Microsoft Copilot (Microsoft 365): Developers building agents in Azure AI Foundry can ground their agent in files stored in SharePoint

🚨 The Signal: Developers can now build AI agents in Azure AI Foundry that access SharePoint files. This expands the data agents can use, increasing potential for data exposure if not properly governed.

The Impact

Developers and security teams are affected, with a risk of unauthorised data access by AI agents if permissions are not tightly controlled.

• Developers: Can build more powerful agents, but must manage data access carefully.
• Security Teams: Must review and update data governance for AI agent access to SharePoint.
• Data Owners: Risk of sensitive data exposure if agent permissions are overly broad.
• Compliance Officers: Need to ensure agent data handling aligns with regulatory requirements.

The Action

1. Review Azure AI Foundry agent development guidelines for data access best practices.
2. Implement least privilege access for AI agent identities accessing SharePoint.
3. Audit existing SharePoint permissions for data intended for AI agent consumption.
4. Establish data classification and labelling policies for content accessible by AI agents.
5. Develop a governance framework for AI agent data access and usage.

Domain: Agentic-AI · Impact: high · Workload: SharePoint · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898