Microsoft Copilot (Microsoft 365): Copilot uses Enterprise assets hosted on Templafy when creating presentations with Copilot

🚨 The Signal: Copilot can now use Templafy-hosted enterprise assets for presentation creation. This expands Copilot's data access, increasing the risk of sensitive information exposure if not properly governed.

The Impact

Users leveraging Copilot with Templafy are affected, increasing the risk of unintended data exposure or misuse of corporate assets.

• End-users: Risk of inadvertently including sensitive Templafy assets in Copilot-generated content.
• Security Teams: New data flow to monitor for compliance and potential data leakage.
• Data Owners: Increased surface area for corporate asset exposure via Copilot.
• Compliance Teams: Requires re-evaluation of data governance policies for AI-generated content.

The Action

1. Review Templafy connector configuration for Microsoft 365 and Copilot to ensure least privilege access.
2. Update data loss prevention (DLP) policies in Microsoft Purview to monitor Copilot interactions with Templafy assets.
3. Educate users on responsible AI use, emphasizing verification of Copilot-generated content for sensitive information.
4. Assess existing information protection labels for Templafy assets to ensure consistent application with Copilot.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps