Microsoft Outlook: Collaborate with Copilot while drafting email

🚨 The Signal: Copilot is now integrated directly into Outlook's email compose experience, allowing AI-assisted drafting and editing. This changes how users create emails, potentially increasing data exposure risk through AI interaction.

The Impact

Users with Copilot licenses are affected, with a moderate security risk related to sensitive information exposure via AI prompts.

  • End Users: May inadvertently expose sensitive data through Copilot prompts.
  • Security Team: Needs to monitor Copilot usage for potential data leakage risks.
  • Compliance Team: Must review data handling policies for AI-assisted content generation.

The Action

  1. Review Microsoft Purview Data Loss Prevention (DLP) policies to ensure they adequately cover Copilot interactions within Outlook.
  2. Educate users on responsible AI usage, emphasizing not to input highly sensitive or classified information into Copilot prompts.
  3. Monitor Microsoft 365 audit logs for Copilot activity to identify unusual data access patterns or sensitive information handling.

Domain: Agentic-AI · Impact: medium · Workload: Exchange Online