Microsoft Copilot (Microsoft 365): Continue editing in Outlook from Copilot Chat

🚨 The Signal: Copilot Chat can now draft emails and transfer them to Outlook for review and sending. This streamlines email creation but increases the risk of sensitive information exposure if not properly governed.

The Impact

All users are affected, increasing the risk of inadvertent disclosure of sensitive information via email.

• End-users: Increased risk of sending unreviewed or sensitive content.
• Security Teams: New vector for data exfiltration requires DLP policy review.
• Compliance Teams: Potential for non-compliance with data handling regulations.
• Admins: Need to educate users and review Copilot data sharing policies.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot interactions and Outlook email content.
2. Educate end-users on responsible use of Copilot for drafting emails, emphasizing review before sending.
3. Audit Copilot interaction logs for unusual email drafting patterns or sensitive data handling.
4. Configure Copilot data sharing settings to align with organisational data residency and privacy requirements.
5. Implement sensitivity labels for emails to ensure proper classification and protection of drafted content.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps