Microsoft Copilot (Microsoft 365): Create Copilot Pages from Copilot Chat on your mobile phone

🚨 The Signal: Copilot Pages can now be created and shared from mobile devices, enabling continued AI-assisted content generation on the go. This expands the attack surface for sensitive data exposure via AI-generated content.

The Impact

All users are affected, increasing the risk of sensitive data exposure through mobile-generated AI content.

• End users: Increased risk of inadvertently sharing sensitive data via mobile Copilot Pages.
• Security teams: New vector for data exfiltration and compliance violations from mobile AI content.
• Administrators: Need to ensure existing data loss prevention policies extend to mobile Copilot Page creation.
• Compliance officers: Potential for non-compliance if sensitive data is processed or stored inappropriately on mobile.

The Action

1. Review existing Microsoft Purview Data Loss Prevention (DLP) policies to ensure they cover Copilot Pages and mobile access.
2. Verify Microsoft Entra Conditional Access policies are applied to Copilot services for mobile devices.
3. Educate users on responsible AI usage and data handling when creating Copilot Pages on mobile.
4. Monitor Copilot usage logs for unusual activity or excessive sharing of sensitive information.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps