Microsoft Copilot (Microsoft 365): Audio Overview customization in Copilot Notebooks

🚨 The Signal: Copilot Notebooks now allow users to guide Audio Overview content with natural language. This increases the risk of sensitive data exposure through AI-generated summaries if not properly governed.

The Impact

All users interacting with Copilot Notebooks are affected, increasing the risk of inadvertent sensitive information disclosure via audio summaries.

• End users: Risk of accidentally including sensitive data in shareable audio summaries.
• Security teams: Increased surface area for data loss prevention (DLP) monitoring and incident response.
• Compliance officers: New challenge in ensuring sensitive data is not summarized and shared inappropriately.
• Data owners: Potential for unauthorized summarization and dissemination of proprietary information.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot Notebooks and audio content.
2. Implement or refine sensitivity labels for documents used in Copilot Notebooks to prevent summarization of highly sensitive data.
3. Educate users on the risks of summarizing sensitive information and best practices for using Copilot Notebooks.
4. Monitor Copilot usage logs for unusual activity related to content summarization and sharing.
5. Establish clear organizational policies for the use of AI-generated summaries, especially for sensitive data.

Domain: Agentic-AI · Impact: high · Workload: Other