Microsoft 365: Use Copilot in your search tab in the Microsoft 365 Copilot mobile app

🚨 The Signal: Copilot is now integrated into the search tab of the Microsoft 365 mobile app, allowing users to query and summarise files on the go. This expands the attack surface for data exfiltration and prompt injection via mobile devices.

The Impact

All mobile users are affected, increasing the risk of sensitive data exposure and prompt injection attacks via mobile devices.

• Mobile users: Increased risk of accidental data exposure through Copilot summaries.
• Security teams: New vector for prompt injection attacks targeting mobile Copilot.
• Compliance officers: Challenges in maintaining data residency and access controls on mobile.
• Administrators: Need to review and enforce mobile device data protection policies.

The Action

1. Review and enforce Microsoft Intune Mobile Application Management (MAM) policies for Microsoft 365 apps.
2. Configure Microsoft Purview Data Loss Prevention (DLP) policies to restrict sensitive data sharing from mobile Copilot.
3. Educate users on responsible use of Copilot on mobile, including data sensitivity and prompt engineering best practices.
4. Monitor Microsoft Defender for Cloud Apps for unusual data access patterns originating from mobile devices.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps