Microsoft Copilot (Microsoft 365): Use Copilot to rephrase text as desired through custom prompt in PowerPoint

🚨 The Signal: Copilot in PowerPoint now allows users to rephrase text using natural language prompts. This expands AI-driven content generation, increasing potential for data leakage and the need for robust data governance and prompt engineering policies.

The Impact

All users are affected, increasing the risk of inadvertent sensitive data exposure through AI prompts.

• End users: Risk of exposing sensitive data in prompts.
• Security Team: Increased surface area for data leakage and prompt injection.
• Compliance Officers: New data handling scenarios require policy updates.
• Admins: Need to monitor Copilot usage and data flows.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot interactions and sensitive information types.
2. Implement and communicate clear organizational policies on acceptable use of Copilot, especially regarding sensitive or classified information.
3. Educate users on secure prompting techniques and the risks of inputting sensitive data into AI models.
4. Monitor Copilot usage reports in Microsoft 365 Admin Center for unusual activity or high-risk interactions.
5. Configure Microsoft Entra Conditional Access policies to restrict Copilot access based on device compliance or network location for high-risk users/data.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps