Microsoft Viva: Copilot Analytics - Identifiable Export metrics in the Copilot Dashboard

🚨 The Signal: Microsoft Viva Copilot Dashboard now allows exporting identifiable, row-level Copilot usage metrics. This feature, off by default, can expose sensitive user interaction data if enabled by an administrator, increasing data privacy and governance risks.

The Impact

Administrators are affected; enabling this feature risks exposing sensitive user data and Copilot interaction details.

• Security Teams: Increased risk of data exposure and privacy breaches.
• Privacy Officers: New data export capability requires careful privacy impact assessment.
• Administrators: Must understand the security implications before enabling data export.
• Legal Teams: Potential for non-compliance with data protection regulations.

The Action

1. Review tenant-wide data governance policies for Copilot data.
2. Assess the necessity of enabling identifiable Copilot metric export.
3. If enabled, implement strict access controls for exported data.
4. Ensure data retention and disposal policies cover exported Copilot metrics.
5. Communicate data handling procedures to all relevant stakeholders.

Domain: Agentic-AI · Impact: high · Workload: Other