Microsoft Copilot (Microsoft 365): Reference an Excel file when creating a presentation with Copilot for PowerPoint

🚨 The Signal: Copilot in PowerPoint can now create presentations directly from Excel data. This increases the risk of sensitive data exposure if users reference unapproved or unprotected Excel files, impacting data governance and compliance.

The Impact

All users are affected, increasing the risk of sensitive data exposure and potential compliance breaches.

• End Users: Risk of inadvertently sharing sensitive Excel data via presentations.
• Security Teams: Increased surface area for data loss prevention (DLP) monitoring.
• Compliance Teams: New vectors for non-compliance with data handling policies.
• Data Owners: Potential for unauthorized use of their data in presentations.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to include PowerPoint and Excel content, focusing on sensitive information types.
2. Implement or reinforce sensitivity labels for Excel files containing sensitive data, ensuring they are automatically applied and restrict sharing.
3. Educate users on responsible Copilot use, emphasizing not to reference sensitive or unapproved Excel files for presentation generation.
4. Monitor Microsoft Purview Audit logs for Copilot activities involving Excel and PowerPoint to identify potential policy violations.
5. Review Microsoft 365 tenant-wide Copilot data governance settings to ensure appropriate data handling and access controls are enforced.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps