Microsoft Copilot (Microsoft 365): Configurate format, style, and duration of Audio Overviews in Copilot Notebooks

🚨 The Signal: Copilot Notebooks now allow users to customise audio overview format, style, and duration. This introduces new vectors for information exfiltration or social engineering via generated audio content, increasing risk if not governed.

The Impact

All users are affected, with a new risk of sensitive information being generated and potentially exfiltrated via customisable audio formats.

• End users: Risk of inadvertently generating and sharing sensitive information in audio.
• Security teams: Increased surface area for data exfiltration and content governance challenges.
• Compliance teams: New audit and monitoring requirements for AI-generated audio content.
• Administrators: Need to review and update DLP policies for audio content.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include audio content types and Copilot Notebooks.
2. Educate users on the risks of generating and sharing sensitive information via Copilot's audio overview feature.
3. Monitor Copilot usage logs for unusual patterns related to audio overview generation and sharing.
4. Assess existing information handling policies for applicability to AI-generated audio content.
5. Consider implementing sensitivity labels for Copilot Notebooks that restrict audio overview generation for highly sensitive data.

Domain: Agentic-AI · Impact: high · Workload: Other