Microsoft Copilot (Microsoft 365): Use Copilot to rephrase text as desired through custom prompt in PowerPoint

🚨 The Signal: Copilot in PowerPoint now allows users to rephrase text using natural language prompts. This expands AI-driven content generation, increasing potential for data exposure and the need for robust data governance policies.

The Impact

All users are affected, with a security risk related to inadvertent data exposure and the generation of sensitive content.

• End-users: Risk of unintentionally exposing sensitive data through prompts or generated content.
• Security Teams: Increased need to monitor Copilot usage and refine DLP policies.
• Data Owners: Potential for sensitive information to be processed or rephrased by Copilot without explicit consent.
• Compliance Teams: New considerations for data residency and privacy with AI-generated content.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot activities and sensitive information types.
2. Implement or refine Microsoft Purview Communication Compliance policies to detect inappropriate use of Copilot for content generation.
3. Educate users on responsible AI usage, data handling, and the risks of inputting sensitive information into Copilot prompts.
4. Monitor Copilot usage reports in the Microsoft 365 admin center for unusual activity or policy violations.
5. Evaluate Microsoft Entra Conditional Access policies to restrict Copilot access based on device compliance or network location for sensitive data.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps