Microsoft Copilot (Microsoft 365): Document snapshot in Word personalizes output

🚨 The Signal: Copilot in Word now uses a 'document snapshot' to personalize output based on user context. This increases the risk of sensitive information exposure if not properly governed, as Copilot can now more effectively surface data from a user's broader M365 context.

The Impact

All users are affected, with an increased risk of inadvertent sensitive data exposure through Copilot's enhanced contextual understanding.

• End-users: Risk of oversharing sensitive data via Copilot's enhanced context.
• Security Teams: Increased complexity in monitoring data access and usage by Copilot.
• Data Owners: Potential for sensitive information to be surfaced more broadly than intended.
• Compliance Teams: New challenges in demonstrating adherence to data handling policies.

The Action

1. Review and reinforce Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions.
2. Educate users on responsible Copilot usage and the potential for sensitive data exposure.
3. Monitor Copilot activity logs for unusual data access patterns or sensitive information surfacing.
4. Evaluate existing sensitivity labels and ensure proper classification of documents used by Copilot.
5. Consider implementing Copilot access controls based on sensitivity of data accessed.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps