Microsoft Copilot (Microsoft 365): Open Copilot Pages as a Word document

🚨 The Signal: Copilot Pages content can now be exported directly to Word documents. This increases the potential for sensitive information to be copied and stored outside of Copilot's native governance, impacting data loss prevention and information protection policies.

The Impact

All users interacting with Copilot Pages are affected, increasing the risk of sensitive data being copied and stored in less protected environments.

• End-users: Increased risk of inadvertently moving sensitive data from Copilot to less secure Word documents.
• Security Teams: New challenge in enforcing data loss prevention policies across Copilot and Word.
• Compliance Officers: Potential for non-compliance with data handling regulations due to easier data movement.
• Data Owners: Reduced visibility and control over the lifecycle of sensitive information generated by Copilot.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot and Word as data sources/destinations.
2. Assess Microsoft Purview Information Protection (MPIP) sensitivity labels and auto-labeling policies for content generated in Copilot and exported to Word.
3. Educate users on appropriate data handling practices when exporting content from Copilot Pages to Word, emphasizing sensitivity labels.
4. Monitor Microsoft Purview audit logs for unusual data export activities from Copilot to Word documents.

Domain: Purview · Impact: high · Workload: Microsoft Purview