Microsoft Copilot (Microsoft 365): Video recap in Copilot Chat

🚨 The Signal: Copilot Chat now generates video recaps of recorded meetings, including AI-narrated summaries and video snippets. This increases the exposure surface for sensitive meeting content and requires careful data governance.

The Impact

All users are affected, increasing the risk of sensitive information exposure through AI-generated summaries.

• End users: Risk of oversharing sensitive meeting content via AI summaries.
• Security teams: Increased surface area for data exfiltration and compliance breaches.
• Data owners: Potential for sensitive data to be summarized and shared without explicit consent.
• Compliance officers: New challenges in auditing and governing AI-generated content from meetings.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot Chat and AI-generated content.
2. Educate users on the implications of recording meetings and the AI summarization feature, emphasizing data sensitivity.
3. Implement or refine retention labels in Microsoft Purview for meeting recordings and associated AI artifacts.
4. Monitor Copilot usage reports for sensitive data interactions and sharing patterns.
5. Assess existing information protection policies for applicability to AI-generated meeting summaries.

Domain: Agentic-AI · Impact: high · Workload: Microsoft Purview