SharePoint: Text Editor Copilot 'Refine' update

🚨 The Signal: SharePoint Copilot's text editor now offers enhanced content refinement, including continued writing and grounding document integration. This increases the risk of sensitive data exposure if not properly governed.

The Impact

All users interacting with SharePoint Copilot are affected, increasing the risk of inadvertent sensitive information disclosure.

• End users: Risk of oversharing sensitive data via Copilot's new 'grounding document' feature.
• Security teams: Increased challenge in monitoring and preventing data leakage through AI-assisted content generation.
• Compliance officers: New considerations for data residency and classification with AI-generated content.
• Admins: Need to review and enforce data loss prevention (DLP) policies for Copilot interactions.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to specifically include Copilot interactions within SharePoint.
2. Configure Microsoft Purview Information Protection (MIP) sensitivity labels for documents used as 'grounding documents' to ensure proper classification.
3. Educate users on responsible AI usage, emphasizing not to input sensitive data into Copilot prompts or grounding documents without proper classification.
4. Monitor Microsoft Purview Audit logs for Copilot activities, focusing on content creation and modification events.
5. Implement Adaptive Protection in Microsoft Purview to dynamically adjust access based on risk signals from Copilot interactions.

Domain: Agentic-AI · Impact: high · Workload: SharePoint