Microsoft Copilot (Microsoft 365): Preview and chat with Microsoft Word, Excel, and PowerPoint files in the Microsoft 365 Copilot app on iPhone

🚨 The Signal: Copilot on iPhone now allows direct chat with Word, Excel, and PowerPoint files from within the Copilot app preview. This increases data exposure risk on mobile devices and expands the attack surface for sensitive information.

The Impact

All users with Copilot on iPhone are affected, increasing the risk of sensitive data exposure and potential data loss on mobile devices.

• End-users: Increased risk of accidental data sharing via Copilot chat on mobile.
• Security Teams: New vector for data exfiltration and compliance challenges on mobile.
• Admins: Requires review of existing mobile device and data loss prevention policies.
• Organisations: Heightened risk of sensitive information exposure outside controlled environments.

The Action

1. Review and update existing Microsoft Intune Mobile Application Management (MAM) policies for Copilot and M365 apps on iOS.
2. Configure Microsoft Purview Data Loss Prevention (DLP) policies to monitor and restrict sensitive information sharing within Copilot chat on mobile.
3. Educate users on responsible use of Copilot chat with sensitive files on mobile devices.
4. Assess and update your organisation's acceptable use policy regarding AI interaction with sensitive data on personal devices.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps