Microsoft Copilot (Microsoft 365): [Copilot Chat] Launch the full Microsoft 365 Copilot app when using Copilot Chat in the Microsoft 365 apps

🚨 The Signal: Copilot Chat in Microsoft 365 apps now links directly to the full Copilot app. This centralises AI interaction, increasing data exposure risk if access controls are not robustly managed.

The Impact

All users are affected, increasing the risk of unintended data exposure through Copilot if access and data governance policies are not strictly enforced.

• End users: Increased ease of access to Copilot may lead to inadvertent sharing of sensitive data.
• Security teams: Must review and enforce data loss prevention (DLP) policies for Copilot interactions.
• Admins: Need to ensure Copilot access controls align with data classification and user permissions.
• Compliance officers: Requires re-evaluation of data handling procedures within the expanded Copilot interface.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot interactions.
2. Verify Microsoft Entra Conditional Access policies for Copilot access, ensuring appropriate device and location restrictions.
3. Audit existing Copilot access assignments to ensure least privilege is maintained.
4. Communicate updated Copilot usage guidelines to end-users, emphasising data sensitivity.
5. Monitor Copilot audit logs for unusual data access patterns via Microsoft Purview Audit.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps