Microsoft Copilot (Microsoft 365): Easily write a prompt or choose quick actions from the Copilot icon in your Word doc

🚨 The Signal: Copilot in Word now offers quick actions and prompt suggestions directly from the document margin. This simplifies user interaction but increases potential for accidental data exposure or oversharing through AI-generated content.

The Impact

All users are affected, increasing the risk of accidental sensitive data exposure through simplified Copilot interactions.

• End-users: Increased risk of oversharing sensitive information through AI-generated content.
• Security Teams: Greater need for data loss prevention (DLP) policies to monitor Copilot outputs.
• Compliance Officers: Potential for non-compliance with data handling regulations due to AI-generated content.
• Administrators: Need to review and reinforce Copilot data governance policies.

The Action

1. Review and strengthen Microsoft Purview Data Loss Prevention (DLP) policies for M365 Apps, focusing on Copilot interactions.
2. Educate users on responsible AI use, data classification, and the risks of sharing sensitive information via Copilot.
3. Monitor Copilot usage and data interactions through Microsoft Purview Audit logs to identify potential risks.
4. Ensure sensitivity labels are correctly applied to documents before Copilot interaction to guide content generation.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps