Microsoft Copilot (Microsoft 365): Support for summarization of very long documents

🚨 The Signal: Copilot in Word can now summarize extremely long documents (up to 1.5 million words). This increases the risk of sensitive data exposure if users summarize documents containing classified information without proper controls.

The Impact

All users are affected, with an increased risk of sensitive data exposure through summarization.

• End users: Risk of inadvertently summarizing and sharing sensitive data.
• Security teams: Increased challenge in monitoring and preventing data exfiltration.
• Compliance officers: Difficulty in ensuring adherence to data handling policies.
• Organisations: Potential for reputational damage and regulatory non-compliance.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to specifically detect and prevent summarization of sensitive content by Copilot.
2. Implement or reinforce sensitivity labels (Microsoft Purview Information Protection) on documents containing classified or sensitive information.
3. Educate users on responsible AI use, emphasizing the risks of summarizing sensitive documents with Copilot.
4. Monitor Copilot usage logs for unusual activity related to document summarization, especially for high-value data.
5. Evaluate existing access controls to ensure only authorized personnel can access and summarize sensitive documents.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps