Microsoft Copilot (Microsoft 365): Updates to video creation in Microsoft 365 Copilot

🚨 The Signal: Copilot can now generate and edit videos from documents with advanced features like custom media and brand integration. This increases the potential for sensitive information to be embedded in shareable video formats, raising data exfiltration risks.

The Impact

All users are affected by the increased risk of sensitive data exposure through easily generated and shared videos.

• End users: Risk of inadvertently including sensitive data in videos.
• Security teams: Increased monitoring burden for data exfiltration via video content.
• Data owners: Potential for unauthorized disclosure of classified information.
• Compliance officers: Challenges in demonstrating adherence to data handling policies.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies to include video content and Copilot-generated outputs.
2. Implement or refine sensitivity labels for video files, ensuring automatic classification where possible.
3. Educate users on the risks of generating videos from sensitive documents and proper sharing protocols.
4. Monitor Microsoft Purview audit logs for Copilot activities involving sensitive documents and video creation.
5. Configure sharing policies for video files to restrict external access by default.

Domain: Purview · Impact: high · Workload: Microsoft Purview