Microsoft Teams: Copilot in Teams meetings responses can be exported to Word and Excel

🚨 The Signal: Copilot in Teams meetings can now export responses to Word and Excel, inheriting meeting sensitivity labels. This increases data mobility and potential for sensitive information exposure if not properly governed.

The Impact

All users are affected, increasing the risk of sensitive meeting data being moved outside of controlled environments.

• End users: Increased ease of data export, higher risk of accidental oversharing.
• Security teams: New data exfiltration vector to monitor and control.
• Compliance officers: Potential for sensitive data to bypass existing DLP controls.
• Admins: Need to review and enforce meeting policies and sensitivity labels.

The Action

1. Review existing Teams meeting policies for 'Allow copying or forwarding of meeting chat, live captions, transcript, and Copilot responses' via Teams Admin Center > Meetings > Meeting Policies.
2. Ensure appropriate sensitivity labels are applied to Teams meetings, especially for Teams Premium users, via Microsoft Purview compliance portal.
3. Communicate to users the implications of exporting Copilot responses and reinforce data handling best practices.
4. Implement or refine Data Loss Prevention (DLP) policies in Microsoft Purview to detect and prevent unauthorized sharing of exported Copilot content.
5. Monitor audit logs for Copilot response exports and associated data movements.

Domain: Teams · Impact: high · Workload: Teams