Microsoft 365 app: New Copilot Notebooks design in the Microsoft 365 Copilot App

🚨 The Signal: Copilot Notebooks in the Microsoft 365 app now offer persistent AI workspaces. This allows Copilot to retain context across sessions, potentially exposing sensitive information if not managed, and creating new data governance challenges.

The Impact

All users are affected, increasing the risk of sensitive data exposure and unmanaged AI-generated content.

• End users: Risk of inadvertently exposing sensitive data through persistent Copilot context.
• Security teams: New persistent data stores require updated data classification and retention policies.
• Compliance teams: Increased challenge in meeting data residency and privacy requirements for AI-generated content.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot Notebooks content.
2. Develop and communicate clear acceptable use policies for Copilot Notebooks, emphasizing sensitive data handling.
3. Implement Microsoft Purview Information Protection (MIP) sensitivity labels for AI-generated content within Copilot Notebooks.
4. Monitor Copilot usage and data interactions via Microsoft Purview Audit logs to identify potential data leakage.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps