SharePoint: Enterprise store plugins in Copilot in SharePoint
🚨 The Signal: Copilot in SharePoint now supports enterprise store plugins, extending its capabilities with custom functions. This introduces new avenues for data access and processing within the AI agent, requiring careful governance of plugin permissions and data handling.
The Impact
Security teams and M365 admins are affected by the increased risk of data exfiltration and unauthorized access through unvetted plugins.
- Security teams face new risks from malicious or poorly configured plugins accessing sensitive data.
- M365 admins must manage plugin deployment and permissions to prevent data exposure.
- Users could inadvertently expose data by interacting with unapproved or risky plugins.
- Compliance officers need to assess new data processing paths introduced by plugins for regulatory adherence.
The Action
- Review existing M365 governance policies for Copilot plugin management.
- Establish a formal process for vetting and approving enterprise plugins for Copilot in SharePoint.
- Implement granular access controls for plugin deployment and usage within the M365 admin center.
- Monitor Copilot plugin activity logs for unusual data access patterns or errors.
- Educate users on the risks associated with plugins and the importance of using only approved tools.
Domain: Agentic-AI · Impact: high · Workload: SharePoint · Essential Eight: Application Control, Restrict Administrative Privileges · ISM: ISM-0445, ISM-0843, ISM-1175, ISM-1380, ISM-1490, ISM-1507, ISM-1508, ISM-1509, ISM-1544, ISM-1582, ISM-1647, ISM-1648, ISM-1650, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1686, ISM-1688, ISM-1689, ISM-1870, ISM-1871, ISM-1883, ISM-1897, ISM-1898