Microsoft Copilot (Microsoft 365): [Copilot Extensibility] Customers can connect M365 Copilot with Egnyte to collaborate on secure file storage with Copilot Connector

🚨 The Signal: Microsoft 365 Copilot can now connect to Egnyte for file storage. This expands Copilot's data access to external repositories, increasing the attack surface for data exfiltration and unauthorized access if not properly governed.

The Impact

Security teams and data owners are affected by increased data exposure risk through Copilot's expanded access to external file storage.

• Security teams: Increased risk of data exfiltration via Copilot.
• Data owners: Potential for unauthorized access to sensitive Egnyte data.
• Compliance officers: New audit requirements for external data access.
• IT administrators: Need to configure and monitor new Copilot connectors.

The Action

1. Review existing DLP policies in Microsoft Purview to ensure they cover data accessed via Copilot connectors.
2. Audit Egnyte access controls and permissions, ensuring least privilege is enforced for data Copilot can access.
3. Implement conditional access policies in Entra ID to restrict Copilot connector usage based on device compliance or location.
4. Monitor Copilot activity logs for unusual data access patterns or exfiltration attempts.
5. Establish a clear governance framework for third-party Copilot connectors, including approval processes and data handling policies.

Domain: Agentic-AI · Impact: high · Workload: Other