Microsoft Copilot (Microsoft 365): Enhanced Copilot in Engage

🚨 The Signal: Copilot in Viva Engage now accesses Microsoft 365 Graph data, including emails, chats, and files. This expands Copilot's data access within Engage, increasing the potential for data exposure if not properly governed.

The Impact

All users of Viva Engage and Copilot are affected, with an increased risk of inadvertent data exposure and potential oversharing of sensitive information.

• End Users: Risk of oversharing sensitive M365 data if Copilot prompts are not carefully managed.
• Security Teams: Increased surface area for data leakage and compliance violations within Viva Engage.
• Admins: Need to review and potentially adjust Copilot data access policies for Viva Engage.
• Compliance Officers: New considerations for data governance and retention policies within Viva Engage.

The Action

1. Review existing Microsoft 365 Copilot data access policies in Microsoft 365 admin center > Settings > Org settings > Microsoft Copilot.
2. Assess data sensitivity and classification within Viva Engage to ensure appropriate data handling.
3. Communicate best practices for prompt engineering and data sensitivity to Viva Engage users.
4. Monitor Copilot usage and data access logs within Viva Engage for anomalous activity.

Domain: Agentic-AI · Impact: high · Workload: Other