Microsoft Copilot (Microsoft 365): Support large documents in Word Copilot

🚨 The Signal: Microsoft Copilot in Word now processes larger documents, increasing the potential for sensitive data exposure if access controls are not rigorously managed. This expands the attack surface for data exfiltration via AI.

The Impact

All users interacting with Copilot in Word are affected, increasing the risk of inadvertent sensitive data exposure.

• End Users: Increased risk of exposing sensitive data through Copilot if not careful.
• Security Teams: Greater challenge in monitoring and preventing data exfiltration via AI.
• Data Owners: Expanded scope for data loss if large documents contain unclassified sensitive information.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions.
2. Educate users on responsible AI use, emphasizing not to feed sensitive unclassified data to Copilot.
3. Implement sensitivity labels for all documents, ensuring Copilot respects these classifications.
4. Monitor Microsoft 365 audit logs for unusual Copilot activity involving large documents.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps