Microsoft Copilot (Microsoft 365): [Copilot Extensibility] Customers can connect M365 Copilot with Amazon S3 to access structured document repositories with Copilot Connector

🚨 The Signal: Microsoft 365 Copilot can now connect to Amazon S3, allowing AI to access and summarise data in external structured document repositories. This expands Copilot's data access, increasing potential for data exposure and requiring careful governance.

The Impact

Security teams and data owners are affected by increased data exposure risk from Copilot accessing external S3 data.

• Security Teams: Increased risk of data exfiltration and unauthorised access to S3 data via Copilot.
• Data Owners: Potential for sensitive S3 data to be inadvertently exposed or summarised by Copilot.
• Compliance Teams: New challenges in maintaining data residency and compliance with regulatory requirements for S3 data.

The Action

1. Review and classify data stored in Amazon S3 buckets that will be connected to Copilot.
2. Implement granular access controls (IAM policies) on S3 buckets to limit Copilot's access to only necessary data.
3. Configure Microsoft Purview Data Loss Prevention (DLP) policies to monitor and restrict sensitive data sharing from Copilot interactions with S3.
4. Establish clear data governance policies for Copilot's interaction with external data sources like S3.
5. Regularly audit Copilot's S3 connector usage and access logs for anomalous activity.

Domain: Agentic-AI · Impact: high · Workload: Microsoft Purview