Outlook: Co-Authoring Highlight and Rewrite

🚨 The Signal: Copilot can now rewrite email drafts in Outlook, changing length, tone, or structure. This introduces new risks for data leakage and unauthorized content generation, requiring careful governance of AI-assisted communications.

The Impact

All users are affected, with a new risk of inadvertent data exposure or policy violations through AI-generated content.

• End users: Risk of generating and sending non-compliant or sensitive information.
• Security team: Increased surface area for data leakage and policy violations.
• Compliance team: New challenges in monitoring and enforcing communication policies.
• Legal team: Potential for AI-generated content to create legal liabilities.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot-generated content.
2. Implement or refine Microsoft Purview Communication Compliance policies to monitor AI-assisted email drafts.
3. Educate users on responsible AI usage, data handling, and the limitations of Copilot in sensitive communications.
4. Monitor Microsoft 365 audit logs for Copilot activities related to email content generation.
5. Evaluate Microsoft Entra Conditional Access policies for Copilot access based on sensitivity labels.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps