Microsoft Copilot (Microsoft 365): Start writing, coding, and creating with Copilot in Pages

🚨 The Signal: Copilot can now co-create content and code directly within M365 Pages. This expands the attack surface for data leakage and introduces new vectors for prompt injection, requiring enhanced governance over AI-generated content.

The Impact

All users are affected, increasing the risk of sensitive data exposure and the spread of malicious code through AI-generated content.

• End Users: Increased risk of inadvertently sharing sensitive data via Copilot-generated content.
• Security Teams: New vectors for prompt injection and data exfiltration require updated monitoring.
• Compliance Teams: Greater challenge in ensuring AI-generated content adheres to data governance policies.
• Developers: Risk of Copilot generating insecure or vulnerable code if not properly reviewed.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot-generated content in Pages.
2. Implement or refine Microsoft Purview Communication Compliance policies to monitor Copilot interactions and shared Pages.
3. Educate users on responsible AI usage, data handling, and prompt engineering best practices for Copilot in Pages.
4. Configure Copilot data residency and content filtering settings in the Microsoft 365 admin center to align with ISM requirements.
5. Establish a review process for code generated by Copilot in Pages to mitigate security vulnerabilities.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps