Microsoft Copilot (Microsoft 365): Researcher available in Copilot Notebooks

🚨 The Signal: Copilot Notebooks now integrate a 'Researcher' feature, allowing multi-step research across enterprise data using an OpenAI model. This expands Copilot's data access and reasoning capabilities within the M365 ecosystem.

The Impact

All users with Copilot access are affected, increasing the risk of sensitive data exposure and intellectual property leakage through advanced AI reasoning.

• End users: Increased risk of inadvertently exposing sensitive data through complex AI queries.
• Security teams: New challenge in monitoring and preventing data exfiltration via advanced AI agents.
• Data owners: Potential for intellectual property to be surfaced and misused by the AI or users.
• Compliance teams: Difficulty in demonstrating adherence to data handling and privacy regulations.

The Action

1. Review and refine Microsoft Purview Data Loss Prevention (DLP) policies to specifically address Copilot interactions and data egress.
2. Implement or update Microsoft Purview Communication Compliance policies to monitor Copilot Notebook content for sensitive information.
3. Educate users on responsible AI use, data handling, and the risks associated with advanced Copilot features.
4. Monitor Microsoft 365 audit logs for unusual Copilot activity or large data access patterns.
5. Evaluate and adjust Copilot access controls and data permissions to limit exposure of highly sensitive datasets.

Domain: Agentic-AI · Impact: high · Workload: Other