Notebooks in the M365 Copilot App

🚨 The Signal: Microsoft 365 Copilot Notebooks will integrate with OneNote, creating a persistent workspace for project content. This centralises generated content and reference materials, potentially increasing data sprawl and the risk of sensitive information exposure across platforms.

The Impact

Copilot users are affected, increasing the risk of sensitive data exposure and complicating data governance.

  • Copilot users: Increased risk of sensitive data exposure through new content storage locations.
  • Security teams: New data vectors complicate data loss prevention (DLP) and eDiscovery.
  • Compliance teams: Challenges in maintaining data governance and regulatory compliance.
  • Admins: Need to review data retention and access policies for Copilot-generated content.

The Action

  1. Review and update Microsoft Purview DLP policies to include Copilot Notebooks and associated content types.
  2. Assess data retention policies for Copilot-generated content within Notebooks and OneNote.
  3. Communicate data handling best practices for sensitive information within Copilot Notebooks to users.
  4. Monitor Copilot usage and data flows for unusual activity or potential data exfiltration.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps