Microsoft Copilot (Microsoft 365): Calendar Search in M365 Copilot Search

🚨 The Signal: Microsoft Copilot now offers enhanced calendar search, retrieving meeting details, attendees, shared files, and follow-ups. This centralises sensitive meeting data, increasing exposure risk if access controls are weak.

The Impact

All users are affected, with a heightened risk of sensitive meeting data exposure if access permissions are not correctly managed.

• End users: Risk of oversharing meeting details if their calendar permissions are too broad.
• Security teams: Increased risk of data leakage from aggregated meeting content if underlying file/email permissions are not granular.
• Compliance officers: Challenge in demonstrating control over sensitive meeting discussions and shared documents.
• Administrators: Need to review and enforce strict access policies for calendars, emails, and files to mitigate exposure.

The Action

1. Review and enforce Microsoft 365 sensitivity labels for meeting invites and associated documents.
2. Audit calendar sharing permissions for all users, especially those handling sensitive information.
3. Implement Conditional Access policies to restrict Copilot access based on device compliance and location.
4. Educate users on the implications of Copilot's enhanced search and the importance of appropriate data classification.
5. Monitor Microsoft Purview Audit logs for Copilot search activities involving sensitive meeting data.

Domain: Agentic-AI · Impact: high · Workload: Microsoft Purview