Microsoft Copilot (Microsoft 365): Reference an Excel file when creating a presentation with Copilot for PowerPoint

🚨 The Signal: Copilot in PowerPoint can now create presentations directly from Excel data. This increases the risk of sensitive data exposure if users reference unapproved or unprotected Excel files, potentially bypassing existing data loss prevention controls.

The Impact

All users with Copilot access are affected, increasing the risk of sensitive data exposure through AI-generated content.

• End-users: Increased risk of inadvertently exposing sensitive data by referencing unclassified Excel files.
• Security Team: New vector for data exfiltration or accidental sharing via Copilot-generated content.
• Compliance Officers: Challenges in auditing and ensuring sensitive data remains within defined boundaries.
• Data Owners: Potential for their data to be used in ways not intended or approved, increasing data governance complexity.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Excel and PowerPoint to detect and block sensitive information.
2. Implement Microsoft Purview Information Protection (MIP) sensitivity labels on Excel files containing sensitive data to ensure automatic protection and access controls.
3. Educate users on responsible AI use, emphasizing not to reference unclassified or sensitive Excel files with Copilot.
4. Monitor Microsoft Purview Audit logs for Copilot activities involving sensitive data references.
5. Review Copilot for Microsoft 365 settings in the Microsoft 365 admin center to understand data interaction capabilities.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps