Outlook: Prepare for your meeting on-the-go with Copilot

🚨 The Signal: Copilot on mobile now summarises meeting-related emails, documents, and tasks. This increases data exposure risk on mobile devices and expands the attack surface for sensitive information accessed via AI.

The Impact

Mobile users are affected, increasing the risk of sensitive data exposure and potential prompt injection vulnerabilities.

• Mobile users: Increased risk of sensitive data exposure on personal or unmanaged devices.
• Security teams: New attack surface for prompt injection and data exfiltration via Copilot.
• Compliance officers: Challenges in maintaining data sovereignty and compliance with mobile data access.
• Organisations: Potential for inadvertent disclosure of confidential meeting information.

The Action

1. Review and enforce Microsoft Intune Mobile Application Management (MAM) policies for Outlook mobile.
2. Configure Microsoft Purview Data Loss Prevention (DLP) policies to detect and prevent sensitive information sharing via Copilot outputs.
3. Educate users on responsible use of Copilot on mobile, emphasising data sensitivity and prompt hygiene.
4. Monitor Microsoft 365 audit logs for unusual Copilot activity or data access patterns on mobile devices.
5. Assess and update your organisation's AI governance framework to include mobile Copilot usage.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps