Microsoft Copilot (Microsoft 365): Use ContextIQ file suggestions in Copilot Chat

🚨 The Signal: Copilot Chat now suggests files from ContextIQ when users type '/'. This expands the data Copilot can access, increasing the risk of inadvertent information disclosure if not properly governed.

The Impact

All users are affected, increasing the risk of sensitive data exposure through Copilot Chat.

• End-users: Increased risk of accidentally sharing sensitive files with Copilot.
• Security Teams: New vector for data exfiltration or oversharing via AI interactions.
• Compliance Teams: Potential for non-compliance with data handling policies.
• Data Owners: Reduced control over how their data is referenced by AI.

The Action

1. Review and reinforce existing Microsoft Purview Data Loss Prevention (DLP) policies for Copilot.
2. Educate users on responsible data sharing practices within Copilot Chat.
3. Monitor Copilot usage logs for unusual file access patterns or sensitive data interactions.
4. Evaluate Microsoft 365 Copilot settings for data access and sharing configurations.

Domain: Agentic-AI · Impact: high · Workload: Microsoft Purview