Skip to main content
  • EN

Has anyone been successful in making the DLP work while using preview Copilot in the Windows 11? I don’t see the traffic alerts/page events in the SkopeIT. My assumption is it is using msedgewebview2.exe websocket which means Netskope is not capable of doing MiM inspection?

 

Thanks.

This is also something I’ve been looking to understand as well. @11qwerty22, are you getting any DLP detects when using Copilot? I have not had any luck, and recently stumbled on the fact that WSS might be the reason.

I’ve opened a support case in hopes they can clarify, but curious on others experiences.

I opened a tech support case, my deployment engineer got back to me to confirm that MS Copilot uses Websocket as I suspected. No DLP alerts are working for me at the moment.

 

In order to detect activities, a feature flag for Websocket will need to be enabled on my tenant (global setting). I haven’t had a chance to play around with it, but I assume it will work the same way as MS Teams.

Besides MS Copilot, the feature flag will enable Slack, MS Onedrive and Bing activities.

@11qwerty22 hey thanks for the follow up and good to know there is a likely positive direction for this. Why this isn’t turned on by default is beyond me. We recently discovered that HTTP2 is a flag that is not enabled by default either. Quite annoying.

Update: Copilot (preview) for Enterprise comes with 2 versions: ‘web’ and ‘work’. The web DLP works since it uses Bing. The work one is a different story. No DLP detections work for this one. I have a pending case reviewing the issue.

Hi @k4zi & @11qwerty22 ,

 

Our team has published and article on Microsoft Copilot

I hope this helps

Thank you

Rohit, thanks for the link.

If Copilot uses Websockets and I have a global Websockets drop policy per your company’s best practices guide, which domain(s) I need to add to the exception list for Enterprise Copilot (preview) to work with DLP in Win11? 

For ex., I have the following:

for teams, *.teams.microsoft.com

for Bing/Copilot, substrate.office.com and sydney.bing.com

I added copilot.microsoft.com to the exception list, now the SkopeIT Page events show that I browsed to the application ‘MS Copilot’. I have a coaching message about Generative AI for Browse/Login, which works. However, none of the DLP rules work for enterprise/Work version of the Copilot. The activity as ‘Post’ doesn’t get detected.

Checking the session in Developer Tools, I noticed augloop.svc.cloud.microsoft also uses WSS. I added it as well. Same result. 

 

Appreciate any advice!

Reply


Terms & ConditionsCookie settings