2.4.1. Secure AI Principles
💡 First Principle: AI security follows the data flow—wherever data enters, moves, or exits an AI system, that's where security controls must exist. Think of it like airport security: you screen passengers at entry, monitor them in the terminal, and verify them at the gate. Skip any checkpoint and the whole system is compromised. This mental model helps you identify security gaps: trace the data, secure the path.
Core secure AI principles:
| Principle | What It Means | Implementation |
|---|---|---|
| Data protection | Control what data AI can access | Configure permissions, sensitivity labels |
| Access control | Limit who can use AI features | Role-based access, conditional policies |
| Audit and monitoring | Track AI usage and outputs | Logging, compliance reporting |
| Model governance | Ensure AI behaves appropriately | Content filters, guardrails |
| Compliance alignment | Meet regulatory requirements | Data residency, retention policies |
Microsoft's integrated AI solutions (Microsoft 365 Copilot, Copilot Studio) benefit from existing Microsoft 365 security controls. Copilot respects the same permissions users already have—if you can't access a document directly, Copilot can't access it for you.
Authentication and application security for AI systems:
AI systems require the same authentication rigor as any enterprise application—plus additional considerations for API access and model endpoints:
| Security Layer | What It Protects | Microsoft Implementation |
|---|---|---|
| User authentication | Who can use the AI | Microsoft Entra ID, MFA, Conditional Access |
| Application authentication | Which apps can call the AI | OAuth 2.0, managed identities, API keys |
| Data authorization | What data the AI can access | Microsoft Graph permissions, RBAC |
| Network security | How data travels | Private endpoints, TLS encryption |
The key principle: AI doesn't bypass existing security—it operates within it. Microsoft 365 Copilot authenticates through Microsoft Entra ID using the user's existing identity. Azure AI Services authenticate through API keys or managed identities. Custom agents in Copilot Studio inherit the security model of their data connections.
⚠️ Exam Trap: Questions may suggest that AI requires entirely new security frameworks. While AI has unique considerations, Microsoft's integrated approach means existing M365 security controls extend to Copilot. The answer isn't "build new security"—it's "leverage existing security and add AI-specific controls like content filtering."
Reflection Question: An employee is concerned that Copilot might show them information they're not supposed to see. How would you explain Microsoft 365 Copilot's security model?
