Microsoft Copilot (Microsoft 365): Catchup on important emails in Copilot Chat

🚨 The Signal: Copilot Chat now summarises important emails, including those from key personnel or containing tasks. This enhances information access but increases the risk of sensitive data exposure via AI summarisation.

The Impact

All users are affected, with a moderate security risk of sensitive information being inadvertently exposed or summarised incorrectly.

• End-users: Risk of over-reliance on summaries, missing critical details.
• Security Teams: Increased surface area for data leakage via AI summarisation.
• Compliance Teams: New challenges in auditing and ensuring data privacy.
• Admins: Need to understand data flow and retention for Copilot interactions.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions.
2. Educate users on responsible prompting and the limitations of AI summaries for sensitive data.
3. Monitor Copilot usage logs for unusual data access patterns or summarisation of highly sensitive content.
4. Assess existing information protection labels for applicability to Copilot-generated content and summaries.
5. Consult ASD ISM guidelines for AI system integration and data handling requirements.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps