Microsoft Copilot (Microsoft 365): Access audio overviews from the top of your Word document

🚨 The Signal: Copilot in Word can now generate audio summaries of documents. This introduces a new vector for sensitive information disclosure if not properly governed, as audio files can be easily shared or exfiltrated.

The Impact

All users are affected, with a security risk of sensitive information disclosure through easily shareable audio summaries.

• End Users: Risk of inadvertently creating and sharing audio files containing sensitive data.
• Security Teams: New data exfiltration vector to monitor and control.
• Compliance Teams: Increased complexity in ensuring sensitive data remains within defined boundaries.
• Administrators: Need to review and potentially update DLP policies for audio content.

The Action

1. Review existing Microsoft Purview DLP policies to ensure they cover audio file types and content generated by Copilot.
2. Educate users on the risks associated with generating and sharing audio summaries of sensitive documents.
3. Monitor Microsoft 365 audit logs for unusual sharing activities involving audio files.
4. Consider implementing sensitivity labels that automatically restrict sharing of audio content derived from highly sensitive documents.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps