Zscalerのブログ
Zscalerの最新ブログ情報を受信
Microsoft Copilot Oversharing Data? Not Anymore. Meet Zscaler’s New Wizard
Microsoft Copilot is accelerating how people work in Microsoft 365—and it can accelerate exposure when access controls aren’t clean. Copilot runs on your existing permissions model, so if SharePoint, OneDrive, and Teams are over-permissioned, it can end up saying the quiet part out loud: surfacing sensitive data to underprivileged users through seemingly harmless prompts.
The good news: you don’t need to hit pause on Copilot to be safe. You need to be Copilot-ready—with a clear understanding of what data is exposed, why it’s exposed, and how to remediate it fast at scale.
That’s exactly where the Zscaler’s new Copilot Readiness Wizard adds value. But more on that later.
Ready for Copilot Readiness?
When it comes to Microsoft Copilot “readiness”, most discussions focus on licensing, user eligibility, and adoption. These are Important—but not where the try success of a deployment is.
True Copilot readiness is answering questions like the following, which challenges your data risk level:
- Which sensitive files in M365 are dangerously overshared?
- Which items are missing the sensitivity labels (or have the wrong ones)?
- How much exposure is driven by anonymous links, org-wide links, or broad collaborator access?
- Can we fix the issue across our tenant without weeks of manual effort?
- Can we reduce risk without slowing users down or creating an admin bottleneck?
As you can see, these force you to evaluate how overshared your data is (in the spirit of collaboration). A good readiness plan needs to ensure your Data Security approach can ace the test when it comes to the questions above.
Data Risk: Brought to you by Collaboration
The main challenge with collaboration is data security often takes a back seat to other approaches in the company that help drive productivity. So what collaboration approaches cause the most risk?
- “Everyone in the company” permissions to “keep things simple”
- Org-wide links used as a shortcut
- External sharing that persists long after a project ends
- SharePoint sites that evolve into de facto data lakes
But let’s be clear - these collaboration approaches in Copilot don't break security. It just makes the consequences of oversharing immediate. Put simply, Copilot Prompt helps everyone discover data quickly using semantic search.
The challenge becomes what Copilot can share in user prompts. Without the ability to clean up issues above, Copilot can over share sensitive data within user prompts when it isn’t appropriate - like company wide salary information, acquisitions plans, or customer level PII data. This type of data should be kept within a small, trusted circle—not repeated in responses prompts to underprivileged users.
Where Microsoft Purview Fits in
Microsoft Purview provides important building blocks for governing information access and classification in Microsoft 365. It’s also true that Copilot respects sensitivity labels and permissions. In other words, if a document is properly labeled and protected, Copilot will follow those rules.
The challenge is getting to “properly labeled and protected” across the dynamic insanity of a real-world M365 deployment
- Users often over share in the spirit of productivity and collaboration
- Labels are often applied inconsistently when done manually.
- Lack of auto-labeling capabilities, which are only available with E5 licensing.
- Rinse and repeat all bullets above thousands of times a day, when new data arrives.
Many teams then need a faster, more actionable path to reduce overexposure beyond what Purview can help with - especially when Copilot adoption accelerates.
Enter Zscaler Copilot Readiness Wizard
The Zscaler Copilot Readiness Wizard is built to help security and IT teams quickly understand whether Copilot could surface sensitive information—and to reduce that risk with targeted, scalable remediation.
It focuses on the practical realities of Copilot exposure:
- Sensitive data living in widely accessible locations
- Sharing links that got created and forgotten
- Large collaborator sets that ballooned over time
- Inconsistent labeling (or no labeling) across high-risk content
Most importantly, it’s designed to help you move from “insight” to “action” quickly—because the window between Copilot enablement and exposure discovery is often uncomfortably short.
Putting Copilot Readiness on Steroids
Here’s how the Zscaler Copilot Readiness Wizard can take traditional Purview approaches to the next level in order to help you control oversharing faster and smarter.
Get Actionable Exposure Visibility
Instead of simply “you have exposure,” you want to know how exposure happens. You can see:
- See Public/anonymous links
- See Internal/org-wide links
- Understand overly broad collaborator access (and how broad)
This granularity matters, because it changes the remediation strategy. A public link problem is different from a “1000+ collaborators” problem.
Understand Richer Context
Richer context for what’s overexposed provides valuable insights so security teams can prioritize what matters:
- Where sensitive info is overexposed
- Which content contains privacy identifiers?
- Where risk is concentrated so you can reduce it quickly
Deliver File-level remediation
With the ability to enable File-level remediation, you get better control over a small subset of high-value files. If remediation is only practical at the SharePoint site level, you can end up overcorrecting and disrupting business collaboration.
File-level action lets you be precise: Fix the risky files without breaking the entire site’s workflows.
Comparing Zscaler to Native Copilot Controls
So how does Zscaler's Copilot Readiness Wizard stack up to M365 native capabilities? The table below spells it out.
It’s important to note that Microsoft's Auto-labeling functionality comes at the E5 licensing level, where Zscaler’s approach can help you this achieve this key value-add functionality with only an E3 license.
Capability area | Microsoft Purview | Zscaler Copilot |
Auto-Labeling | Requires E5 license. With E3 license manual error-prone labeling required. | Enable with E3 license. Bulk actions across assets; apply MIP labels as part of remediation (position as operational efficiency) |
Remediation actions (examples) | Apply labels; restrict access to SharePoint sites | Apply MIP labels; remove sharing links/collaborators; quarantine; report incident |
Exposure visibility | Limited scope of visibility | In-depth insights across collaboration exposure: public links, internal links, and Collaboration sharing tiers (0-100, 100-1000, 1000+) |
Detection context | Focus on exposure + label-related views | Adds prioritization views (e.g., overexposed sensitive info; overexposed items matching DLP dictionaries) |
Reporting horizon | Often limited to short windows (e.g., 1 week in some views) | Longer lookback to spot patterns and regressions |
Dash boarding | Activity and assessment views within Purview experiences | Clear separation: readiness posture vs activity views (position as clarity + operational workflow) |
Bringing it all together
Copilot can be transformational—but only if your data permissions and protections are ready for a world where anyone can ask, “Show me everything about X.”
The Zscaler Copilot Readiness Wizard helps you quickly assess where Copilot could unintentionally surface sensitive information and gives you practical, file-level remediation paths to reduce risk without slowing the business down.
If you're ready to learn more about Zscaler, jump on over to our solution website, or schedule a demo to chat with us!
免責事項:このブログは、Zscalerが情報提供のみを目的として作成したものであり、「現状のまま」提供されています。記載された内容の正確性、完全性、信頼性については一切保証されません。Zscalerは、ブログ内の情報の誤りや欠如、またはその情報に基づいて行われるいかなる行為に関して一切の責任を負いません。また、ブログ内でリンクされているサードパーティーのWebサイトおよびリソースは、利便性のみを目的として提供されており、その内容や運用についても一切の責任を負いません。すべての内容は予告なく変更される場合があります。このブログにアクセスすることで、これらの条件に同意し、情報の確認および使用は自己責任で行うことを理解したものとみなされます。
