Outlook: Create a meeting from an email thread with Copilot

🚨 The Signal: Copilot can now automatically create meeting invitations from email threads, populating details and attendees. This streamlines scheduling but introduces new avenues for information disclosure if not reviewed.

The Impact

All users are affected, with a moderate risk of inadvertent information disclosure if meeting details are not reviewed.

• End Users: Risk of oversharing sensitive email content if Copilot-generated meeting details are not reviewed.
• Security Teams: Need to educate users on reviewing Copilot outputs to prevent accidental data exposure.
• Compliance Teams: Potential for non-compliance if sensitive data from emails is inadvertently included in meeting invites.
• Admins: Must ensure users understand the implications of Copilot's automated content generation.

The Action

1. Educate users on the importance of reviewing all Copilot-generated meeting content before sending.
2. Reinforce existing data handling policies regarding sensitive information in meeting invitations.
3. Monitor Copilot usage and user feedback for patterns of inadvertent information sharing.
4. Review Microsoft Purview DLP policies to ensure they adequately cover meeting invitation content.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps