Microsoft Copilot (Microsoft 365): Copilot can now answer questions about opened Copilot Pages in chat

🚨 The Signal: Copilot can now answer questions about content on open Copilot Pages directly within Copilot Chat. This increases the risk of sensitive information exposure if users open pages with unclassified or unprotected data.

The Impact

All users are affected, increasing the risk of sensitive data exposure through Copilot's enhanced content summarisation.

• End users: Increased risk of inadvertently sharing sensitive data via Copilot chat.
• Security teams: Greater challenge in monitoring and preventing data exfiltration.
• Data owners: Potential for unauthorised access to information if pages are not properly secured.
• Compliance officers: Difficulty in demonstrating adherence to data handling policies.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions.
2. Educate users on responsible AI use and the risks of sharing sensitive information with Copilot.
3. Implement sensitivity labels and data classification for all documents accessed via Copilot Pages.
4. Monitor Copilot usage logs for unusual data access patterns or sensitive information sharing.
5. Regularly audit permissions on SharePoint sites and OneDrive folders where Copilot Pages are sourced.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps