Outlook: Account Switcher for Copilot Tab

🚨 The Signal: Outlook's Copilot tab now supports account switching, allowing users to access Copilot across multiple configured accounts. This increases the risk of data commingling and accidental information disclosure across organisational boundaries.

The Impact

Users with multiple accounts are affected, increasing the risk of accidental data exposure or prompt injection across organisational boundaries.

• End users: Increased risk of inadvertently sharing sensitive data across different organisational contexts via Copilot.
• Security teams: New challenge in monitoring and preventing data leakage between personal and corporate accounts.
• Compliance teams: Potential for non-compliance with data segregation policies due to easier cross-account access.
• Administrators: Need to reinforce data handling policies and user education on Copilot usage.

The Action

1. Review and reinforce existing data loss prevention (DLP) policies for Copilot interactions.
2. Educate users on the risks of account switching within Copilot and the importance of context awareness.
3. Monitor Microsoft Purview audit logs for unusual Copilot activity across multiple accounts.
4. Consider conditional access policies to restrict Copilot access based on device compliance or network location for specific accounts.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps