Microsoft Copilot (Microsoft 365): Copilot surfaces key statistics in the top of a document

🚨 The Signal: Copilot in Word now automatically summarises key document statistics. This increases the risk of sensitive data exposure if documents are shared or accessed inappropriately, as summaries highlight critical information.

The Impact

All users interacting with Copilot in Word are affected, increasing the risk of inadvertent sensitive data exposure.

• End-users: Risk of oversharing sensitive document statistics.
• Security Teams: Increased data exfiltration risk from summarised content.
• Compliance Teams: Potential non-compliance with data handling policies.
• Data Owners: Reduced control over sensitive information visibility.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies in Microsoft Purview to specifically identify and restrict sharing of documents containing sensitive statistics.
2. Implement or refine sensitivity labels in Microsoft Purview for documents containing sensitive data, ensuring automatic encryption or access restrictions.
3. Educate users on the risks of Copilot's automatic summaries and the importance of verifying document sensitivity before sharing.
4. Monitor Microsoft Purview audit logs for unusual sharing activities involving documents with Copilot summaries.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps