Copilot Notebooks Can Now Reference Outlook Emails, Expanding Context and Data Exposure

🚨 The Signal: Copilot Notebooks can now use Outlook email content as references. This expands the data sources Copilot can access, increasing contextual grounding for AI responses but also potential data exposure across Microsoft 365.

The Impact

Users can now ground Copilot in email content, increasing the risk of sensitive information exposure if not properly managed.

• End Users: Increased ability to leverage email context for AI outputs, potentially exposing sensitive information.
• Security Teams: New data source for Copilot requires review of existing data governance and DLP policies.
• Organisations: Expanded data access for AI increases the attack surface for sensitive email content.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to account for email content used in Copilot Notebooks.
2. Communicate best practices to end-users regarding the types of email content appropriate for Copilot Notebooks.
3. Monitor Copilot usage logs for unusual activity related to email content access and referencing.

Domain: Agentic-AI · Impact: high · Workload: Microsoft Purview · Essential Eight: Application Control · ISM: ISM-0974, ISM-1654, ISM-1655, ISM-1656