Skip to main content
  • EN

QeQwdTLBzLBJTJlsjNlbBMuk8MoXORhV2RvCO9AKks7RpfgqzePdyg15djPkxrNr9t3LxFskXI9qX2HzwH7-2gn8v38CBGIglU19kNfRIplCA6XlsKiVB7hYYFSsasQ4DmcfhKAM-KMmOvuX9n2f-w8

Netskope Global Technical Success (GTS)

Microsoft Copilot - A few use cases

 

Netskope Cloud Version - 120

 

Objective

Netskope's current abilities to regulate access to Microsoft Copilot

 

Prerequisite

Netskope CASB Inline license is required

 

Context

In this knowledge base article, we'll explore Netskope's capabilities and limitations regarding Microsoft Copilot. We'll examine various use cases to provide insights into both its capabilities and constraints.

 

Do You Know?

  • Fact 1 - Microsoft Copilot can be accessed through various channels, with the most common ones being through 
  1. Bing - https://www.bing.com/
  2. Microsoft Copilot - https://copilot.microsoft.com/

 

Bing

O36nThTEpuyR2a78hcPnEZyv-6ieUmjcsp-8bDsudkn4OWJmktDcXRm7uGNP-bzRpxUfq27vnorScZ43UFhUEy4FMYM2Tp3L7O7UsVvTbXyRvjMU65LcOutel9VffffqlM1j7niOapOygQakbF7yrZ4

 

FusjDaYMt16pIDm5g0sp9CSaL3m6DmmWaFohnJzF6bZ_ebHNvxfLvrYjmiUVfqyBtDIqBFSZ-icGkuzgU4_FD0e-6eRs8EC3_akhU4t6_VT67SWqedshUTIDXkaX01zDEkEyjTml4xsR5K7v8iIKs_8

 

Microsoft Copilot

HHR4hrc3--xyKzxyYDKHJjoWrEP3fYA_EvPAd8wyJRmz-D-dHrfs7lOWf0z4Xh91-icxXNaFlK0VWpQZtVIK683iS9KUsyNc2q04dJxRzC5_4-Uv-EGN3RAyaSfYrh51tAF9IUWGsWlVFGCgYVYOYKc

 

  • Fact 2 - End-users are not required to sign in to utilize the Copilot AI.
  • Fact 3 - Copilot application utilizes the WebSocket protocol for communication

irw6ZWewqrUoc-yEF6VxtzbBmE6Or23WZVH-HfTlaiq44a-1SLsT5NA_J06kJANE3KPRsiEpAq3eagYE3qwps3Q3-pjsmma6EhL_3AQequ1DbAcc_zatMuDQaZcIYGBr5LMh-UPFZM8Xd2fT1F4CZbI

 

Y6GWrbraiVxvLPiM6zfo5w5E9ZPSZ0acGLKaD4aXIV6wx6rtatsatbtTG-RKuYAEC9HIJWL56QagVg5MG5_jA281yyw4ChojLjhWEVk0eG3hBjRO0bVRnsvH0uc38X6oApzBWm-Lx5cSximOsiE5SxU

******************************************************************************************************

Note: - Netskope has the capability to apply below use-cases to Microsoft Copilot. Recently, Microsoft changed the domains for Copilot, and Netskope engineering team is currently updating the pre-defined cloud app connector to accommodate these changes. Until the app connector is updated, please note that the below use-cases for Microsoft Copilot may be affected. Netskope GTS team will update this KB article once the necessary updates to the Microsoft Copilot connector are complete.

Thank you for your understanding.

******************************************************************************************************

___________________________________________________________________________________________________

 

Use Case - 1

  • To prevent end-users from accessing Copilot via Bing or Microsoft Copilot

Solution - Block Websocket Protocol

 

Step 1 - Http Header

Path: Netskope Tenant UI >>> Policies >>> Profiles >>> HTTP Header

AD_4nXf33yjw8-V4Pz2O4Csvwx_oJMAG6vjlEt0oBnRpnrMNlodfSBwNsQFGvwc9XH9PdTTde1CxVnXT0FgewHiNxRm5NKjNH29OyAOc-TaOHtTSUBJ1zbgb5KefofVjsosF65r4x3bZRC3XhZhkIoba2kttbdY8?key=ETv_y0VXMlZVSPD_aXDvNQ

Step 2 - Realtime protection policy

Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy

 

DS0HBwvl6h06P1tSpmGHMOrMu5MsoLN32oaw2zWGnmpwkkzfBYg6HGKY0ELnjHDE36cD-GwCJZnVSZdsD0jZkRRyC2WwZtQpY31dYUTfBZDA0ZbXDEFOAoui285dcnTEo2-S1i-gPI1Voykg-SRd8h8

 

Verification

Bing

pjMc4Y8c1AkJtTQ-dBNejBb_tOLPfpCEFKYEpsCqVEcFFWkHh3it7khJQdl3BuC91T1QcTf9F8etRcSPFfTEPUndHlbk8fjFkbg5W6GrdKpfL2xOCYRd4iyzDTE-3X5qpWNku0E7ePG-h5lUhZSqxq8

 

Microsoft Copilot

2o15Vp6Z3lm5r5r3if2-46I75Gj903IEZND4oZTjN7iGDhZB7mH1LD3ID3pw6ZtpQfEcskrxlJsthp1za0WDqFVXaD2YjOFX1W3TfYZJgeIQhRbwzuGSD8U1mDoTA4JI-QDz7QnHrrbGqSkeIoJciYI

 

___________________________________________________________________________________________________

 

Use Case - 2

  • Can we implement Data Loss Prevention (DLP) measures on Microsoft Copilot?

Solution - Yes, Netskope enables you to configure DLP, but there are certain prerequisites that need to be met.

  1. Copilot uses WebSockets for communication when sending queries to the server. Data within WebSockets will be analyzed only if the user has a DLP policy in place.
  2. Until a DLP policy is implemented, there won't be any Post activity events recorded.
  3. Additionally, a backend flag, "WebSocket," must be enabled on your Netskope Tenant.

 

DLP Profile - Detect the keyword ‘PAN’

vWFGIj_13Sb2Vk8z14hxJ27QSVBYiJJUPccqOTPPcuEQsgBEp1Nxq-bFymqkXKzkrVvHFXOoJ7v1_VdrLHBlzsd8_n7aWcW4qMC0UOa35d0hjD5sYd6pMboi75wVr6iPmGDNqGzm6NL8oU-GYxVjpMg

 

Verification

b7-WrOYTY7aoZ7Fxz7hkVtJVwnHy5eV4-zbW9qzcrB6EoDL1kRuws7clU07vSqHnF4X4S69yg_35964GK--XafQAlcgfeyzXb-GPd1I3W8pUeXfKl8oFfi8_y6JTmObtz5K4HbthmOQ0JX0L_aV5G00

 

___________________________________________________________________________________________________

 

Use Case - 3

  • Is it possible to limit Microsoft Copilot logins to specific domains?

Solution - Yes

For Example - My corporate domain is - Outlook.com

 

Step 1 - Constraints

Path: Netskope Tenant UI >>> Policies >>> Profiles >>> Constraints

pewFU75Td86XGjVElh2Fy1nCn-HZoHO29MfW0jPs5RAjtzgN3qh4D8DeqgHtHwsrzEcryKVZig87rcrd69ZS7mb71pfgmJnJxzXkrDqK4j-VOdjk-p5iXegMqA3eKMiZNndWkKEoOntqeZTvKsU4P9A

 

Step 2 - Realtime protection policy

Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy

ckpDm3uXsJWS8IKTaj2s4x0orA_-LPg22RxUMCNXtFjw9f6V2GOIzbxedt7E5FYSW4DoQsQdMYt_h3wGWFcSzJtoZ-s0dfdFPuntbrjTyBWnxOFBQg4X9huA_XJoRrtERfPMU-j-GNyIzNvODnDlx3Q

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
Terms & ConditionsCookie settings