Microsoft Copilot (Microsoft 365): Copilot surfaces key statistics in the top of a document

🚨 The Signal: Copilot in Word now automatically generates key document statistics at the top of documents. This feature could expose sensitive data if not properly governed, increasing the risk of information oversharing.

The Impact

All users interacting with Copilot in Word are affected, increasing the risk of sensitive information exposure through automated summaries.

• End-users: Risk of inadvertently sharing sensitive document statistics.
• Security Teams: Increased surface area for data leakage and compliance violations.
• Data Owners: Potential for unauthorised disclosure of classified information.
• Compliance Officers: New challenges in maintaining data governance and audit trails.

The Action

1. Review and update data loss prevention (DLP) policies in Microsoft Purview to specifically address Copilot-generated content and summaries.
2. Implement sensitivity labels for documents containing sensitive information to prevent Copilot from summarising restricted data.
3. Educate users on the risks of Copilot's automatic summarisation and the importance of verifying content before sharing.
4. Monitor Microsoft Purview audit logs for Copilot activities, especially around document access and sharing events.
5. Consider conditional access policies to restrict Copilot access for highly sensitive documents or user groups.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps