Microsoft Copilot (Microsoft 365): Microsoft 365 Copilot Search

🚨 The Signal: Microsoft 365 Copilot now offers AI-powered enterprise search, surfacing relevant work data. This significantly expands the attack surface for information disclosure if data governance and access controls are not rigorously enforced.

The Impact

All users are affected by the increased risk of sensitive data exposure through AI-powered search if permissions are not correctly managed.

• End users: Risk of over-exposure to sensitive data they shouldn't access.
• Security teams: Increased burden to audit and enforce data access policies.
• Data owners: Potential for their sensitive information to be inadvertently shared.
• Compliance officers: Challenges in demonstrating adherence to data privacy regulations.

The Action

1. Review and enforce Microsoft Purview Information Protection policies for sensitive data labelling and encryption.
2. Audit SharePoint Online and OneDrive for Business site permissions and sharing settings, ensuring least privilege.
3. Implement Microsoft Entra access reviews for critical data repositories to validate current access.
4. Educate users on data classification and responsible use of Copilot search, emphasizing 'access does not equal right to know'.
5. Monitor Microsoft 365 audit logs for unusual Copilot search activity or access patterns to sensitive data.

Impact: high · Workload: Microsoft Purview