Microsoft Teams: Copilot Support for 1:1 and Group Calls on Teams Phone Devices

🚨 The Signal: Copilot is now available on Teams Phone devices for 1:1 and group calls, providing AI-driven insights and suggested prompts during conversations. This introduces new data processing vectors and potential for sensitive information exposure via AI summarization.

The Impact

All users on Teams Phone devices are affected, with a moderate security risk due to potential exposure of sensitive call data through Copilot's AI features.

• End Users: Risk of sensitive information being processed by Copilot without explicit consent.
• Security Team: Increased surface area for data leakage and compliance challenges with AI-generated content.
• Admins: Need to review and configure Copilot data handling policies for Teams Phone devices.
• Compliance Officers: New considerations for data retention and privacy of AI-summarized call content.

The Action

1. Review and configure Copilot for Microsoft 365 policies in the Microsoft 365 admin center (admin.microsoft.com) under Settings > Org settings > Microsoft Copilot.
2. Implement or update data loss prevention (DLP) policies in Microsoft Purview to detect and prevent sensitive information sharing in Copilot-generated content.
3. Educate users on the responsible use of Copilot on Teams Phone devices, emphasizing data sensitivity.
4. Review Microsoft Teams call recording and transcription policies to align with Copilot's new capabilities.

Domain: Agentic-AI · Impact: medium · Workload: Teams