Outlook: Chat for Outlook iOS and Android

🚨 The Signal: Outlook Mobile now features an integrated Copilot Chat overlay, providing context-aware AI assistance directly within email, calendar, and contacts. This enhances data access and summarization capabilities for M365 Copilot licensed users, leveraging the Microsoft Graph.

The Impact

All M365 Copilot licensed users are affected, increasing the risk of inadvertent data exposure and prompt injection vulnerabilities.

• End Users: Increased risk of oversharing sensitive data via AI prompts.
• Security Teams: New vector for data exfiltration and prompt injection attacks.
• Compliance Teams: Requires review of data handling policies for AI interactions.
• Admins: Need to understand data flow and access permissions for Copilot.

The Action

1. Review and update M365 Copilot data governance policies, focusing on mobile access and context-aware interactions.
2. Educate users on responsible AI interaction, data sensitivity, and prompt engineering best practices within Outlook Mobile.
3. Monitor M365 Copilot usage logs for unusual data access patterns or sensitive information queries.
4. Assess existing Information Protection policies (e.g., DLP) to ensure they adequately cover Copilot interactions and data summarization.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps