(Updated) Microsoft Edge: Microsoft 365 Copilot will support summarization and contextual grounding

🚨 The Signal: Microsoft Edge Copilot will summarise content from multiple browser tabs, M365 documents, and YouTube videos. This expands Copilot's data access, increasing potential for sensitive information exposure if DLP is not robustly configured.

The Impact

Users with Copilot are affected, increasing the risk of inadvertent sensitive data exposure if DLP policies are not correctly applied to Edge and Copilot.

• Security Teams: Risk of data exfiltration if DLP policies are not correctly configured for Edge and Copilot.
• Data Owners: Increased exposure surface for sensitive information if Copilot can access unclassified or misclassified data.
• End Users: Potential for over-sharing information if unaware of Copilot's data access scope and DLP limitations.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to explicitly cover Microsoft Edge and Microsoft 365 Copilot interactions.
2. Verify the 'EdgeEntraCopilotPageContext' policy in Microsoft Intune or Group Policy to restrict Copilot's access to page content where necessary.
3. Educate users on the scope of Copilot's data access and the importance of not feeding sensitive unclassified information into Copilot prompts.
4. Monitor Microsoft Purview DLP alerts related to Edge and Copilot to identify potential data exfiltration attempts.

Domain: Purview · Impact: high · Workload: Microsoft Purview