OneNote: Multimodal capture in Copilot Notebooks (Windows)

🚨 The Signal: OneNote Copilot now captures audio, images, and notes from Windows, converting them into structured insights. This expands data ingestion into Copilot, increasing potential exposure of sensitive information if not properly governed.

The Impact

All users are affected, with a high risk of sensitive data exposure through expanded Copilot data ingestion.

  • End users: Risk of inadvertently capturing and processing sensitive information.
  • Security teams: Increased surface area for data loss prevention and compliance monitoring.
  • Compliance officers: New challenges in demonstrating data handling and retention compliance.
  • IT administrators: Need to review and update data governance policies for Copilot.

The Action

  1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include OneNote and Copilot Notebooks.
  2. Configure sensitivity labels in Microsoft Purview for data captured within OneNote and Copilot Notebooks.
  3. Educate users on appropriate data capture practices and the handling of sensitive information within Copilot.
  4. Monitor Copilot usage logs for unusual data capture or sharing patterns.
  5. Assess existing data retention policies for applicability to Copilot-generated content.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps