This is also something I’ve been looking to understand as well.
I’ve opened a support case in hopes they can clarify, but curious on others experiences.
I opened a tech support case, my deployment engineer got back to me to confirm that MS Copilot uses Websocket as I suspected. No DLP alerts are working for me at the moment.
In order to detect activities, a feature flag for Websocket will need to be enabled on my tenant (global setting). I haven’t had a chance to play around with it, but I assume it will work the same way as MS Teams.
Besides MS Copilot, the feature flag will enable Slack, MS Onedrive and Bing activities.
Update: Copilot (preview) for Enterprise comes with 2 versions: ‘web’ and ‘work’. The web DLP works since it uses Bing. The work one is a different story. No DLP detections work for this one. I have a pending case reviewing the issue.
+20Hi
Our team has published and article on Microsoft Copilot
I hope this helps
Thank you
Rohit, thanks for the link.
If Copilot uses Websockets and I have a global Websockets drop policy per your company’s best practices guide, which domain(s) I need to add to the exception list for Enterprise Copilot (preview) to work with DLP in Win11?
For ex., I have the following:
for teams, *.teams.microsoft.com
for Bing/Copilot, substrate.office.com and sydney.bing.com
I added copilot.microsoft.com to the exception list, now the SkopeIT Page events show that I browsed to the application ‘MS Copilot’. I have a coaching message about Generative AI for Browse/Login, which works. However, none of the DLP rules work for enterprise/Work version of the Copilot. The activity as ‘Post’ doesn’t get detected.
Checking the session in Developer Tools, I noticed augloop.svc.cloud.microsoft also uses WSS. I added it as well. Same result.
Appreciate any advice!
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
