Microsoft Copilot (Microsoft 365): Recap changes over more time

🚨 The Signal: Copilot in Loop can now recap changes over extended periods, not just the current session. This increases the potential for sensitive information exposure through AI summarization of historical data.

The Impact

All users interacting with Copilot in Loop are affected, increasing the risk of sensitive data exposure through AI summarization of historical content.

• End users: Risk of inadvertently exposing sensitive historical data through AI summaries.
• Security teams: Increased surface area for data leakage and compliance violations.
• Data owners: Potential for unauthorized access to historical sensitive information via AI.
• Compliance officers: Greater challenge in demonstrating adherence to data retention and access policies.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Loop content.
2. Implement sensitivity labels for Loop files containing sensitive information via Microsoft Purview Information Protection.
3. Educate users on responsible use of Copilot, emphasizing data sensitivity when recapping changes.
4. Monitor Copilot usage and data access patterns through Microsoft Purview Audit logs.
5. Configure Copilot access controls to limit who can use it with sensitive Loop content.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps