Netskope Global Technical Success (GTS)
Microsoft Copilot - A few use cases
Netskope Cloud Version - 120
Objective
Netskope's current abilities to regulate access to Microsoft Copilot
Prerequisite
Netskope CASB Inline license is required
Context
In this knowledge base article, we'll explore Netskope's capabilities and limitations regarding Microsoft Copilot. We'll examine various use cases to provide insights into both its capabilities and constraints.
Do You Know?
- Fact 1 - Microsoft Copilot can be accessed through various channels, with the most common ones being through
- Bing - https://www.bing.com/
- Microsoft Copilot - https://copilot.microsoft.com/
Bing
Microsoft Copilot
- Fact 2 - End-users are not required to sign in to utilize the Copilot AI.
- Fact 3 - Copilot application utilizes the WebSocket protocol for communication
******************************************************************************************************
Note: - Netskope has the capability to apply below use-cases to Microsoft Copilot. Recently, Microsoft changed the domains for Copilot, and Netskope engineering team is currently updating the pre-defined cloud app connector to accommodate these changes. Until the app connector is updated, please note that the below use-cases for Microsoft Copilot may be affected. Netskope GTS team will update this KB article once the necessary updates to the Microsoft Copilot connector are complete.
Thank you for your understanding.
******************************************************************************************************
___________________________________________________________________________________________________
Use Case - 1
- To prevent end-users from accessing Copilot via Bing or Microsoft Copilot
Solution - Block Websocket Protocol
Step 1 - Http Header
Path: Netskope Tenant UI >>> Policies >>> Profiles >>> HTTP Header
Step 2 - Realtime protection policy
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy
Verification
Bing
Microsoft Copilot
___________________________________________________________________________________________________
Use Case - 2
- Can we implement Data Loss Prevention (DLP) measures on Microsoft Copilot?
Solution - Yes, Netskope enables you to configure DLP, but there are certain prerequisites that need to be met.
- Copilot uses WebSockets for communication when sending queries to the server. Data within WebSockets will be analyzed only if the user has a DLP policy in place.
- Until a DLP policy is implemented, there won't be any Post activity events recorded.
- Additionally, a backend flag, "WebSocket," must be enabled on your Netskope Tenant.
DLP Profile - Detect the keyword ‘PAN’
Verification
___________________________________________________________________________________________________
Use Case - 3
- Is it possible to limit Microsoft Copilot logins to specific domains?
Solution - Yes
For Example - My corporate domain is - Outlook.com
Step 1 - Constraints
Path: Netskope Tenant UI >>> Policies >>> Profiles >>> Constraints
Step 2 - Realtime protection policy
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.