Microsoft Copilot (Microsoft 365): [Copilot Extensibility] [b.2.3] Governance control for agents with file uploaded as knowledge source

🚨 The Signal: Admins can now govern Copilot agents using uploaded files as knowledge sources, enabling filtering and reviewing sensitivity labels and metadata. This enhances data protection and compliance for AI interactions.

The Impact

Security teams and Copilot administrators are affected, reducing the risk of sensitive data exposure via AI agents.

• Security teams: Reduced risk of data exfiltration through AI agents.
• Copilot administrators: New responsibilities for agent data source governance.
• Data owners: Enhanced protection for sensitive information used by AI.
• Compliance officers: Improved auditability of AI agent data access.

The Action

1. Review Copilot agent configurations for knowledge sources.
2. Implement agent filtering policies based on data sensitivity.
3. Establish processes for reviewing sensitivity labels and metadata on uploaded files.
4. Train Copilot administrators on new governance capabilities.
5. Audit agent interactions and data access regularly.

Domain: Agentic-AI · Impact: high · Workload: Microsoft Purview