Microsoft Copilot (Microsoft 365): Catch up on a summary of document comments in the top of your document

🚨 The Signal: Copilot will summarise document comments, potentially exposing sensitive discussion points to users with document access. This changes how information within comments is surfaced and consumed.

The Impact

All users with Copilot and document access are affected, increasing the risk of unintended disclosure of sensitive information within document comments.

• End users: May inadvertently access summarised sensitive discussions.
• Security teams: Need to reassess data loss prevention (DLP) policies for comments.
• Compliance officers: Must ensure comment content aligns with data handling policies.
• Data owners: Risk of sensitive information in comments being more easily consumed.

The Action

1. Review existing Microsoft Purview DLP policies for documents and comments.
2. Educate users on appropriate content for document comments, especially sensitive data.
3. Assess document classification and labelling policies for content within comments.
4. Monitor Copilot usage logs for unusual access patterns to document summaries.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps