Microsoft Copilot (Microsoft 365): See a summary from Copilot of the latest changes and comments in the Word, Excel, and PowerPoint backstage view.

🚨 The Signal: Copilot can now summarise document changes and comments in Word, Excel, and PowerPoint backstage view before opening. This increases data exposure risk by making sensitive information more readily accessible without full document access controls.

The Impact

All users are affected, increasing the risk of sensitive information exposure through Copilot summaries.

• End Users: Risk of unintended disclosure of sensitive information via Copilot summaries.
• Security Teams: Increased surface area for data leakage, requiring enhanced monitoring and data loss prevention (DLP) strategies.
• Admins: Need to review and potentially adjust data access policies and Copilot governance settings to mitigate new exposure points.

The Action

1. Review existing Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions via Microsoft Purview compliance portal (compliance.microsoft.com).
2. Assess Copilot data access permissions and ensure they align with the principle of least privilege for document summaries.
3. Educate users on the potential for sensitive information to appear in Copilot summaries and the importance of appropriate document classification.
4. Monitor Microsoft 365 audit logs for unusual Copilot activity related to document summaries.
5. Consider implementing sensitivity labels on documents to restrict Copilot's ability to summarise highly sensitive content without explicit authorisation.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps