And Didn’t Reveal Much Apart from Microsoft 365 Copilot Licensing and The Need to Use Monarch
Updated 4 July 2023
Buoyed by the need to say something about Microsoft 365 Copilot to span the relative silence since the March 16 launch, Microsoft issued message center notification MC600245 and a Microsoft Technical Community post on June 21. Neither proved to be of much value in terms of helping customers understand some of the fundamental issues surrounding practical use of Microsoft 365 Copilot. Here’s what I learned.
Microsoft 365 Copilot Licensing
Microsoft says that enterprise users will need Microsoft 365 E3 or Microsoft 365 E5 licenses to use Copilot. SME customers are eligible with Microsoft 365 Business Standard or Business Premium licenses. Eligible is a big word here. My reading is that these accounts will be eligible to buy Copilot for some unknown cost. With stunning insight, Microsoft also tells us that Copilot users will need an Azure AD account and use the Current Channel or the Monthly Enterprise Channel for the Office subscription apps. I’m not sure if any Microsoft 365 user can get away without having an Azure AD account, but there you are.
Going from Office 365 E3 ($23/month) to Microsoft 365 E3 ($36) is a big uplift to become eligible to use functionality whose worth is still unproven. At list prices, a 10,000-user organization would need to pay Microsoft an extra $1.5 million annually just to move to Microsoft 365 before factoring in the cost of any add-ons. That’s a lot to help people write better emails or gain assistance in producing progress reports.
Although Microsoft hasn’t said that they will make a Copilot add-on for other licenses, it would not surprise me if such an add-on appeared to allow Microsoft to sell more Copilot into their installed base. We’ll know more about the true cost of deploying Microsoft 365 Copilot when the software reaches public preview.
Microsoft 365 Copilot Technical Requirements
Microsoft says that Copilot customers should pay attention to their network. I can’t imagine that any organization considering using something like Copilot that depends on fast access to services like Exchange Online, SharePoint Online, and OneDrive for Business via Graph API requests hasn’t optimized their network for Microsoft 365 access. If you’ve not got around to network optimization, Microsoft has some advice about how to bring traffic from your network to Microsoft’s datacenter network. Once the bits arrive there, they travel via dark fiber to their destination.
Don’t expect to use Copilot offline. Although it’s possible to copy large quantities of data locally with the OneDrive sync client, Copilot can’t work without access to Azure services.
Microsoft points out the need for WebSockets connections and that customers must enable plug-ins for Teams. The pointer here is to Teams application policies, which I think means that organizations will need to enable a Copilot app for Teams.
At this point in the evolution of Microsoft 365/Office 365, the advice is very much in the motherhood and apple pie category. What’s more interesting is the information on the Getting Started with Microsoft 365 Copilot page, where we discover that “For seamless integration of Microsoft 365 Copilot with Outlook, you are required to use the new Outlook for Windows, currently in preview.” In other words, the current Outlook desktop versions are not getting Copilot. Instead, Microsoft will use Copilot to help the adoption of the Outlook Monarch client.
Microsoft can justify this approach by pointing out that their Outlook development efforts are centered on Monarch and that it doesn’t make sense for them to invest in bringing Copilot for Windows 365 to the older Outlook desktop generation. However, that ignores the simple fact that many corporate users of the type that might use Copilot are heavily invested in Outlook desktops. It also contradicts the assertion in the Microsoft Technical Community post that Microsoft 365 apps are needed for Copilot, unless Monarch (still a preview app) is counted in that category.
When it comes to Teams, Copilot supports both the old and new 2.1 client. Although that seems like yet another contradiction, I think the transition from the old Teams client to the new will be much faster than the experience to date with Outlook.
Oversharing
Perhaps with an eye to what happened following the introduction of the Delve app when many organizations discovered that the sharing controls applied to SharePoint Online sites weren’t quite as good as they should be, Microsoft suggests that potential Copilot customers pay attention to oversharing.
To help, Microsoft points to some recent developments for SharePoint Online. The Syntex-SharePoint Advanced management license is available to enable functionality like restricting access to a SharePoint site to members of a designated group, but some of the other functionality mentioned won’t appear until the second half of 2023.
The point here is that when Copilot for Microsoft 365 looks for information that might help it respond to a user request, it assumes that it can use any information the user can access in OneDrive for Business and SharePoint Online. That’s reasonable, and problems might only happen when Copilot inadvertently discloses sensitive information by including it in the response it delivers to the user.
Of course, it’s the user’s responsibility to check everything that Copilot generates to make sure that the information is accurate (artificial intelligence does get things wrong, aka “hallucinations”), pertinent, and usable. Sensitive information might not be usable. But people can get lazy, and if they get into the habit of depending on artificial intelligence to do their work, they might just accept whatever Copilot generates without thinking too much about what’s in the text. And if that content is overshared, who’s to blame? In all fairness, blame must accrue to the user, but the user will blame the technology.
Still, Many Questions to Answer
Microsoft does its best to reduce customer anxieties about questions like security, compliance, and data residence by saying “Microsoft 365 Copilot follows these foundational principles: built on Microsoft’s comprehensive approach to security, compliance, and privacy; architected to protect tenant, group, and individual data; and committed to responsible AI.”
They point out that Microsoft 365 Copilot does not use OpenAI’s public services and emphasize that Azure OpenAI services handle processing of user requests. No customer data is written outside the boundary of the user’s home region (no details exist on how this functions for multi-geo tenants). The note that “Copilot LLM calls are routed to the closest datacenters in the regions but can call into other regions where capacity is available during periods of high utilization” could cause some concern for customers with strict in-country processing requirements.
All of this is written without hard practical knowledge of Microsoft 365 Copilot in action. In summary, what we know so far is this:
- Microsoft 365 Copilot will cost extra ($30/user per month) and you’ll need eligible licenses to run it. The eligible licenses are Microsoft 365 E3 and E5 for enterprise customers and Microsoft 365 Business Standard and Business Premium for SME customers.
- Copilot works best when it has access to “abundant data in Microsoft 365.” In other words, if user data is in Exchange Online, SharePoint Online, OneDrive for Business, and Teams, Copilot can generate better answers because it has more information to base those responses on.
- Copilot doesn’t work offline. It’s going to need fast low-latency access to the sources it uses to process data and make its recommendations.
- Copilot requires Microsoft 365 apps for enterprise and the latest Teams client. I assume this includes the Office online apps. The insistence on the Monarch client is an unpleasant surprise.
- Exact details of Copilot processing remain to be seen in different circumstances, such as in-country regions and multi-geo tenants.
- Details of how tenants manage day-to-day management, audit logging, analysis of Copilot activity, and so on are unavailable.
- The ethical and HR issues involved in Copilot, like how to deal with co-workers who depend heavily on Copilot and don’t add much, if any value afterward, remain unaddressed.
In other words, some more information is available, but not enough to be able to say that sufficient exists yet to allow customers to be truly prepared.
Cybersecurity Risk Management for Active Directory
Discover how to prevent and recover from AD attacks through these Cybersecurity Risk Management Solutions.
This was great thank You! I totally resonate with everything. Please keep us updated!