Microsoft Copilot (Microsoft 365): Automatic summary of documents on file-open in Word

🚨 The Signal: Copilot will automatically summarise documents upon opening in Word, potentially exposing sensitive information if not properly governed. This changes how users interact with document content and requires review of data governance policies.

The Impact

All users are affected, increasing the risk of inadvertent data exposure and the spread of potentially inaccurate information.

• End Users: Risk of over-reliance on AI summaries, potentially missing critical details or misinterpreting content.
• Security Team: Increased risk of sensitive data exposure through summarization of restricted documents.
• Compliance Team: New challenges in ensuring data handling policies are adhered to with AI summarization.
• Data Owners: Need to verify if document classifications and access controls are sufficient to prevent inappropriate summarization.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot interactions and summarization.
2. Educate users on the limitations of AI summaries and the importance of verifying information.
3. Assess existing document sensitivity labels and access controls to ensure they adequately protect content from unintended summarization.
4. Monitor Copilot usage logs for unusual activity or summarization of highly sensitive documents.
5. Consider implementing Copilot access controls for specific user groups or document types if available.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps