional Access Policy, which is all about limiting access to AI services like Microsoft 365 Copilot and Security Copilot through conditional access policies.

To make the block work, Microsoft asks tenants to create two service principals to represent the Enterprise Copilot Platform and Security Copilot apps. The service principals represent the instantiation of the apps used by Copilot within a tenant and allow conditional access policies to monitor connections to the apps (read this article to discover more about sign-in activity for service principals). Conditional access policies can apply restrictions to app connections like enforcing multifactor authentication (MFA) or a certain type of strength for multifactor authentication, like requiring the use of a FIDO2 key.

I created a conditional access policy to require MFA for Copilot. It works, but the user experience isn’t great. For instance, Figure 1 shows what the user sees when an account that doesn’t use MFA attempts to connect to Microsoft Copilot.

It seems like the user-facing experience doesn’t cope well with the error that results when the browser attempts to connect to the Enterprise Copilot Platform app. No doubt the chat client will get an update to resolve the problem.

Great Technology Revealed at Ignite 2024, But Someone’s Got to Pay

It’s great that Microsoft continues to push the boundaries of how AI can help Microsoft 365 tenants. However, we shouldn’t lose sight of the fact that Microsoft 365 Copilot is not ass widely used within the 400-million plus installed base of Office 365 paid seats. It’s definitely in Microsoft’s interest to convince more of that installed base to buy Copilot, but it would be nice if every new feature that arrives didn’t come with the requirement for a new license, license upgrade, or add-on.

Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365.