Microsoft Copilot (Microsoft 365): Intelligent meeting recap can summarize content shared on screen

🚨 The Signal: Copilot meeting recaps now include content shared on screen, capturing visual information previously missed. This expands the scope of sensitive data processed by AI, increasing data leakage risk if not properly governed.

The Impact

All users are affected, increasing the risk of sensitive information from screen shares being inadvertently captured and summarized by AI.

• End Users: Risk of sensitive data from screen shares being included in AI summaries.
• Security Team: Increased surface area for data leakage and compliance challenges with AI processing.
• Compliance Officers: New considerations for data retention and classification policies for AI-generated content.
• Admins: Need to review and potentially update Copilot data governance policies.

The Action

1. Review existing Microsoft Purview Data Loss Prevention (DLP) policies for Copilot to ensure screen-shared content is adequately protected.
2. Communicate to users about the expanded scope of Copilot summaries, advising caution when sharing sensitive information on screen during recorded meetings.
3. Assess and update data retention policies in Microsoft Purview for Copilot-generated content, considering the inclusion of screen-shared data.
4. Verify Copilot data residency settings in the Microsoft 365 admin center to ensure compliance with data sovereignty requirements for all processed data types.
5. Regularly audit Copilot usage and generated content for compliance with internal security and privacy policies.

Domain: Agentic-AI · Impact: high · Workload: Teams