Microsoft Copilot (Microsoft 365): Copilot uses enterprise assets hosted on SharePoint OAL or Templafy when creating a slide

🚨 The Signal: Copilot can now use images from SharePoint Organization Asset Libraries or Templafy to create slides. This expands Copilot's access to internal visual assets, increasing the risk of sensitive image exposure if not properly governed.

The Impact

Security teams and content owners are affected, facing increased risk of sensitive image exposure through Copilot if asset libraries are not properly secured.

• Security teams: Risk of sensitive image exposure if OALs contain unapproved content.
• Content owners: Need to ensure only approved, non-sensitive images are in OALs.
• Compliance teams: New data handling considerations for Copilot's use of internal assets.

The Action

1. Review existing SharePoint Organization Asset Libraries (OALs) for sensitive or unapproved images.
2. Establish clear policies for content inclusion in OALs, focusing on public-facing or non-sensitive assets.
3. Implement access controls and permissions on OALs to restrict who can upload and manage content.
4. Educate content owners on the implications of Copilot accessing OAL content and best practices for asset management.

Domain: Agentic-AI · Impact: medium · Workload: Other