Microsoft Copilot (Microsoft 365): Say "Hey Copilot" to activate voice conversations with the Microsoft 365 Copilot app on Windows

🚨 The Signal: Microsoft 365 Copilot on Windows now supports 'Hey Copilot' voice activation. This feature enables hands-free interaction, potentially increasing data exposure vectors through ambient listening and unauthenticated access if not properly governed.

The Impact

All users are affected, with a moderate security risk due to potential for unintended data capture and unauthorized access via voice.

• End users: Risk of unintended data capture from ambient conversations.
• Security teams: New vector for data exfiltration and privacy concerns.
• Admins: Requires review of device and Copilot privacy settings.
• Compliance officers: Potential for non-compliance with data handling policies.

The Action

1. Review Microsoft 365 Copilot privacy settings for voice input.
2. Educate users on 'Hey Copilot' functionality and privacy implications.
3. Implement Intune device configuration profiles to manage microphone access.
4. Monitor audit logs for Copilot interactions and data access patterns.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps