Microsoft Copilot (Microsoft 365): Reference up to 5 files when creating a presentation with Copilot for PowerPoint

🚨 The Signal: Copilot for PowerPoint can now reference up to five files for presentation creation. This increases the potential for sensitive data exposure if users reference inappropriate documents, requiring enhanced data governance and user education.

The Impact

All users leveraging Copilot for PowerPoint are affected, increasing the risk of inadvertent sensitive data exposure.

• End-users: Increased risk of accidentally including sensitive data from multiple files.
• Security Team: Greater challenge in monitoring and preventing data oversharing.
• Data Owners: Potential for their classified data to be used inappropriately.
• Compliance Officers: Higher risk of non-compliance with data handling regulations.

The Action

1. Review and reinforce Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions.
2. Educate users on responsible data referencing within Copilot, emphasizing data classification and sensitivity.
3. Monitor Copilot usage logs for unusual patterns of document access and generation.
4. Ensure sensitivity labels are consistently applied to documents to guide Copilot's data handling.
5. Implement or refine access controls on sensitive documents to limit Copilot's potential reference pool.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps