OneDrive: Annotate with Apple Pencil Experience on OneDrive for iOS

🚨 The Signal: OneDrive for iOS/iPadOS now supports advanced Apple Pencil annotations. This enhances user collaboration but introduces new vectors for data exfiltration or malicious content embedding within documents.

The Impact

All users are affected, with a moderate risk of unmonitored data modification or exfiltration via new annotation capabilities.

• End users: New annotation features could inadvertently expose sensitive data if not properly managed.
• Security teams: Increased complexity in monitoring and preventing data exfiltration through embedded annotations.
• Compliance officers: Potential for non-compliant data handling if annotations bypass existing DLP controls.

The Action

1. Review existing Microsoft Purview Data Loss Prevention (DLP) policies for OneDrive to ensure annotations are covered.
2. Assess Microsoft Defender for Cloud Apps (MDCAS) policies for OneDrive to detect unusual annotation activity.
3. Communicate updated acceptable use policies regarding document annotation to end-users.
4. Verify Microsoft Intune App Protection Policies (APP) for OneDrive to restrict data sharing from annotated files.

Impact: medium · Workload: OneDrive