Microsoft Copilot (Microsoft 365): Create a PowerPoint slide from a file or prompt

🚨 The Signal: Copilot can now generate PowerPoint slides from user prompts or existing files. This increases the potential for sensitive data exposure if users leverage unclassified information in prompts or source files, impacting data governance.

The Impact

All users are affected, increasing the risk of inadvertent data exposure and non-compliance with data handling policies.

• End-users: Risk of inadvertently including sensitive data in generated slides.
• Security Teams: Increased surface area for data loss prevention (DLP) monitoring.
• Data Owners: Potential for sensitive information to be processed by Copilot without proper classification.
• Compliance Teams: New challenges in ensuring data governance and regulatory adherence.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies in Microsoft Purview to include Copilot interactions and PowerPoint content.
2. Educate users on responsible AI usage, emphasizing not to input sensitive or unclassified data into Copilot prompts or source files.
3. Implement or reinforce sensitivity labels for documents used as Copilot sources to ensure proper data handling.
4. Monitor Copilot usage logs for unusual activity or high volumes of sensitive data processing.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps