Microsoft Copilot (Microsoft 365): Reference a Loop or Page when creating a presentation with Copilot

🚨 The Signal: Copilot in PowerPoint can now create presentations using content from Microsoft Loop components and Pages. This expands Copilot's data access, increasing the potential for sensitive information exposure if not properly governed.

The Impact

All users are affected, with an increased risk of sensitive data exposure through Copilot's expanded content access.

• End-users: Risk of inadvertently including sensitive Loop/Page data in presentations.
• Security Teams: Increased scope for data loss prevention (DLP) monitoring and policy enforcement.
• Data Owners: Need to re-evaluate classification and access controls for Loop components and Pages.
• Compliance Teams: New considerations for data residency and regulatory compliance with expanded data flow.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Loop and SharePoint Pages to prevent sensitive data sharing.
2. Educate users on responsible AI use, emphasizing data sensitivity when prompting Copilot with Loop or Page content.
3. Audit existing Loop and SharePoint Page permissions to ensure least privilege access is maintained.
4. Leverage Microsoft Purview Information Protection (MIP) sensitivity labels for Loop components and SharePoint Pages to classify and protect sensitive information.
5. Monitor Copilot usage logs for unusual data access patterns involving Loop or Page content.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps