Microsoft Edge: Ask Copilot about an image

🚨 The Signal: Edge Copilot can now analyze web images, sending them to Copilot for insights. This introduces a new vector for data exfiltration and sensitive information exposure if not properly governed.

The Impact

All users are affected, with a high risk of sensitive image data being inadvertently processed by Copilot.

  • End users: Risk of unintentionally sending sensitive images to Copilot.
  • Security Team: Increased surface area for data exfiltration and compliance violations.
  • Admins: New policy controls required to manage data flow to Copilot.
  • Organisations: Potential for non-compliance with data handling policies.

The Action

  1. Review and implement Edge policy 'EdgeEntraCopilotPageContext' to control image analysis.
  2. Review and implement Edge policy 'Microsoft365CopilotChatIconEnabled' to manage Copilot access.
  3. Communicate to users about responsible use of Copilot image analysis, especially with sensitive data.
  4. Update data handling policies to specifically address image processing by AI tools.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860