Microsoft Copilot (Microsoft 365): Summarize files shared in Teams chat with Copilot
🚨 The Signal: Copilot can now summarize files shared in Teams chats, including Word and PDF. This enhances information retrieval but increases data exposure risk if not properly governed, impacting data loss prevention and access controls.
The Impact
All users with Copilot licenses are affected, increasing the risk of sensitive information exposure through AI summarization.
- End users: Increased risk of accidental over-sharing of sensitive data via Copilot summaries.
- Security teams: New data exfiltration vector to monitor and control within Teams and Copilot.
- Admins: Requires review of existing DLP policies and access controls for Copilot interactions.
- Compliance officers: Potential for non-compliance with data handling regulations due to AI-generated summaries.
The Action
- Review and update Microsoft Purview Data Loss Prevention (DLP) policies to specifically address Copilot interactions with sensitive data in Teams.
- Ensure appropriate sensitivity labels are applied to documents to prevent Copilot from summarizing highly confidential information.
- Educate users on responsible use of Copilot for summarization, emphasizing data sensitivity and sharing implications.
- Monitor Copilot usage logs for unusual activity related to file summarization and data access patterns.
- Verify that Conditional Access policies restrict Copilot access based on device compliance and location for sensitive data.
Domain: Agentic-AI · Impact: high · Workload: Teams