Your guide to a comprehensive Incident Response Plan

In Part 2 of our spotlight series on incident response, Zandre Janse van Vuuren explains how to create a comprehensive Incident Response Plan for your organisation.

By Zandre Janse van Vuuren | Service Delivery Manager: Cyber DFIR, BUI

In Part 1, we highlighted the importance of having an Incident Response Plan (IRP) to minimise damage, reduce recovery time, and secure sensitive data during a cybersecurity incident. Now, let’s dive into how to create an effective IRP for your organisation, with practical, step-by-step guidelines you can follow.

Step 1: Define your objectives and scope

The foundation of any effective IRP begins with setting clear objectives and defining the scope. Objectives help align your incident response efforts with your organisation’s goals, risk tolerance, and regulatory requirements. Typical objectives include:

minimising data loss;
ensuring business continuity;
reducing recovery time;
and protecting your business reputation.

The scope defines the types of incidents the IRP covers and may vary depending on industry standards or regulatory guidelines. For instance, a healthcare provider may need a specific scope for protecting patient data, while a financial institution may focus on transaction security and fraud prevention. By establishing scope early on, you can ensure that your IRP is comprehensive yet focused.

Step 2: Identify key stakeholders and roles

An IRP functions best when it has a well-structured team with clear roles and responsibilities. The team may include internal stakeholders, like IT and management, and external stakeholders, such as legal consultants or third-party security experts.

Each member of your incident response team should have a clearly defined role to prevent delays and confusion during an incident. Roles may include:

Incident Manager: Oversees the incident response process and co-ordinates with other teams.
Technical Lead: Directs containment, eradication, and recovery tasks.
Communication Officer: Manages internal and external communications.
Legal Advisor: Ensures compliance with legal obligations during and after an incident.

Designating these roles upfront helps the team respond more efficiently and cohesively during an incident.

Step 3: Establish incident categories and prioritisation

Incidents can range widely in scope and severity, from minor phishing attempts to full-blown data breaches. To streamline response efforts, you must categorise potential incidents and assign impact levels to each. Incident categories could include:

Network attacks: Attempts to compromise network infrastructure, such as Distributed Denial-of-Service (DDoS) attacks.
Phishing and social engineering: Attacks targeting individuals for unauthorised access.
Data breaches: Incidents where sensitive data is exposed or stolen.

Each category should have multiple impact levels (e.g., low, medium, high) based on criteria like the number of affected systems, potential data loss, and the severity of business impact. This prioritisation ensures critical incidents receive immediate attention, while lower-priority events are handled appropriately without over-allocating resources.

Step 4: Develop detection and notification protocols

Timely detection and reporting are crucial for an effective IRP. Make sure you implement security tools and monitoring systems that can detect unusual activities or potential threats. There’s a wide range of endpoint protection platforms, network monitoring tools, and intrusion detection systems available for business and enterprise organisations.

Once an incident is detected, a notification protocol outlines how and when incidents should be reported internally and externally.

Internal reporting should be rapid, with team members knowing whom to notify immediately.
External reporting may be required for regulatory compliance and could include notifying partners, customers, or the authorities depending on the type of incident.

Make sure you clearly define the people or parties to be notified, the method of notification, and the relevant timeframe.

Step 5: Outline incident containment and eradication steps

Containment and eradication are central to limiting an incident’s impact and preventing further damage. Document your procedures for both short-term and long-term containment and eradication.

Short-term containment may involve disconnecting affected devices from the network or blocking malicious traffic.
Long-term containment might include applying patches, implementing segmentation, or reconfiguring permissions.
Eradication focuses on eliminating the incident’s root cause and could involve removing malware, resetting compromised credentials, or closing exploited vulnerabilities.

Both containment and eradication should be documented in detail, tailored to specific incident types, and tested to confirm that they are feasible and effective.

Step 6: Create recovery and remediation procedures

Once the incident is contained and eradicated, recovery efforts aim to return systems to regular operation safely and reliably. The recovery phase may involve restoring affected systems, verifying data integrity, and assessing system functionality. A critical part of this step is to monitor your systems for any indication that the incident may recur, ensuring any residual threats are eliminated.

Remediation actions may also include taking preventative steps, such as reinforcing security controls, updating policies, or providing additional employee training. Documentation is essential here, as lessons learned in recovery and remediation will help improve your IRP over time.

Step 7: Build a communication strategy

Communication during an incident is essential to inform all stakeholders, control potential reputational damage, and fulfil legal obligations. Your communication strategy should differentiate between internal communications, which provide regular updates to relevant staff, and external communications, which may include notifying customers, partners, regulatory bodies, and the media.

Effective communication strategies often use predefined templates and include guidelines for customising messaging based on the nature and impact of the incident. Designate a spokesperson from your communications or public relations team to ensure consistency and accuracy in your external messages.

Step 8: Plan for post-incident review and continuous improvement

Every incident provides a learning opportunity. The post-incident review process aims to evaluate the IRP’s performance, identify areas for improvement, and ensure that lessons are incorporated into the IRP for future incidents.

This step typically includes:

Documentation: Detail the incident timeline, response actions, and decision points.
Evaluation: Analyse what went well and what didn’t, identifying any gaps in response.
Update procedures: Adjust protocols, tools, and policies to address any identified weaknesses.

A robust post-incident review process strengthens the IRP and demonstrates a commitment to continuous improvement, which is critical for fostering a proactive security culture and maintaining regulatory compliance.

Bonus tip! The success of any IRP is closely tied to the response team’s performance during high-pressure situations – and that’s why it’s important to cultivate the right mindset. If you and your teammates can maintain your composure, think objectively, and work in unison, then you’ll be ready when it matters most.

Stay calm under pressure: Panic can lead to mistakes and misinterpretations during critical moments. Breathe, focus, and assess the situation calmly before you act. Rely on your IR training and processes to guide you.
Stay objective and avoid assumptions: Jumping to conclusions or making assumptions can lead to missteps and wasted resources. Base your decisions on verified data; cross-check evidence; and don’t let personal biases influence your actions.
Focus on collaboration, not isolation: Incident response is a team effort: isolating yourself or hoarding information can slow the overall response time and hinder your progress. Communicate openly, delegate tasks, and leverage others’ expertise if necessary.

With a comprehensive IRP and a teamwork mindset, your organisation will be better equipped to navigate security incidents. Download our checklist to guide you in creating your IRP.

Incident response planning: The key to business resilience

In today’s digital world, it’s not a matter of if but when your organisation will experience a cyber incident. In Part 1 of our incident response spotlight series, Zandre Janse van Vuuren explains why an Incident Response Plan is a critical component of a robust security strategy.

By Zandre Janse van Vuuren | Service Delivery Manager: Cyber DFIR, BUI

In today’s digital world, cybersecurity threats are an ever-present reality. Last year alone, password attacks increased to 4,000 per second (on average) and the number of human-operated ransomware attacks rose by 195 percent. From ransomware to identity breaches, organisations of all sizes are potential targets. The 2024 Microsoft Digital Defense Report (MDDR) puts the growing threat landscape into sharp focus: Microsoft customers face more than 600 million cybercriminal and nation-state attacks every day. While it’s impossible to eliminate the risk of an attack altogether, organisations can significantly reduce the impact by having a well-structured Incident Response Plan in place.

Incident response is not just about reacting to a cyber incident; it’s about being prepared to act swiftly, decisively, and efficiently.

What is incident response planning?

Incident response (IR) planning is the process of developing a structured, documented approach to handling security breaches and cyberattacks. An effective IR plan includes predefined procedures, roles, and responsibilities for responding to and mitigating the effects of cyber incidents. It also outlines communication strategies, legal obligations, and methods for preserving evidence for forensic investigations.

The importance of incident response planning

Mitigating damage and loss
A comprehensive IR plan enables organisations to contain an attack before it causes extensive damage. With the surge in human-operated ransomware attacks—which Microsoft reports have increased by 2.75x—a timely and co-ordinated response is critical. Without a plan, response times are slower, and the financial and reputational damage can be catastrophic. Being prepared can prevent the spread of malware, data theft, or further unauthorised access.
Reducing downtime
Every minute of downtime during a cyber incident translates to lost revenue, especially in industries that rely heavily on operational continuity. A quick and co-ordinated response allows organisations to resume business operations faster, minimising disruption.
Enhancing co-ordination and communication
A well-structured IR plan ensures that all stakeholders, including internal teams and external partners, know their roles in responding to an incident. With nation-state and cybercriminal activities converging more than ever, it is crucial that organisations have clear communication channels. These help prevent confusion, allowing teams to act in unison and avoid mistakes during critical moments.
Maintaining regulatory compliance
Many industries are subject to data protection laws and regulations, such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS), which mandate swift responses to data breaches. Having an IR plan ensures compliance with these legal obligations, protecting organisations from penalties and fines.
Preserving evidence for forensic analysis
Properly handling an incident means preserving crucial data for investigation and legal purposes. According to the 2024 MDDR, nation-state actors are increasingly targeting critical infrastructure and high-profile organisations. Without an IR plan, organisations may inadvertently destroy or fail to collect essential forensic evidence, which could hinder law enforcement or legal action.

A comprehensive IR plan does far more than provide a structured way to deal with attacks and cyber incidents: it also empowers organisations to be proactive about their security posture.

The advantages of effective incident response planning

Proactive risk management
Incident response planning allows organisations to identify vulnerabilities before they are exploited. Conducting regular IR drills helps businesses improve their overall security posture and minimise potential risks.
Improved customer trust
Customers want to know their data is secure. Organisations with publicly communicated IR strategies can reassure their customers that they take cybersecurity seriously and are prepared to handle any breaches professionally and swiftly.
Cost savings
The costs of a cyber incident, particularly those involving data breaches, can be astronomical. Expenses often include data recovery, legal fees, regulatory fines, and lost revenue. A timely response significantly reduces the financial burden associated with cyber incidents.
Continuous improvement
Incident response planning is not static. Lessons learned from each incident feed back into the plan, making it more effective with every iteration. Continuous improvement is essential to staying ahead of emerging threats. Regular updates to the IR plan help organisations remain resilient and prepared for new types of attacks.

How our Cyber DFIR team can help with incident response planning

Incident response is not a one-size-fits-all solution and creating an effective IR plan requires expertise and experience in dealing with complex cyber threats. Our Cyber DFIR team specialises in helping organisations develop, implement, and refine their incident response strategies. When you choose BUI as your security partner, you gain access to seasoned professionals who will work closely with your organisation to:

Conduct thorough risk assessments to identify potential vulnerabilities.
Develop tailored IR plans that align with your business objectives and regulatory requirements.
Implement response playbooks that include clear steps for containment, eradication, and recovery.
Provide hands-on support during incident response efforts to minimise impact and downtime.
Offer forensic analysis and reporting to ensure proper evidence-handling and compliance.
Conduct post-incident reviews and refine the IR plan to ensure continuous improvement.

At BUI, we understand that every organisation faces unique cybersecurity challenges. Our proactive approach ensures that your organisation is prepared, resilient, and capable of responding effectively to any incident. Let our Cyber DFIR team help you safeguard your digital assets and build a stronger security posture through a robust incident response plan. Contact us to get started today.

BUI Cyber Research – Resolving a vulnerability in outdated versions of Microsoft Teams

In October 2023, a significant software security vulnerability was discovered that impacts Microsoft Teams. The vulnerability, designated as CVE-2023-4863, affects not only Microsoft Teams but also Microsoft Edge, Skype for Desktop, and WebP Image Extensions.

Although software updates have been released for Microsoft Teams, Microsoft Defender continues to flag multiple devices as vulnerable. The persistence of this vulnerability is due to the Machine-wide Installer, which installs Teams for all profiles, while deployed updates only update the Teams.exe file for the logged-in user.

While Microsoft does not provide direct remediation for this specific issue, there are steps you can take to address it. Although manual remediation via scripting may not be ideal, a script released on GitHub by Lee Vilenski has proven to be very successful.

We have modified Vilenski’s script to meet our requirements and deployment methods, as shown below. The original script can be found here.

Script

# Define minimum acceptable version (replace with your desired version)
$minVersion = “1.7.00.8651”

############### Do Not Edit Below This Line #################################

###Finding SIDs for loop
# Regex pattern for SIDs
$PatternSID = ‘S-1-5-21-\d+-\d+\-\d+\-\d+$’

# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = gp ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*’ | Where-Object {$_.PSChildName -match $PatternSID} |
Select @{name=”SID”;expression={$_.PSChildName}},
@{name=”UserHive”;expression={“$($_.ProfileImagePath)\ntuser.dat”}},
@{name=”Username”;expression={$_.ProfileImagePath -replace ‘^(.*[\\\/])’, ”}}

# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $PatternSID} | Select @{name=”SID”;expression={$_.PSChildName}}

# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select @{name=”SID”;expression={$_.InputObject}}, UserHive, Username

# Loop through each profile on the machine
Foreach ($item in $ProfileList) {
# Load User ntuser.dat if it’s not already loaded
IF ($item.SID -in $UnloadedHives.SID) {
reg load HKU\$($Item.SID) $($Item.UserHive) | Out-Null
}

#####################################################################

# Check and potentially remove outdated Teams versions

# Get Teams uninstall keys for the user
$teamsUninstallKeys = Get-ItemProperty registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\Teams*

if ($teamsUninstallKeys) {
foreach ($teamsKey in $teamsUninstallKeys) {
# Check DisplayVersion and remove key if outdated (with confirmation)
$displayVersion = $teamsKey.DisplayVersion

if ($displayVersion -lt $minVersion) {
$uninstallString = “C:\Users\$($item.Username)\appdata\local\microsoft\teams\update”
# Consider error handling for uninstall process (not shown here)
try {
Start-Process -FilePath $uninstallString -ArgumentList “–uninstall” -Wait -Verb RunAsAdministrator
} catch {
}

# Remove the Teams uninstall key (use with caution)
Remove-Item -Path “registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\$($teamsKey.PSName)” -Recurse}
}

} # Unload ntuser.dat
IF ($item.SID -in $UnloadedHives.SID) {
[gc]::Collect()
reg unload HKU\$($item.SID) | Out-Null
}
}

################## Remove Teams where Regkey doesn’t exist #############################

$userProfiles = Get-ChildItem -Path “C:\Users” -Directory -Exclude Default,Public
# Loop through each user profile
foreach ($profile in $userProfiles) {
# Check if Teams executable exists
$teamsPath = Join-Path -Path $profile.FullName -ChildPath “AppData\Local\Microsoft\Teams\current\Teams.exe”
if (Test-Path $teamsPath) {
# Get the installed version
$installedVersion = (Get-ItemProperty $teamsPath).VersionInfo.FileVersion

# Check version – inform about outdated and above versions
if ($installedVersion -lt $minVersion) {
Write-Host “Outdated Teams version found in $($profile): $installedVersion”
# Uninstall Teams (requires admin privileges)
Remove-Item -Path $teamsPath -Recurse -Force -ErrorAction SilentlyContinue
if ($?) {
Write-Host “Uninstalled Teams from $profile successfully.”
} else {
Write-Host “Failed to uninstall Teams from $profile.”
}
} else {
Write-Host “Teams version in $profile ($installedVersion) is above or meets the minimum requirement.”
}
}
}

Please see below steps to implement the remediation script using Microsoft Intune:

Copy the Script code above into Notepad and save as a PowerShell file (TeamsUpdate.ps1)
In Microsoft Intune,
- Navigate to the Devices blade,
- Select Scripts and remediations,
- Select the Platform scripts tab

3. Select Add/Create to create a new script, select Windows 10 and later

4. Enter Name and Description for script

5. Under script settings:

- Upload the script
- Set “Run this script using the logged-on credentials” to No
- Set “Enforce script signature check” to No
- Set “Run script in 64bit PowerShell Host” to Yes

6. On next screen, Assign the script to the All devices group

7. Save

By BUI SecOps Principal Technical Consultant, Terryanne du Toit and BUI SecOps Technical Consultant, Danie Miller.

Copilot for Microsoft 365: It’s got lots of friends

In Part 4 of our Copilot for Microsoft 365 spotlight series, Cloud Security Architect Neil du Plessis highlights neighbouring technologies, including Copilot for Azure and Copilot for Sales.

By Neil du Plessis | Cloud Security Architect, BUI

The artificial intelligence that powers Copilot for Microsoft 365 is also used in neighbouring Microsoft technologies for the modern workplace. Copilot for Azure, Copilot for Sales, Copilot for Service, Microsoft Copilot Studio, and Microsoft Copilot for Security are either coming soon or already available to Business and Enterprise customers. Let’s take a closer look at each one.

1. Copilot for Azure

Microsoft describes Copilot for Azure as an AI-powered assistant that simplifies the design, operation, optimisation, and troubleshooting of applications and infrastructure within the Azure ecosystem. It utilises Large Language Models, the Azure control plane, and insights about your Azure and Azure Arc-enabled assets to help you streamline cloud orchestration and management.

Highlights: Copilot for Azure can help you design and develop your cloud applications, choose the best frameworks, languages, and tools, and test and debug your code. It can also help you deploy and manage your applications by providing automation, scalability, and monitoring. In addition, Copilot for Azure can recommend ways to optimise costs and improve security and compliance in your environment.

Availability: Copilot for Azure is currently in preview, and existing Azure customers and Microsoft Partners can apply to participate. If you’re interested, review the registration process before filling in the application form.

2. Copilot for Sales

Copilot for Sales is designed to help your sales teams boost productivity, improve customer engagements, and close more deals. It takes the foundational capabilities of Copilot for Microsoft 365 and enhances them by connecting to customer relationship management platforms (like Microsoft Dynamics 365 Sales and Salesforce Sales Cloud) and providing sales teams with relevant in-app insights and recommendations to enhance customer interactions.

Highlights: According to Microsoft, Copilot for Sales empowers your sellers to simplify daily tasks, personalise customer interactions, and streamline workflows. From drafting emails in Outlook and setting up meetings in Teams to creating pitch decks in PowerPoint and data visualisations in Excel, Copilot for Sales is geared to help sales teams accomplish more in less time with AI-powered communication, content, and CRM activities.

Watch now: An overview of Copilot for Sales

Availability: Copilot for Sales is available now for $50 per user per month, which includes the requisite Copilot for Microsoft 365 licence. If you already have Copilot for Microsoft 365 (via your Office 365 E3, Office 365 E5, Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 Business Standard, or Microsoft 365 Business Premium subscription), then you can get Copilot for Sales for an additional $20 per user per month. The Copilot for Sales pricing guide has further details, terms, and conditions.

3. Copilot for Service

Copilot for Service applies artificial intelligence to your call centre operations to help your customer service and support teams handle customer interactions more efficiently. Copilot for Service brings together all relevant content from your CRM platforms, websites, SharePoint sites, and third-party knowledge bases (like Salesforce, ServiceNow, and Zendesk) and puts it at your agents’ fingertips through conversational AI.

Highlights: Your customer service and support teams can enter natural language prompts and Copilot for Service will generate answers based on your organisational content – from call centre playbooks and user manuals to customer records and case histories in your CRM tools. Your agents can do this in their flow of work during real-time engagements with customers to handle queries faster, resolve issues earlier, and improve customer satisfaction over time.

Watch now: An overview of Copilot for Service

Availability: Copilot for Service is available now for $50 per user per month, which includes the requisite Copilot for Microsoft 365 licence. If you already have Copilot for Microsoft 365 (via your Office 365 E3, Office 365 E5, Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 Business Standard, or Microsoft 365 Business Premium subscription), then you can get Copilot for Service for an additional $20 per user per month. The Copilot for Service pricing guide has further details, terms, and conditions.

4. Microsoft Copilot Studio

Unveiled by Microsoft at the 2023 Microsoft Ignite conference, Microsoft Copilot Studio is a low-code tool that enables you to tailor Copilot for Microsoft 365 and build your own AI-driven copilots by leveraging conversational features like custom GPTs and generative AI plugins.

Highlights: With Microsoft Copilot Studio, you’re able to personalise Copilot for Microsoft 365 according to your business needs. You can develop, test, and publish standalone copilots and regulate and secure them with the appropriate permissions, data access, and user controls. You can also see the end-to-end lifecycle of your customisations and standalone copilots in one place, which makes building, deploying, managing, and analysing them easier and simpler. In addition, you can use Microsoft Copilot Studio to link Copilot to other data sources to access any system of record, including SAP, ServiceNow, and Workday.

Availability: Microsoft Copilot Studio is available now, and the integration with Copilot for Microsoft 365 is currently in public preview. The Microsoft Copilot Studio website has further details, terms, and conditions.

5. Microsoft Copilot for Security

Microsoft Copilot for Security was also announced at the 2023 Microsoft Ignite conference, where Microsoft explained it as an AI-powered cybersecurity product that “enables security professionals to respond to cyberthreats quickly, process signals at machine speed, and assess risk exposure in minutes”.

Highlights: Microsoft Copilot for Security combines an advanced Large Language Model with a security-specific model informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals. The result is a sophisticated, security-focused AI assistant that can provide actionable responses to your natural language questions. These responses can be in the form of text, code, or a visual that helps you understand the full context of a security incident, its impact, and the next steps you should take for remediation and defence hardening.

Watch now: An overview of Microsoft Security Copilot

Availability: Microsoft Copilot for Security is currently in private preview through an invitation-only Early Access Programme for customers and Microsoft Partners. BUI is participating in the Microsoft Copilot for Security Partner Private Preview, and is working with Microsoft product teams to help shape product development. Learn more in our news update.

With Copilot for Azure, Copilot for Sales, Copilot for Service, Microsoft Copilot Studio, and Microsoft Copilot for Security, Microsoft is expanding its range of AI-powered technologies to help you streamline cloud orchestration and management, boost sales productivity, improve customer service, spur innovation, and secure your data and resources. The sooner you start exploring these tools, the sooner you’ll be ready to empower your teams for even greater success.

BUI Cloud Security Architect Neil du Plessis is a certified CISSP and Microsoft Cybersecurity Expert specialising in holistic, cloud-powered defences for modern workplaces.

Wondering if Copilot for Microsoft 365 is right for your organisation? Join the BUI team for an interactive workshop and we’ll assess your Copilot for Microsoft 365 readiness and define a road map for your adoption journey. The workshop is conducted virtually, and is suitable for senior business development managers, line-of-business leaders, managers, technical decision-makers, and end-users. Register your interest by completing this digital form and we’ll contact you directly.

Copilot for Microsoft 365: AI to help you work smarter

In Part 2 of our Copilot for Microsoft 365 spotlight series, Cloud Security Architect Neil du Plessis reveals how this AI-powered assistant can help you be more creative and productive.

By Neil du Plessis | Cloud Security Architect, BUI

More than three-quarters of early users said that once they tried Copilot for Microsoft 365, they didn’t want to give it up. Why? Because having this AI-powered assistant as their workplace aide helped them to save time, unleash their creativity, enhance their skills, and unlock the full potential of their favourite Microsoft 365 apps.

In the Work Trend Index Special Report published by Microsoft last year, the same early users said that Copilot for Microsoft 365 empowered them to do more – and do it more efficiently than before. From creating presentations in PowerPoint to managing emails in Outlook, Copilot helped them achieve their goals.

But how exactly can Copilot for Microsoft 365 help you and your teams? How can you take advantage of this technology in your business right now? Let’s explore three everyday use cases for Copilot for Microsoft 365 in the modern workplace.

1. Copilot can help you write better and faster.

Whether you need to write a blog post, a newsletter, a proposal, or a summary, Copilot can help you with the creative process.

You can tell Copilot to draft an outline, a title, a hook, or a conclusion for your document based on your topic and purpose. You can get Copilot to check your grammar and spelling and edit, rewrite, or paraphrase your text to improve the tone, style, and clarity.

You can also direct Copilot to help you with formatting, referencing, and citing your sources so that your entire document is eye-catching, precise, and correctly attributed.

With Copilot as your co-creator, you can speed up the writing process and craft compelling content that meets your needs. Watch these videos for a closer look at what’s possible with Copilot in Word.

Copilot in Word: Get a head start

Copilot in Word: Locate key information

Copilot in Word: Request tailored edits

Copilot in Word: Transform a document

Copilot in Word: Enhance your writing and design

2. Copilot can help you analyse and visualise data.

Whether you need to work with numbers, charts, tables, or graphs, Copilot can help you with data analysis and presentation.

You can get Copilot to perform calculations, apply formulas, filter data, or create pivot tables in Excel, based on your data set and goal.

You can ask Copilot to help you interpret and make sense of your data by providing summaries, trends, or insights in natural language.

You can also use Copilot to generate charts and graphs so that you can visualise your data, highlight relevant information, and vividly present your findings.

With Copilot by your side in Excel, you can enhance the way you work with and analyse data. Watch these videos to see how Copilot filters, formats, and reviews data.

Copilot in Excel: Be more analytical

Copilot in Excel: Identify key insights

Copilot in Excel: Make engaging charts

Copilot in Excel: Quick conditional formatting

3. Copilot can help you manage and organise tasks.

Whether you need to plan a project, schedule a meeting, or follow up on an email, Copilot can help you with task management and day-to-day organisation.

You can ask Copilot to create a project plan, a timeline, or a checklist in Word, Excel, or PowerPoint, based on your project scope and deliverables.

You can instruct Copilot to schedule a meeting, send an invitation to your chosen attendees, and create an agenda to match the meeting topic – all from within Outlook or Teams.

You can also get Copilot to help you respond to emails, create tasks, and set reminders in Outlook or Teams, based on your email content and priorities.

With Copilot as your digital assistant, you can stay on top of your tasks and organise your calendar more efficiently. Watch these videos for an overview of Copilot’s functionality in Outlook and Teams.

Copilot in Outlook: Manage your inbox

Copilot in Outlook: Draft effective emails

Copilot in Outlook: Translate an email

Copilot in Teams: Get meeting overviews

Copilot in Teams: Discern opinions quickly

Copilot in Teams: Ask better questions

Real-time intelligent assistance from Copilot for Microsoft 365 enables people to work more creatively and productively. More than 80% of surveyed users said Copilot makes it easier to get started on a first draft; take action after a meeting; and catch up on what they missed. More than 70% said Copilot helped them complete work faster and save time on mundane tasks. And 68% said Copilot improved the quality of their work.

Going forward, those who embrace Copilot for Microsoft 365 as an ally at work and take the time to build new digital habits will benefit the most from this powerful technology.