Word: Chat with Copilot about selected text

🚨 The Signal: Copilot in Word can now chat about selected text, narrowing its focus. This increases the risk of sensitive data exposure if users select and prompt Copilot with unclassified information, bypassing existing data loss prevention (DLP) controls.

The Impact

All users interacting with Copilot in Word are affected, increasing the risk of inadvertent sensitive data exposure.

• End users: Increased risk of accidentally exposing sensitive data to Copilot.
• Security teams: New vector for data exfiltration requires monitoring and policy review.
• Compliance officers: Potential for non-compliance with data handling regulations.
• Data owners: Risk of unapproved disclosure of classified information.

The Action

1. Review existing Microsoft Purview DLP policies for Copilot interactions.
2. Educate users on responsible Copilot use, especially with sensitive data.
3. Monitor Copilot audit logs for unusual data interactions or prompts.
4. Assess the impact on information classification and handling procedures.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps