Microsoft Copilot (Microsoft 365): Access SharePoint agents in the Microsoft 365 Copilot app

🚨 The Signal: Copilot users can now directly access previously used SharePoint agents within the Microsoft 365 Copilot app. This streamlines agent interaction but increases the attack surface for data exfiltration via agent misuse.

The Impact

All Copilot users are affected, increasing the risk of unauthorised data access or exfiltration through agent misuse.

• End users: Increased risk of accidental data exposure via agent interaction.
• Security teams: New vector for data exfiltration requires monitoring and policy enforcement.
• Data owners: Potential for sensitive information to be accessed by unauthorised agents.
• Compliance officers: Need to reassess data handling policies for agent interactions.

The Action

1. Review and enforce SharePoint site permissions and sensitivity labels.
2. Implement Microsoft Purview Data Loss Prevention (DLP) policies for Copilot and SharePoint.
3. Educate users on responsible use of Copilot agents and data handling.
4. Monitor Copilot activity logs for unusual agent interactions or data access patterns.
5. Regularly audit SharePoint agent configurations and access scopes.

Domain: Agentic-AI · Impact: high · Workload: SharePoint