(Updated) Microsoft Copilot Analytics: Data export public preview for Copilot metrics in the Copilot dashboard
🚨 The Signal: Microsoft Copilot Dashboard now allows exporting de-identified usage data for deeper analysis. This provides new visibility into AI adoption but requires careful access management to prevent data misuse.
The Impact
Copilot Dashboard users with company-level access can export de-identified usage data, posing a risk if access is not appropriately restricted.
- Security Teams: Risk of data exfiltration if Copilot Dashboard access is over-privileged.
- Admins: New data export capability requires review of existing access controls for Copilot Dashboard.
- Compliance Teams: Need to update data handling policies for exported Copilot usage metrics.
The Action
- Review Entra ID roles and group memberships for all Copilot Dashboard users.
- Verify that only authorised personnel have 'full company-level data access' to the Copilot Dashboard.
- Implement or update data loss prevention (DLP) policies to monitor export of de-identified Copilot usage data.
- Communicate updated data handling guidelines to all personnel with Copilot Dashboard access.
- Regularly audit access logs for the Copilot Dashboard and Viva Insights web app.
Domain: Agentic-AI · Impact: medium · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898