Outlook: Enterprise and Web Grounding for Draft with Copilot

🚨 The Signal: Copilot in Outlook can now access enterprise data to draft emails, providing more relevant content. Users can review data sources, increasing transparency and potentially reducing accidental data exposure.

The Impact

All users are affected, with a moderate risk of inadvertent data disclosure if source review is not diligently performed.

• End Users: Risk of sending emails with sensitive data if sources are not reviewed.
• Security Teams: Need to educate users on reviewing Copilot's data sources.
• Compliance Teams: New considerations for data handling and review in AI-generated content.
• Admins: Need to understand data access patterns for Copilot.

The Action

1. Educate users on the importance of reviewing 'grounding sources' before sending Copilot-drafted emails.
2. Review existing data loss prevention (DLP) policies to ensure they adequately cover AI-generated content.
3. Monitor Copilot usage and data access patterns through Microsoft Purview audit logs.
4. Communicate best practices for using Copilot with enterprise data to all staff.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps