Microsoft Copilot (Microsoft 365): Copilot uses Enterprise assets hosted on Templafy when creating presentations with Copilot

🚨 The Signal: Copilot can now use Templafy-hosted enterprise assets for presentation creation. This expands the data sources Copilot accesses, increasing the attack surface for sensitive corporate branding and content.

The Impact

Content creators and security teams are affected by increased risk of unauthorized access or misuse of corporate branding assets via Copilot.

• Content creators: Risk of inadvertent exposure of sensitive branding or internal assets.
• Security teams: Increased scope for data loss prevention and access control monitoring.
• Compliance officers: New data flows require updated data handling and third-party risk assessments.

The Action

1. Review Templafy integration settings to ensure least privilege access for Copilot.
2. Update data loss prevention (DLP) policies to cover Templafy-sourced content within Copilot.
3. Educate users on responsible use of Copilot with enterprise assets, emphasizing data sensitivity.
4. Assess Templafy's security posture and data handling practices as a third-party provider.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps