Microsoft Copilot (Microsoft 365): Reference a Loop or Page when creating a presentation with Copilot

🚨 The Signal: Copilot in PowerPoint can now reference Microsoft Loop components and Pages to create presentations. This expands data exposure risks as sensitive information in Loops and Pages can be inadvertently included in new content.

The Impact

All users leveraging Copilot are affected, increasing the risk of sensitive data exposure through new content generation.

• End Users: Risk of inadvertently including sensitive data from Loops/Pages in presentations.
• Security Teams: Increased surface area for data leakage and compliance violations.
• Data Owners: Potential for uncontrolled dissemination of classified information.
• Compliance Officers: Challenges in maintaining data classification and handling policies.

The Action

1. Review and reinforce existing Microsoft Purview Data Loss Prevention (DLP) policies for Loop and PowerPoint.
2. Educate users on responsible AI usage and data handling best practices when using Copilot with sensitive content.
3. Implement or refine sensitivity labels for Loop components and Pages to ensure proper classification.
4. Monitor Copilot usage logs for unusual data access patterns or content generation activities.
5. Review Microsoft 365 audit logs for Loop and PowerPoint activities to identify potential policy violations.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps