Microsoft Copilot (Microsoft 365): Catch up on a summary of document comments in the top of your document

🚨 The Signal: Copilot will summarise document comments, providing quick overviews of discussions. This enhances information access but increases the risk of sensitive data exposure if comments contain unapproved information.

The Impact

All users interacting with Copilot-summarised documents are affected, increasing the risk of inadvertent sensitive information exposure.

• End users: Risk of over-reliance on summaries that may inadvertently expose sensitive data.
• Security teams: Increased surface area for data leakage through summarised comments.
• Data owners: Potential for sensitive information in comments to be more easily consumed and shared.
• Compliance officers: New challenge in ensuring data classification and handling policies are adhered to within summaries.

The Action

1. Review and reinforce existing data classification and handling policies for document comments.
2. Educate users on the risks of including sensitive information in document comments, even if 'hidden'.
3. Monitor Copilot usage and data access patterns for unusual activity related to document summaries.
4. Evaluate Microsoft Purview Data Loss Prevention (DLP) policies for applicability to Copilot-generated summaries.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps