Microsoft Copilot (Microsoft 365): Copilot takes emails and meetings into account while drafting content in Word

🚨 The Signal: Copilot in Word will now automatically use content from your emails and meetings to draft documents, without explicit referencing. This expands the data scope Copilot accesses, increasing potential for inadvertent information exposure.

The Impact

All Copilot users are affected, increasing the risk of sensitive information being inadvertently included in documents.

• End-users: Risk of sensitive email/meeting content appearing in drafts.
• Security Teams: Increased data governance complexity and potential for data leakage.
• Compliance Teams: New challenges in demonstrating adherence to data handling policies.
• Data Owners: Reduced visibility into how their data is being used by Copilot.

The Action

1. Review and reinforce existing Microsoft Purview Data Loss Prevention (DLP) policies to detect and prevent oversharing of sensitive information generated by Copilot.
2. Educate users on Copilot's expanded data access and the importance of reviewing generated content for sensitive information before sharing.
3. Monitor Microsoft Purview Audit logs for Copilot activities to identify potential misuse or overexposure of data.
4. Evaluate Microsoft 365 sensitivity labels and policies to ensure appropriate classification and protection of emails and meeting transcripts.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps