Microsoft Teams: AI Workflows in Workflows app

🚨 The Signal: New AI Workflows in Microsoft Teams allow users to automate tasks with custom AI templates. This introduces new avenues for data processing and potential exfiltration via agentic AI capabilities, requiring careful governance.

The Impact

Admins and Security Teams are affected by the introduction of new AI-driven automation, posing a risk of uncontrolled data access and processing.

• Admins: New configuration options for AI workflows require review.
• Security Teams: Potential for data exfiltration or unauthorized access via AI agents.
• End Users: Gain powerful automation, but may inadvertently expose sensitive data.
• Compliance Teams: Need to assess new data flows against regulatory requirements.

The Action

1. Review Teams app permission policies for the Workflows app.
2. Assess data classification and labeling policies for data processed by AI workflows.
3. Implement data loss prevention (DLP) policies to monitor AI workflow outputs.
4. Educate users on responsible use of AI automation and data handling.
5. Monitor audit logs for Workflows app activity and AI-driven automation events.

Domain: Agentic-AI · Impact: high · Workload: Teams