(Updated) Viva Engage: Agents in Viva Engage communities Public Preview

🚨 The Signal: Viva Engage agents can now use external SharePoint sites for grounding and be tagged by users. This expands the agent's knowledge base and interaction methods, increasing potential for data exposure if not properly configured.

The Impact

Community admins and M365 Copilot-licensed users are affected, with a risk of unintended information disclosure via AI agent responses.

  • Community Admins: Must validate external SharePoint sites to prevent oversharing.
  • M365 Copilot Users: Can tag agents, potentially querying sensitive data if sources are misconfigured.
  • Security Teams: Need to monitor agent configurations for data governance and access control.
  • Data Owners: Risk of their SharePoint content being used by agents without explicit consent or awareness.

The Action

  1. Review existing Viva Engage agent configurations for all communities.
  2. For each agent, verify the SharePoint sites configured as grounding sources, ensuring they contain only appropriate, non-sensitive information.
  3. Ensure 'Tagging by community members' is disabled if direct user interaction with agents poses a risk of information leakage.
  4. Implement a policy for community admins regarding the selection and approval of external SharePoint grounding sources.
  5. Educate community admins on the implications of agent grounding sources and user tagging capabilities.

Domain: Agentic-AI · Impact: high · Workload: SharePoint