Microsoft Viva: Copilot assisted goal authoring with Context IQ grounding

🚨 The Signal: Copilot in Viva Goals can now reference multiple files from Context IQ for goal authoring. This expands the data accessible to Copilot, increasing potential for sensitive information exposure if data governance is not robust.

The Impact

All users are affected, with a moderate risk of sensitive data exposure through Copilot if access controls are not properly managed.

• End users: Increased risk of inadvertently exposing sensitive data to Copilot.
• Security Team: Need to re-evaluate data access policies for Copilot interactions.
• Data Owners: Must ensure appropriate sensitivity labels are applied to documents.
• Compliance Officers: Potential for non-compliance with data handling regulations.

The Action

1. Review and enforce Microsoft Purview Information Protection sensitivity labels on all documents.
2. Audit existing data access permissions for files stored in SharePoint and OneDrive.
3. Educate users on responsible data handling when interacting with Copilot.
4. Monitor Copilot usage logs for unusual data access patterns.
5. Implement Data Loss Prevention (DLP) policies to prevent sensitive data exfiltration via Copilot.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps