Microsoft Copilot (Microsoft 365): Viva Engage - Agents in communities

🚨 The Signal: Copilot agents can now operate within Viva Engage communities, answering questions and sharing knowledge. This introduces new AI agent identities and potential for information disclosure or misuse within social platforms.

The Impact

Security teams and compliance officers are affected by new AI agent identities and the risk of unapproved information disclosure.

• Security Teams: New AI agent identities require monitoring and access controls.
• Compliance Officers: Risk of unapproved information disclosure and data handling.
• IT Administrators: Need to manage and configure AI agent access and permissions.
• End Users: May interact with agents, requiring awareness of agent capabilities and limitations.

The Action

1. Review and update existing AI governance policies to include Copilot agents in Viva Engage.
2. Define clear roles and permissions for Copilot agents within Viva Engage communities.
3. Implement data loss prevention (DLP) policies specific to Viva Engage and AI agent interactions.
4. Educate users on the presence and capabilities of AI agents and appropriate interaction guidelines.
5. Monitor agent activity and interactions within Viva Engage for compliance and security.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898