Microsoft 365: AI workflows in Teams Workflows app & SharePoint document libraries

🚨 The Signal: New AI workflow capabilities in Teams and SharePoint allow users to build custom AI-powered automation. This introduces new avenues for data processing and potential exfiltration if not properly governed, requiring immediate admin review.

The Impact

Admins and Security Teams are affected by the new AI workflow capabilities, posing a risk of uncontrolled data access and processing.

• Admins: Must review and configure new AI workflow settings to prevent data leakage.
• Security Teams: Need to assess and monitor AI workflow activities for compliance and security risks.
• End Users: Gain powerful automation tools, but could inadvertently expose sensitive data.
• Compliance Officers: Must ensure AI workflows align with data handling policies and regulations.

The Action

1. Review Microsoft 365 admin center settings for Teams and SharePoint Workflows app.
2. Define and implement data loss prevention (DLP) policies for AI-driven workflows.
3. Establish clear guidelines for users on appropriate data use within AI workflows.
4. Monitor audit logs for unusual activity related to AI workflow execution.
5. Conduct a privacy impact assessment for AI workflow data processing.

Domain: Agentic-AI · Impact: high · Workload: Teams