Outlook: Calendar support for copying, cutting, and pasting events and appointments

🚨 The Signal: Outlook now allows copying and pasting calendar events. This seemingly minor feature introduces a potential for accidental or malicious data exfiltration of sensitive meeting details, increasing insider risk.

The Impact

All users are affected, increasing the risk of sensitive calendar data being inadvertently or maliciously copied and shared outside of intended boundaries.

• End users: Increased risk of accidental sharing of sensitive meeting details.
• Security teams: New vector for data exfiltration to monitor and mitigate.
• Compliance teams: Potential for non-compliance with data handling policies.
• Organisations: Higher insider risk due to easier data movement.

The Action

1. Review and update Data Loss Prevention (DLP) policies in Microsoft Purview to specifically target calendar item content and sharing.
2. Educate users on the risks of copying and pasting sensitive information from calendar events.
3. Monitor audit logs for unusual calendar activity, especially involving sensitive meeting titles or attendees.
4. Consider implementing stricter access controls for calendars containing highly sensitive information.

Domain: M365-Apps · Impact: high · Workload: M365 Apps