Microsoft Copilot (Microsoft 365): Create a presentation with Copilot from the PowerPoint backstage view

🚨 The Signal: Copilot in PowerPoint now allows presentation creation directly from the backstage view. This expands the attack surface for data exfiltration and prompt injection, increasing risk of sensitive information exposure.

The Impact

All Copilot users are affected, increasing the risk of sensitive data exposure through expanded Copilot access points.

• End users: Increased risk of inadvertently exposing sensitive data via Copilot prompts.
• Security teams: Broader attack surface for prompt injection and data exfiltration.
• Data owners: Higher potential for unauthorized data access or leakage through Copilot interactions.

The Action

1. Review and enforce Microsoft Purview DLP policies for Copilot interactions to prevent sensitive data leakage.
2. Audit Copilot usage logs in Microsoft 365 Audit Log for unusual activity or data access patterns.
3. Educate users on secure prompting practices and the risks of inputting sensitive data into Copilot.
4. Configure Copilot access controls in Microsoft 365 admin center to limit who can use Copilot features.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps