Microsoft Teams: Copilot summary for transferred calls

🚨 The Signal: Copilot in Teams can now summarise transferred calls, providing context to the new recipient. This introduces new data exposure vectors for sensitive call content if not properly governed.

The Impact

All users of Teams Copilot are affected, with a risk of sensitive call data being summarised and potentially exposed if not managed.

• End Users: Risk of sensitive information being summarised and shared without explicit consent.
• Security Teams: New data governance challenges for AI-generated content from calls.
• Admins: Need to review and potentially update data loss prevention (DLP) policies for Copilot interactions.
• Compliance Teams: Requires assessment against existing data handling and privacy policies.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot interactions and Teams call data.
2. Educate users on the implications of Copilot summarisation for sensitive conversations and data handling best practices.
3. Monitor Copilot usage logs for unusual activity or potential data oversharing.
4. Assess existing information classification schemes to ensure they account for AI-generated summaries of sensitive data.

Domain: Agentic-AI · Impact: high · Workload: Teams