Microsoft Copilot (Microsoft 365): Engage prospects faster with Sales Agent-enriched leads
🚨 The Signal: Microsoft Copilot's new Sales Agent autonomously processes sensitive lead data from CRM and external sources. This introduces new risks for data leakage and unauthorized access to business-critical information.
The Impact
Sales teams and security administrators are affected by the increased risk of sensitive customer data exposure and potential prompt injection vulnerabilities.
- Sales users: Risk of inadvertently exposing sensitive lead data through agent interactions.
- Security administrators: Increased attack surface for data exfiltration and unauthorized data access.
- Compliance officers: New requirements for data governance and privacy impact assessments.
- AI governance teams: Need to define and enforce policies for agent data access and usage.
The Action
- Review and update data classification and retention policies for CRM and sales-related data.
- Implement Microsoft Purview Data Loss Prevention (DLP) policies to monitor and restrict sensitive data sharing by Copilot agents.
- Educate sales users on responsible AI usage, data handling, and potential prompt injection risks when interacting with Sales Agent.
- Establish clear guidelines for Sales Agent's access to internal and external data sources, leveraging Entra ID Conditional Access.
- Conduct a privacy impact assessment (PIA) and data protection impact assessment (DPIA) for the Sales Agent feature.
Domain: Agentic-AI · Impact: high · Workload: Other