Microsoft 365 app: New Copilot Notebooks design in the Microsoft 365 Copilot App (Android)

🚨 The Signal: Copilot Notebooks on Android now retain AI chat context across sessions, creating persistent workspaces. This enhances AI utility but increases the risk of sensitive information exposure if not managed.

The Impact

All users are affected, with a moderate security risk due to persistent AI context potentially exposing sensitive data.

  • End Users: Risk of oversharing sensitive data in persistent AI chats.
  • Security Teams: New data storage locations for AI interactions require monitoring.
  • Compliance Teams: Data retention and eDiscovery policies must account for persistent AI notebooks.

The Action

  1. Review and update existing data loss prevention (DLP) policies to include Copilot Notebooks.
  2. Educate users on appropriate data handling and sensitivity when interacting with Copilot Notebooks.
  3. Assess Microsoft Purview eDiscovery and retention policies for Copilot Notebook content.
  4. Monitor Copilot usage reports for anomalous activity or data sharing patterns.

Domain: Agentic-AI · Impact: medium · Workload: M365 Apps