Microsoft Copilot (Microsoft 365): Catchup Skill (Copilot in Engage)

🚨 The Signal: Copilot in Viva Engage now summarises missed conversations. This increases exposure of internal communications to AI processing, requiring review of data governance and retention policies for AI-generated content.

The Impact

All Viva Engage users are affected, with a moderate security risk due to increased AI processing of internal communications.

• End users: AI summarises internal discussions, potentially exposing sensitive data.
• Security teams: Need to assess data handling by Copilot within Viva Engage.
• Compliance teams: Must review retention policies for AI-generated summaries.
• Admins: Requires understanding Copilot's data access within Viva Engage.

The Action

1. Review Microsoft Purview Data Loss Prevention (DLP) policies for Viva Engage content.
2. Assess existing retention labels and policies for Viva Engage to include AI-generated summaries.
3. Communicate to users about Copilot's summarization capabilities and data handling in Viva Engage.
4. Monitor Microsoft 365 audit logs for Copilot activities within Viva Engage.
5. Consult Microsoft's documentation on Copilot data privacy and security in Viva Engage.

Domain: Agentic-AI · Impact: medium · Workload: Other