Microsoft Copilot (Microsoft 365): Copilot Chat Tools Control

🚨 The Signal: Copilot Chat now includes 'Tools' for direct access to task-specific features from the prompt box. This streamlines user interaction with Copilot's capabilities, potentially increasing data exposure points.

The Impact

All Copilot users are affected, with a moderate risk of increased data exposure and potential for unintended information disclosure if not properly governed.

• End-users: Risk of oversharing data through new Copilot features.
• Security Teams: Need to monitor new Copilot interaction points for data leakage.
• Compliance Teams: Must update data handling policies for Copilot's expanded capabilities.
• Admins: Requires review of Copilot access and data interaction settings.

The Action

1. Review existing Microsoft 365 Copilot data governance policies for 'Tools' feature implications.
2. Educate users on responsible use of Copilot 'Tools' and data sharing best practices.
3. Monitor Microsoft Purview Audit logs for Copilot activities related to 'Tools' usage.
4. Assess Copilot access controls in Microsoft Entra ID to ensure least privilege.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps