Outlook: Agents for Microsoft 365 Copilot available in Copilot Chat in classic Outlook for Windows

🚨 The Signal: Copilot Chat in classic Outlook for Windows now supports declarative agents. This enables AI agents to perform tasks based on user prompts, increasing automation but also expanding the attack surface for prompt injection and data exfiltration.

The Impact

All users are affected, introducing new risks related to data exposure and unauthorized actions via AI agents.

• End users: Risk of unintentional data exposure through agent interactions.
• Security teams: New attack surface for prompt injection and data exfiltration.
• Admins: Need to define and enforce policies for agent usage and data access.
• Compliance teams: Increased complexity for data governance and audit trails.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot agent interactions.
2. Implement Conditional Access policies to restrict Copilot agent access based on device compliance or location.
3. Educate users on secure prompting practices and the risks of sharing sensitive information with agents.
4. Monitor Copilot audit logs for unusual agent activity or data access patterns.
5. Define and enforce agent governance policies within the Microsoft 365 admin center for Copilot.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps