Microsoft 365 app: New Copilot Notebooks design in the Microsoft 365 Copilot App (iOS)

🚨 The Signal: Copilot Notebooks on iOS now retain context across sessions, allowing users to build on previous AI interactions. This creates persistent AI workspaces, increasing the risk of sensitive data exposure if not properly governed.

The Impact

End-users are affected by persistent AI context, increasing the risk of sensitive information being stored and potentially exposed in Copilot Notebooks.

  • End-users: Risk of inadvertently storing sensitive data in persistent AI notebooks.
  • Security Teams: Increased surface area for data exfiltration and compliance monitoring challenges.
  • Compliance Teams: New data retention and discovery challenges for AI-generated content.
  • Admins: Need to review and potentially update data governance policies for AI interactions.

The Action

  1. Review and update existing data retention and data loss prevention (DLP) policies to include Copilot Notebooks content.
  2. Communicate best practices to end-users regarding the handling of sensitive information within Copilot Notebooks.
  3. Monitor Microsoft Purview audit logs for Copilot activities to identify potential data exposure risks.
  4. Evaluate Microsoft Purview Data Lifecycle Management policies for AI-generated content in Copilot.
  5. Consider implementing sensitivity labels for content generated or stored in Copilot Notebooks.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps