(Updated) Rewrite with Microsoft 365 Copilot Chat coming soon to Edge for Business users
🚨 The Signal: Edge for Business will gain a Copilot-powered 'Rewrite' feature, enabled by default, allowing users to rephrase text. This introduces new data flow pathways for sensitive information to Copilot, requiring review of existing DLP policies.
The Impact
All users are affected by a new Copilot feature that can process sensitive data, posing a risk of inadvertent data exposure if DLP is not correctly configured.
- End users: Risk of inadvertently exposing sensitive data to Copilot if DLP is not properly configured.
- Security Team: Requires review of DLP policies to ensure sensitive data is not processed by Copilot.
- Admins: Need to understand and potentially configure the InlineComposeEnabled policy to manage feature access.
- Compliance Officers: Must verify data handling aligns with ISM and PSPF requirements for AI-driven text processing.
The Action
- Review existing Microsoft Purview Data Loss Prevention (DLP) policies to ensure they adequately restrict Copilot's access to sensitive content within Edge for Business.
- Evaluate the 'InlineComposeEnabled' policy setting to determine if a global or targeted disablement of the Rewrite feature is necessary for specific user groups or data types.
- Communicate to end-users about the new Rewrite feature, its capabilities, and their responsibilities regarding sensitive information handling.
- Update internal security documentation and user guides to reflect the introduction of the Rewrite feature and its implications for data governance.
Domain: Agentic-AI · Impact: high · Workload: Microsoft Purview