Microsoft 365 Copilot: Initiate Copilot Chat by sharing files to the Microsoft 365 Copilot app on iPhone and iPad

🚨 The Signal: Users can now share Word, Excel, and PowerPoint files from iOS/iPadOS apps directly to Microsoft 365 Copilot Chat. This expands data ingestion vectors for Copilot, increasing potential for sensitive information exposure if not properly governed.

The Impact

All users are affected, increasing the risk of sensitive data exposure via Copilot if existing data governance policies are not updated.

• End users: Increased risk of inadvertently sharing sensitive files with Copilot.
• Security teams: New mobile data ingestion vector requires DLP policy review.
• Compliance officers: Potential for non-compliance if sensitive data is processed by Copilot without proper controls.
• Data owners: Risk of data exposure if classification and labelling are not enforced.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include mobile endpoints and Copilot interactions.
2. Ensure Microsoft Purview Information Protection (MPIP) sensitivity labels are consistently applied to Word, Excel, and PowerPoint files.
3. Communicate updated data handling guidelines to end-users regarding sharing files with Copilot on mobile devices.
4. Monitor Copilot usage logs for unusual file sharing patterns or sensitive data interactions.
5. Evaluate Microsoft Entra Conditional Access policies for mobile devices accessing Copilot services.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps