Microsoft Copilot (Microsoft 365): Microsoft 365 Copilot app for GCC-M environments

🚨 The Signal: Microsoft 365 Copilot app is now available in GCC-M, replacing the existing Microsoft 365 app. This unifies access to Copilot features, centralising AI interactions and potentially increasing data exposure points.

The Impact

All GCC-M users are affected, with a moderate security risk due to increased AI interaction surfaces and potential for data leakage if not properly governed.

• End users: New interface for AI interactions, potential for accidental data exposure.
• Security Team: Requires review of data loss prevention (DLP) policies for Copilot interactions.
• Admins: Need to understand new Copilot app capabilities and user access controls.
• Compliance Officers: Must assess Copilot's data handling against regulatory requirements.

The Action

1. Review existing Microsoft Purview DLP policies for Copilot integration points.
2. Educate users on responsible AI usage and data handling within the new Copilot app.
3. Verify Copilot access controls in Microsoft Entra ID for GCC-M users.
4. Consult Microsoft's guidance on data residency and privacy for Copilot in GCC-M.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps