Microsoft Copilot (Microsoft 365): Reference an Excel file when creating a presentation with Copilot for PowerPoint

🚨 The Signal: Copilot in PowerPoint can now create presentations directly from Excel data. This increases the risk of sensitive data exposure if users reference unapproved or improperly secured spreadsheets, bypassing traditional data governance controls.

The Impact

All users are affected, increasing the risk of sensitive data exposure and potential compliance breaches.

• End-users: Increased risk of inadvertently sharing sensitive data via Copilot-generated presentations.
• Security Teams: New vector for data exfiltration and compliance violations requiring updated monitoring.
• Data Owners: Potential for uncontrolled dissemination of sensitive Excel data.
• Compliance Officers: Challenges in demonstrating adherence to data handling policies.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies in Microsoft Purview to include Copilot interactions with Excel and PowerPoint.
2. Implement or refine sensitivity labels for Excel files containing sensitive data, ensuring automatic encryption and access controls.
3. Educate users on responsible data handling when using Copilot, emphasizing the risks of referencing sensitive or unapproved Excel files.
4. Monitor Microsoft Purview audit logs for Copilot activities involving Excel and PowerPoint to detect unusual data flows.
5. Assess current information architecture for Excel files to ensure sensitive data is stored in appropriately secured locations with restricted access.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps