Microsoft Viva Glint: Export Heat Map reports as editable PowerPoint slides

🚨 The Signal: Viva Glint Heat Map reports can now be exported as editable PowerPoint files. This increases the risk of sensitive organizational insights being easily modified, shared, and potentially exfiltrated outside of controlled M365 environments.

The Impact

Managers and users with Heat Map report access are affected, increasing the risk of uncontrolled sharing and modification of sensitive survey data.

• Managers: Increased ease of sharing sensitive survey data outside M365 controls.
• Security Teams: New vector for data exfiltration and potential loss of data integrity.
• Compliance Officers: Greater challenge in demonstrating adherence to data handling policies.
• End Users: Potential for inadvertent sharing of sensitive organizational insights.

The Action

1. Review existing Data Loss Prevention (DLP) policies in Microsoft Purview to ensure they cover editable PowerPoint files containing Viva Glint data.
2. Educate users with Viva Glint access on the risks associated with exporting and sharing sensitive data outside of secure M365 collaboration spaces.
3. Consider implementing sensitivity labels for Viva Glint data to enforce encryption or access restrictions on exported files.
4. Monitor audit logs for unusual export activity from Viva Glint, particularly for Heat Map reports.

Impact: high · Workload: Microsoft Purview