Microsoft Copilot (Microsoft 365): Enhanced personalization with memory in Copilot

🚨 The Signal: Microsoft 365 Copilot will now retain memory of past conversations to improve response relevance. This enhances personalization but introduces new considerations for data privacy and information governance within AI interactions.

The Impact

All Copilot users are affected, with a moderate risk of unintended information disclosure if memory is not managed.

• End Users: Risk of Copilot recalling sensitive information from past chats.
• Security Teams: Need to understand how Copilot memory impacts data loss prevention policies.
• Governance Teams: Requires review of data retention and privacy policies for AI interactions.
• Compliance Teams: Potential for non-compliance with data handling regulations if not managed.

The Action

1. Review Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions: https://compliance.microsoft.com/datalossprevention
2. Educate users on the implications of Copilot's memory feature and best practices for sensitive information.
3. Assess existing information governance policies against Copilot's new memory capabilities.
4. Monitor Copilot usage and data interactions for potential policy violations via Purview Audit logs: https://compliance.microsoft.com/auditlogsearch

Domain: Agentic-AI · Impact: medium · Workload: Other