Microsoft Copilot (Microsoft 365): Engage prospects faster with Sales Agent-enriched leads

🚨 The Signal: Microsoft Copilot's new Sales Agent autonomously processes sensitive lead data from CRM and external sources. This introduces new risks for data leakage and unauthorized access to business-critical information.

The Impact

Sales teams and security administrators are affected by the increased risk of sensitive customer data exposure and potential prompt injection vulnerabilities.

  • Sales users: Risk of inadvertently exposing sensitive lead data through agent interactions.
  • Security administrators: Increased attack surface for data exfiltration and unauthorized data access.
  • Compliance officers: New requirements for data governance and privacy impact assessments.
  • AI governance teams: Need to define and enforce policies for agent data access and usage.

The Action

  1. Review and update data classification and retention policies for CRM and sales-related data.
  2. Implement Microsoft Purview Data Loss Prevention (DLP) policies to monitor and restrict sensitive data sharing by Copilot agents.
  3. Educate sales users on responsible AI usage, data handling, and potential prompt injection risks when interacting with Sales Agent.
  4. Establish clear guidelines for Sales Agent's access to internal and external data sources, leveraging Entra ID Conditional Access.
  5. Conduct a privacy impact assessment (PIA) and data protection impact assessment (DPIA) for the Sales Agent feature.

Domain: Agentic-AI · Impact: high · Workload: Other