(Updated) Planner is now available in Outlook and Microsoft 365 Copilot

🚨 The Signal: Planner tasks are now integrated into Outlook and Microsoft 365 Copilot, reducing context switching for users. This expands the attack surface for task-related data and requires vigilance over permissions and data access.

The Impact

All Microsoft 365 users are affected, increasing the risk of inadvertent data exposure and unauthorized access to task information if existing permissions are not properly managed.

  • End-users: Increased risk of oversharing task details if not mindful of sharing settings.
  • Security Teams: Expanded data surface to monitor for sensitive task information.
  • Admins: Need to review and enforce existing Planner and Copilot policies to prevent data leakage.

The Action

  1. Review existing Microsoft Planner sharing policies and ensure they align with data classification requirements.
  2. Verify Microsoft 365 Copilot data governance policies are correctly applied to task data.
  3. Educate users on the implications of sharing tasks and plans within Outlook and Copilot.
  4. Monitor audit logs for unusual access patterns to Planner tasks via Outlook or Copilot.
  5. Consider implementing sensitivity labels for tasks containing sensitive information.

Domain: Exchange · Impact: medium · Workload: Exchange Online