Microsoft Enables Shadow IT By Letting People Sneak Their Personal Copilot Into Work

Welcome To Your Client’s Nightmare

There has been a new and frustrating challenge for IT teams that just got worse, trying to prevent LLMs from stealing proprietary data.  The easy part is setting up a firewalled version of an LLM that employees can utilize without fear of proprietary data ending up where it shouldn’t.  The hard part is keeping those employees from using a random LLM which will happily harvest and share company and client data with anyone who asks for it.  Microsoft have made this quite difficult, by shoehorning Copilot into everything and forcing admins to find ways to block it on their systems.  Since Microsoft keeps coming up with new products, the challenge changes almost daily.

This has apparently annoyed Redmond and they have found yet another way to sneak Copilot into your environment so it can innocently harvest data it has no businesses sharing.  If an employee has a personal O359 account they will now be able use both personal and work accounts and now can “use Copilot features from their personal plan.”  This can be blocked, but you first need to realize it is happening and then figure out where the options to disable personal Copilot are hidden.

Microsoft of course claims that no data will be exfiltrated and that any and all prompts your users enter can be captured by IT.  They also don’t see how this could possibly upset the competition, who are also being blocked by businesses and don’t have a way to sneak their LLM past the defences IT has erected.  Sysadmins should be unimpressed by Microsoft’s Copilot Trojan horse and the fact they decided this was a good idea in the first place.