Microsoft Edge: Ground Microsoft 365 Copilot Chat in Edge for Business in your open OneDrive and SharePoint documents

🚨 The Signal: Copilot Chat in Edge can now access open OneDrive and SharePoint documents to provide contextual answers. This expands Copilot's data access, increasing the risk of inadvertent information disclosure if not properly governed.

The Impact

All users are affected, increasing the risk of sensitive data exposure through AI interactions if access controls are not robust.

• End users: Risk of inadvertently exposing sensitive document content via Copilot chat.
• Security teams: Increased scope for data loss prevention (DLP) and access control monitoring.
• Data owners: Need to re-evaluate document sensitivity and sharing permissions.
• Compliance officers: Potential for non-compliance if sensitive data is processed by AI without proper controls.

The Action

1. Review and enforce Microsoft Purview DLP policies for Copilot interactions and sensitive information types.
2. Audit SharePoint and OneDrive site permissions and sharing settings, especially for sensitive documents.
3. Educate users on responsible use of Copilot Chat, emphasizing not to input or prompt with sensitive data.
4. Implement or refine Conditional Access policies to restrict Copilot access based on device compliance or location.
5. Monitor Microsoft 365 audit logs for Copilot activity and data access patterns.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps