Microsoft Viva: Viva Engage - Support for inline videos and GIFs in articles

🚨 The Signal: Viva Engage now supports inline videos and GIFs in articles. This increases the potential for social engineering, misinformation, and data exfiltration via rich media content, requiring enhanced content governance.

The Impact

All Viva Engage users are affected, with increased risk of social engineering and data exfiltration through embedded media.

• End Users: Increased exposure to phishing and misinformation via embedded media.
• Security Team: New vectors for data exfiltration and malicious content distribution.
• Compliance Team: Greater challenge in enforcing content policies and data governance.
• Admins: Need to review and potentially update content moderation policies for rich media.

The Action

1. Review and update Viva Engage content policies to specifically address inline videos and GIFs.
2. Communicate updated acceptable use policies to all Viva Engage users.
3. Implement or enhance content moderation workflows for Viva Engage articles.
4. Consider data loss prevention (DLP) policies for Viva Engage to detect sensitive information in media.

Domain: Purview · Impact: medium · Workload: Microsoft Purview