Microsoft Copilot (Microsoft 365): Create Copilot Pages on your mobile phone

🚨 The Signal: Users can now create Copilot Pages from their mobile phones. This expands the attack surface for sensitive data exposure and unapproved information sharing via AI-generated content on mobile devices.

The Impact

All users are affected, increasing the risk of sensitive data exposure and uncontrolled AI-generated content proliferation.

• End users: Increased risk of inadvertently sharing sensitive AI-generated content.
• Security teams: New mobile vector for data loss prevention and content governance.
• Compliance officers: Greater challenge in auditing and ensuring data handling policies.
• Administrators: Need to review and extend existing Copilot data governance policies to mobile.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot Pages and mobile access.
2. Verify Microsoft Entra Conditional Access policies for mobile devices accessing Copilot services.
3. Communicate updated acceptable use policies for AI-generated content to all users, emphasizing mobile considerations.
4. Monitor Microsoft Purview audit logs for Copilot Page creation and sharing activities on mobile devices.

Domain: Agentic-AI · Impact: high · Workload: Other