Microsoft Copilot (Microsoft 365): BizChat - Edge contextual capabilities in Business Chat work mode

🚨 The Signal: Copilot's Business Chat can now summarise web pages and PDFs opened in Microsoft Edge. This expands Copilot's ability to process contextual information, increasing potential data exposure if not governed correctly.

The Impact

All users are affected, increasing the risk of sensitive information being exposed via Copilot's summarisation capabilities.

• End users: Risk of inadvertently exposing sensitive data to Copilot.
• Security teams: Increased surface area for data loss prevention (DLP) monitoring.
• Compliance teams: New considerations for data handling policies and attestation.
• AI governance teams: Expanded scope for prompt engineering and data interaction policies.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot interactions with Edge content.
2. Educate users on responsible use of Copilot with sensitive information in Edge, emphasising data classification.
3. Implement or refine Copilot access policies to restrict its use with highly sensitive data categories.
4. Monitor Copilot usage logs for unusual activity related to summarisation of sensitive documents or web pages.
5. Assess existing information classification schemes for applicability to Copilot's new contextual capabilities.

Domain: Agentic-AI · Impact: high · Workload: Other