Microsoft Copilot (Microsoft 365): Reference People from your enterprise in Copilot in Word

🚨 The Signal: Copilot in Word can now reference internal enterprise people, potentially exposing sensitive HR or organisational data if not properly governed. This expands the data Copilot can access and summarise.

The Impact

All users leveraging Copilot in Word are affected, increasing the risk of inadvertent disclosure of internal personnel information.

• End users: Increased risk of oversharing internal personnel data.
• Security teams: New data exposure vector to monitor and control.
• Data owners: Need to review data access policies for Copilot.
• Compliance teams: Potential for privacy breaches if not managed.

The Action

1. Review Microsoft 365 Copilot data governance policies in Microsoft Purview.
2. Ensure appropriate sensitivity labels are applied to documents containing personnel data.
3. Educate users on responsible use of Copilot when referencing internal individuals.
4. Monitor Copilot usage logs for unusual data access patterns related to personnel information.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps