Microsoft Copilot (Microsoft 365): Rich artifacts in Copilot Pages

🚨 The Signal: Copilot can now generate and embed interactive charts, tables, diagrams, and code into M365 Pages using enterprise or web data. These artifacts remain interactive and synchronized, increasing data exposure risks if not properly governed.

The Impact

All users are affected, with increased risk of sensitive data exposure and potential for information leakage if governance is not robust.

• End users: Risk of inadvertently sharing sensitive data through interactive artifacts.
• Security teams: Increased surface area for data exfiltration and compliance breaches.
• Data owners: Challenges in tracking and controlling sensitive information embedded in new artifact types.
• Compliance officers: Difficulty in demonstrating adherence to data handling policies.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot Pages and new artifact types.
2. Implement or refine sensitivity labels for data used in Copilot-generated artifacts, ensuring proper classification and protection.
3. Educate users on the risks of sharing interactive artifacts containing sensitive information and best practices for data handling within Copilot.
4. Monitor Copilot usage logs for unusual activity related to artifact creation and sharing of sensitive data.
5. Assess the impact on existing information governance policies and update them to address interactive Copilot artifacts.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps