Microsoft Copilot (Microsoft 365): Reference up to 5 files when creating a presentation with Copilot for PowerPoint

🚨 The Signal: Copilot for PowerPoint can now reference up to five files for presentation creation. This increases the potential for sensitive data exposure if users reference inappropriate files, impacting data governance and compliance.

The Impact

All users leveraging Copilot for PowerPoint are affected, increasing the risk of inadvertent sensitive data exposure.

• End Users: Increased risk of accidentally including sensitive data from multiple files in presentations.
• Security Team: Greater challenge in monitoring and preventing data exfiltration via Copilot-generated content.
• Data Owners: Potential for their sensitive information to be used inappropriately if not properly classified and protected.
• Compliance Officers: Increased difficulty in demonstrating adherence to data handling policies and regulatory requirements.

The Action

1. Review and reinforce existing Microsoft Purview Data Loss Prevention (DLP) policies for PowerPoint and SharePoint/OneDrive.
2. Educate users on responsible AI usage, specifically regarding referencing files with Copilot and handling sensitive information.
3. Implement or refine sensitivity labels in Microsoft Purview for documents likely to be used with Copilot.
4. Monitor Copilot usage logs for unusual activity or high volumes of sensitive data processing.
5. Review Microsoft 365 audit logs for Copilot activities and file access patterns.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps