Copilot's Broad Access Raises Concerns for Microsoft 365 Data Security
-
Copilot can access all sensitive data a Microsoft 365 user can access, which is often too much (10% is open to all employees on average)
-
Copilot can rapidly generate new sensitive data that must be protected, exacerbating existing data security challenges
-
Microsoft relies on permissions, labels, and humans to secure Copilot data, but these controls have proven inadequate in practice
-
Poor permission hygiene and ineffective labeling leave M365 data exposed to Copilot hallucination and misuse
-
Before rolling out Copilot, assess your M365 data security posture to enforce least privilege and accurately apply protections like sensitivity labels