Enable commercial data protection in MS Copilot using EdgeSWG policy
Article ID: 282660
Updated On: 04-29-2024
Products
ProxySG Software - SGOS
ISG Proxy
Issue/Introduction
Administrators need to enable commercial data protection in MS Copilot for users signed in to Copilot with their eligible work or school account (Entra ID) using HTTP header option in EdgeSWG policy.
Microsoft has published general guidance on how to enable it in the article.
Resolution
To enable commercial data protection in MS Copilot using EdgeSWG CPL code use the following CPL snippet in a policy file or VPM CPL section:
define condition MSCopilot
url.domain="copilot.microsoft.com"
url.domain="edgeservices.bing.com"
url.domain="www.bing.com"
end condition MSCopilot
define action AddCopilotHeader
set(request.x_header.x-ms-entraonly-copilot,"1")
end action AddCopilotHeader
<Proxy>
condition=MSCopilot action.AddCopilotHeader(yes)VPM configuration will require creating a destination condition for the following request URLs:
- www.bing.com
- edgeservices.bing.com
- copilot.microsoft.com
And a Control Request Header option in the rule action:
Important: Make sure MS Copilot destinations are SSL intercepted.
When the policy is in place users are required to sign in before using any copilot features:
Feedback
Yes
No
Powered by
