Microsoft Copilot (Microsoft 365): Reference up to 5 files when creating a presentation with Copilot for PowerPoint

🚨 The Signal: Copilot for PowerPoint can now reference up to five files for presentation creation. This increases the potential for sensitive data exposure if users reference unapproved or over-privileged documents, impacting data governance and compliance.

The Impact

All users leveraging Copilot for PowerPoint are affected, increasing the risk of inadvertent sensitive data exposure.

• End users: Increased risk of accidentally including sensitive data from multiple files in presentations.
• Security teams: Greater challenge in monitoring and preventing data leakage via Copilot-generated content.
• Data owners: Potential for their sensitive information to be inadvertently shared or summarised.
• Compliance officers: Increased difficulty in demonstrating adherence to data handling regulations.

The Action

1. Review and reinforce existing Microsoft Purview Data Loss Prevention (DLP) policies for PowerPoint and Copilot interactions.
2. Educate users on responsible data handling and the implications of referencing multiple files with Copilot, emphasising data classification.
3. Implement or refine sensitivity labels in Microsoft Purview to automatically protect sensitive content referenced by Copilot.
4. Monitor Microsoft Purview Audit logs for Copilot activities involving sensitive files to identify potential misuse or exposure.
5. Consider implementing Microsoft Purview Communication Compliance policies to detect and prevent inappropriate sharing of Copilot-generated content.

Domain: Purview · Impact: high · Workload: Microsoft Purview