Outlook: Summarize email attachments with Copilot in classic Outlook for Windows

🚨 The Signal: Copilot in classic Outlook for Windows can now summarize PDF, Word, and PowerPoint email attachments. This increases the risk of sensitive information exposure through AI summarization and data leakage.

The Impact

All users with Copilot are affected, increasing the risk of sensitive data exposure and potential data loss through AI summarization.

• End users: Risk of inadvertently exposing sensitive data via Copilot summaries.
• Security team: Increased surface area for data leakage and compliance violations.
• Data owners: Potential for unauthorised disclosure of classified information.
• Compliance officers: New challenges in attesting to data handling policies.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies to specifically address Copilot interactions with attachments.
2. Implement or refine sensitivity labels for documents and emails to ensure proper handling by Copilot.
3. Educate users on the risks of summarising sensitive attachments with Copilot and the importance of data classification.
4. Monitor Microsoft Purview audit logs for Copilot activities involving sensitive attachments.
5. Evaluate and configure Copilot data residency and interaction settings in the Microsoft 365 admin center.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps