SharePoint: Inline comments and notifications for Markdown files

🚨 The Signal: SharePoint and OneDrive now support inline comments and notifications for Markdown files. This increases collaboration but introduces new vectors for information disclosure and unmanaged content, requiring vigilance over sensitive data in these formats.

The Impact

All users are affected by new collaboration features, increasing the risk of sensitive information exposure and unmanaged content.

• End users: Increased risk of inadvertently sharing sensitive information via comments.
• Security teams: New content vectors to monitor for data loss prevention and compliance.
• Compliance officers: Potential for unmanaged content and comments outside established governance policies.
• Data owners: Greater challenge in tracking and controlling sensitive data within collaborative Markdown files.

The Action

1. Review and update existing Microsoft Purview Data Loss Prevention (DLP) policies to include Markdown file types and comment content.
2. Evaluate Microsoft Purview Information Protection (MIP) sensitivity labels for Markdown files and ensure appropriate auto-labeling or user guidance.
3. Communicate updated acceptable use policies to users regarding commenting on sensitive information in Markdown files.
4. Monitor SharePoint and OneDrive audit logs for unusual activity related to Markdown file sharing and commenting.

Domain: SharePoint · Impact: medium · Workload: SharePoint