Outlook: Ability to copy attachments that are not links

🚨 The Signal: Outlook now allows direct copy-pasting of non-linked attachments without saving. This increases the risk of uncontrolled data exfiltration and makes data loss prevention more challenging to enforce.

The Impact

All users are affected, increasing the risk of sensitive data being copied to unmanaged locations.

• End-users: Increased ease of data exfiltration to unmanaged applications.
• Security Teams: New challenge in monitoring and preventing data loss.
• Compliance Officers: Greater difficulty in demonstrating control over sensitive information.
• IT Administrators: Potential for increased helpdesk requests related to data handling.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to account for this new copy/paste vector.
2. Configure Microsoft Purview Endpoint DLP to monitor and block sensitive information copied from Outlook to unmanaged applications.
3. Educate users on appropriate data handling procedures and the risks associated with copying sensitive attachments.
4. Implement or reinforce Conditional Access policies to restrict access to Outlook from unmanaged devices.

Impact: high · Workload: M365 Apps