Microsoft Teams: Enhanced Copilot chat summary

🚨 The Signal: Copilot in Microsoft Teams will now automatically summarise unread chat messages. This changes how sensitive information in chats is processed and presented, potentially increasing exposure risk if not governed correctly.

The Impact

All Teams users are affected, with a moderate risk of sensitive information exposure through automated summaries if data loss prevention (DLP) policies are not robust.

• End Users: May inadvertently expose sensitive data if Copilot summarises restricted information.
• Security Team: Needs to ensure DLP policies are effective for Copilot-generated content.
• Compliance Team: Must review how automated summaries align with data retention and privacy policies.
• Admins: Need to understand Copilot's data processing boundaries within Teams.

The Action

1. Review existing Microsoft Purview Data Loss Prevention (DLP) policies to ensure they cover Copilot interactions within Teams.
2. Verify sensitivity labels are correctly applied to Teams chats and documents to prevent unauthorised summarisation of restricted data.
3. Educate users on the types of information that should not be shared in Teams chats, even with Copilot summarisation.
4. Monitor Microsoft Purview audit logs for Copilot activities and DLP policy matches related to Teams chats.

Domain: Agentic-AI · Impact: medium · Workload: Teams