Microsoft Copilot (Microsoft 365): Sharing with Copilot summary - Now supporting PowerPoint, Excel, PDFs, Images, and protected files

🚨 The Signal: Copilot can now summarise PowerPoint, Excel, PDF, image, and protected files when sharing. This expands data summarisation capabilities, increasing the risk of sensitive information exposure if not properly governed.

The Impact

All users are affected, increasing the risk of inadvertent exposure of sensitive data through Copilot summaries.

• End Users: Increased risk of oversharing sensitive data via summaries.
• Security Teams: New vector for data leakage requires monitoring and policy enforcement.
• Data Owners: Need to re-evaluate sensitivity labels and sharing policies for new file types.
• Compliance Officers: Potential for non-compliance if sensitive data is summarised and shared inappropriately.

The Action

1. Review and reinforce Microsoft Purview Data Loss Prevention (DLP) policies to detect and prevent oversharing of Copilot summaries.
2. Audit existing sensitivity labels in Microsoft Purview Information Protection (MIP) for PowerPoint, Excel, and PDF files to ensure appropriate auto-labeling and protection.
3. Educate users on the responsible use of Copilot summaries, emphasising the potential for sensitive data exposure even in summaries.
4. Monitor Microsoft Purview Audit logs for sharing activities involving Copilot summaries of sensitive files.
5. Consider implementing or refining Adaptive Protection policies in Microsoft Purview to dynamically adjust access based on risk.

Domain: Purview · Impact: high · Workload: Microsoft Purview