Microsoft Edge: v.145 - Add “Summarize” and “Explain” Copilot actions in PDF reader

🚨 The Signal: Edge PDF reader gains 'Summarize' and 'Explain' Copilot actions, allowing AI processing of PDF content. This expands data exposure risks to Copilot services for sensitive information within PDFs.

The Impact

All users are affected, increasing the risk of inadvertent exposure of sensitive PDF content to Copilot services.

• End users: Risk of unintentionally processing sensitive data with Copilot.
• Security teams: Need to review data loss prevention policies for Copilot interactions.
• Compliance teams: Must assess data residency and privacy implications of AI processing PDF content.

The Action

1. Review existing Microsoft Edge policies for Copilot integration, specifically 'AllowCopilot' and 'CopilotDataLossPrevention' settings.
2. Educate users on the implications of using Copilot's 'Summarize' and 'Explain' features with sensitive or classified PDF content.
3. Assess Microsoft Purview Data Loss Prevention (DLP) policies to ensure they adequately cover data shared with Copilot services from Edge.
4. Consult ASD ISM controls related to AI usage and data processing to ensure compliance with new Copilot capabilities.
5. Verify data residency requirements for Copilot services processing PDF content, especially for classified information.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860