Microsoft Copilot Security Assessment Overview

This document is a service brief detailing the Microsoft Copilot Security Assessment (MCPSA) provided by Optiv. It outlines the security challenges organizations face when enabling Microsoft 365 Copilot, particularly regarding data governance and access controls. The brief explains that Copilot can only access data that the end user has permission to view, which poses a challenge for security teams. The document describes the features of Microsoft Purview that assist with data governance, including data loss prevention and sensitivity labels. It also details how Optiv's security process involves stakeholder meetings and gap analyses against Microsoft best practices. The assessment reviews the hygiene of the Copilot platform and the maturity of security efforts, providing clarity to enterprise security teams. Furthermore, the brief discusses the option for ongoing support from Optiv to implement recommended security policies and controls, ensuring a proactive approach to cloud security.