Microsoft Copilot (Microsoft 365): Copilot Chat - Session Persistence Enhancement

🚨 The Signal: Copilot Chat now retains conversation history across sessions, immediately saving prompts. This enhances user experience but increases the persistence of potentially sensitive data within Copilot, requiring stricter data governance.

The Impact

All Copilot users are affected, with increased risk of sensitive data persistence and potential exposure if not properly governed.

• End-users: Risk of oversharing sensitive data in persistent chats.
• Security Teams: Increased scope for data loss prevention (DLP) monitoring.
• Compliance Teams: New considerations for data retention and eDiscovery policies.
• Admins: Need to review Copilot data governance and access controls.

The Action

1. Review and update Microsoft Purview DLP policies for Copilot interactions to detect and prevent sensitive information persistence.
2. Communicate updated Copilot usage guidelines to end-users, emphasizing caution with sensitive data in persistent chats.
3. Assess existing data retention policies in Microsoft 365 for Copilot data and adjust as necessary to meet compliance requirements.
4. Monitor Copilot usage reports for anomalous activity or excessive sensitive data handling.
5. Verify Copilot access controls and permissions align with least privilege principles.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps