Dataverse - Chat and reason over Dataverse business data in Microsoft 365 Copilot (preview)

🚨 The Signal: Microsoft 365 Copilot can now access Dataverse business data, allowing users to chat and reason over sensitive information. This expands the data surface area accessible by AI, increasing data exposure risk.

The Impact

Power Platform admins and Security Teams are affected by increased data exposure risk when Dataverse data is made available to Copilot.

• Power Platform Admins: Must assess and configure Dataverse environment data access for Copilot.
• Security Teams: Need to review data classification and DLP policies for Dataverse content exposed to Copilot.
• End Users: Gain broader access to business data through Copilot, increasing potential for inadvertent data sharing.
• Data Owners: Must understand how their Dataverse data is being used and accessed by Copilot.

The Action

1. Review Dataverse environments for sensitive data that should not be exposed to Copilot.
2. Assess existing Dataverse security roles and permissions in the context of Copilot access.
3. Develop or update Data Loss Prevention (DLP) policies to cover Dataverse data accessed via Microsoft 365 Copilot.
4. Communicate data handling guidelines to users interacting with Dataverse data through Copilot.

Domain: Agentic-AI · Impact: high · Workload: Other