Installer Guides

MS Copilot

Connecting MS Copilot to LightBeam.

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data. LightBeam can also monitor the Copilot Conversations.

Integration of Copilot

LightBeam treats Microsoft Copilot as a first-class data source within its Spectra platform. This integration allows organizations to:

  • Ingest Copilot conversations across Teams, Copilot, and other Microsoft 365 services.

  • Scan prompts and responses for sensitive data such as PII, PHI, and financial identifiers.

  • Assign risk scores based on exposure severity (Low, Medium, High).

  • Provide administrators with visibility into how Copilot is being used across the organization.

  • Trigger remediation actions such as flagging, alerting, and generating compliance reports.

Through this integration, LightBeam bridges the productivity benefits of Microsoft Copilot with the security, governance, and compliance guardrails organizations need

Connecting the Copilot Data source with LightBeam

  1. To connect the Data source Log in to the LightBeam instance & open the Data Sources tab & Click on "Add Data Source" button at the top right side of the screen.

  2. Type "Copilot" in the search bar & click on the Copilot data source

  3. Add the basic details in the "Basic Details" tab

Data Source Name: This is the unique name given to the data source.

Description: This is an optional field needed to describe the use of this data source.

Primary Owner: Email address of the person responsible for this data source which will get alerts by default.

Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called entities. Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.

Source of Truth: LightBeam Spectra would have monitored data sources that contain data acting as a single point of truth and that can be used for looking up entities/attributes which help to identify if the other attributes/entities found in any other data source are accurate or not. A Source of Truth data set would create entities based on the attributes found in the data.

Location: The location of the data source.

Purpose: The purpose of the data being collected/processed.

Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

  1. In the Connection tab add the three parameters client id, tenant id & client secret & click "Test Connection" if the connection is established then click the Next button.

Connection Details

Client Id: It refers to the unique identifier assigned to the Azure portal application that is used for integrating LightBeam with the Copilot data source. It is generated when you register an application in the Azure portal.

Client Secret Value: It is a confidential key or password associated with the Azure portal application. It is used to authenticate and authorize the application when accessing Copilot resources. The Client Secret Value is generated when you create a new client secret value in the Azure portal.

Scan Data: It refers to a configuration setting that determines the frequency at which the data from the Copilot data source is scanned or updated. In this case, it is mentioned as "10 Minutes", indicating that the data will be scanned or updated every 10 minutes.

Tenant Id: It is a unique identifier assigned to the Azure Active Directory (AAD) tenant associated with the organization. It represents the organization's directory or identity store in Azure AD. The Tenant Id is obtained from the Azure portal.

Status: It indicates if the current state of the integration between LightBeam and the Copilot data source is currently active or inactive.

  1. In the Scan setting tab, you can select the users for scanning or choose to select all users. you can search the user by adding the email id and also by group name. After that click on "Save" button and it will take you to the dashboard of the selected data source.

Now we are ready to browse through the onboarded Copilot datasource dashboard.

Copilot Dashboard:

The Dashboard can be edited or customized to select and deselect the widgets as per requirement. Following are the default widgets or components on the main dashboard which are all clickable and interactive:

  1. Overview : It shows the total users scanned & the status of the scan.

  2. Risk Score distribution:

    1. Risk Density: The percentage of sensitive objects relative to the total objects in a data source. This weight represents the concentration of sensitive objects within the data source. Low : < 10% Medium 10 - 40% & High > 40%

    2. Risk Score: The risk score is calculated by multiplying the occurrence of each attribute by its assigned risk weight, then adding these weights. The total score is capped at 100 to represent the maximum risk.

  3. Attributes distribution: All attributes and Attributes with High Sensitivity

  4. Live Data Discovery: Shows month wise and daily data that’s monitored on the data source.

  5. Entities: Shows the total no. of Entities in the data source along with those with risk.

  6. Policy / rule sets.

There are Four main tabs under the Copilot DS Conversation, Files, Entities & Attributes.

Conversations:

In the conversation tab it'll show the Card view of the users whos conversations are scanned by the app. In the cards it shows the total conversations of those users and total attributes, entities & Sensitive files detected in those conversations of each user.

Card view in the Conversation tab

In the list view it shows the details of the conversation like app type, number of attributes, name of user, Date & time of the conversation.

List view with details of all conversations

If you click on the conversation a new window is opened, where the details can be seen along with a preview of the messages as well as the attachment along with the option to toggle the sensitive data on or off.

Files

The LightBeam app not only scans the conversations but also is able to scan the attachments for any sensitive information like the PII data. In the "Files" Tab you can view all the files that has sensitive information.

Similar to conversations you can click on any file name to view the details of the file and a new window is opened. Also a link to open the file along with other important information like the total attributes, entities, file classification & the access of the file with all users. There's a preview tab which by default hides the sensitive data.

Details of the file

Entities

Shows name of entity, risk, number of attributes, no of objects & type of entity. Each entity is clickable. Filter possible based on risk “risk” & “No risk”. All the data can also be exported in excel as a /.csv file by clicking the "Export CSV" button.

Each Entity name is clickable which opens the details of that entity and shows the total attributes for that entity.

Attributes

The attributes tab shows the high risk attributes like Credit card, Driving license, SSN etc. By default the tab shows the card view but if toggled it shows the detailed view.

Default Card View
List View

Similar to files and entities each object is clickable and opens a new window and a detailed summary of the object is shown.

Appendix

Connect Copilot with LightBeam

LightBeam enables scanning of conversations done with Copilot for identifying PII information for which the copilot data source needs to be onboarded into the Lightbeam app. To connect the data source we need to follow two main steps in first we have to obtain three parameters: client id, Client Secret, Tenant id which are obtained only after creating an app in the MS Azure & the second one is to give the required permission to the api for scanning the copilot

First Step: Follow the steps to obtain the three parameters:

  1. Open MS Azure > Select "App Registrations" > Search for copilot

Fig. 1 App registration in MS Azure
Type Copilot in the serach bar

  1. Register "Copilot" app as shown below.

  1. Once the app is registered it will show you the Client id (Application id) & Tenant id (Directory id) as shown below

Shows the client id & Tenant id

  1. To obtain the client secret, navigate to "manage> Certificates & Secrets> "New Client Secret" and generate client secret as shown below. Select the expiry period for the client secret and click "Add"

We have obtained the three required information Client ID, Tenant ID, & Client Secret from this first step. move on to the next step.

Second Step: API permissions for LightBeam copilot app scanning

  1. Click on Add a permission and then Microsoft Graph

  1. Now click on Application permission

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

For any questions or suggestions, please get in touch with us at: [email protected]

PreviousMS OutlookNextDeveloper Tools

Last updated