CIO Talk: Copilots — Dive Right In … Or Wait?

Before joining Directions on Microsoft in 2020, Barry worked at Microsoft for 12 years in a variety of roles, including... more

The hype around all the Microsoft Copilots is truly deafening, and it’s hard to know what to make of it. They can write code, prose, do presentations, analyze security logs, write emails, all automagically, all on your behalf. Microsoft (admittedly anything but an objective commentator) boasts that 70 percent of Copilot users claimed to be more productive.

Are Copilots all they’re cracked up to be? Even here, gathered at the Round Table at lofty Directions on Microsoft headquarters, our analysts express a very diverse set of views ranging from “Copilots are just the next Siri/Cortana/Alexa” to “they’ll revolutionize computing.”

But as a prudent, risk-averse, and cost-conscious executive you’re probably wondering: just how much should you invest in technologies which, on the one hand, may provide remarkable advances in productivity, and on the other, like all new technologies, come with risks?

The Promise

It’s seductive, isn’t it? Just open up Microsoft Word and it’s ready to help you write (incidentally, I did not use Copilot to write this blog post, so you know). It’s almost undeniable that Copilots could, in the best case, “amplify” your employees’ activities, to use the words of OpenAI’s CEO Sam Altman.

At minimum, Copilots can give you and your users a head start in drafting and organizing content. (How many times have you sat in front of Outlook trying to organize your thoughts for that organization-wide email? Tell Copilot to do it!)

Eyes Wide Open, Look Before You Leap (Etc.)

No doubt at least some of your employees are asking for Copilot licenses, and with their “real” general availability, it’s as easy as throwing a switch in the Microsoft 365 portal.

Before you do though, consider a few things.

Analyze the costs. Copilots aren’t cheap. $30 per month per user. If you have, say, three thousand knowledge workers in your organization, that’s around a million dollars per year, which, frankly, you could use to hire 3-4 FTEs. What’s the better use of your budget?

Train your employees. Artificial intelligence can get things wrong (insist to ChatGPT that “3+4=8” and eventually it’ll agree with you). It can plagiarize. While Microsoft has stated that it will indemnify Copilot customers against lawsuits, this has yet to be tested in court.

I always advise organizations to treat AI like junior workers right out of college: you have to check their work! Don’t put GitHub Copilot code directly into production, proofread and verify text that Copilot for Word generates before putting it on your website, etc. Consider creating a requirement that employees take training before giving them Copilot licenses.

Prepare your data. A Microsoft employee I know once said half-jokingly, “don’t give Copilot to your SharePoint admin.” He had a point. Copilots can ingest organizational data (like documents in SharePoint, email in Exchange Online, and so on) to formulate answers. Therefore, your data must be properly protected — permissions assigned, tagged with sensitivity labels, encrypted if necessary, and so on — so that a user’s Copilot can only see the data it’s allowed to. Given all the documents, emails, spreadsheets, presentations, and so on your organization undoubtedly possesses, ensuring they’re all protected can be a very big, and possibly labor-intensive, deal. (Microsoft states that it does not use your data in public training sets.)

Get your risk management teams involved. Copilots open up new ways to create and access content which means that users can inadvertently violate policies – or the law. Consider an employee who, for example, asks a Copilot to write a step-by-step approach to selling stock during a quiet period, or an employee who, perhaps without thinking, includes Personally Identifiable Information (PII) in a prompt. Your compliance organization needs to know about that!

The good news here is that Microsoft has recently implemented a ton of new features in Purview, its regulatory compliance suite, to cover Copilot activities. But your teams need to know how to use these features (and if they’re enough for your requirements).

What’s CIO To Do?

As an executive, you want to get the most business value (with the least risk) for your investment. Planning your Copilot deployment can help you and your teams get the productivity advances Copilot promises while avoiding possible pitfalls. And helping your teams understand how Copilot can be best be used – for example (remember that training I mentioned before?), teaching them how to craft effective prompts – can jumpstart your deployments, and your productivity.

Bottom line: It’s early days for Copilot. There’s still a lot to learn. While the promise is huge, tread carefully.

I’d love to hear about your experiences: drop me a line at bbriggs@directionsonmicrosoft.com.