Copilot's Broad Access Raises Concerns for Microsoft 365 Data Security
-
Copilot can access all sensitive data a Microsoft 365 user can access, which is often too much (10% is open to all employees on average)
-
Copilot can rapidly generate new sensitive data that must be protected, exacerbating existing data security challenges
-
Microsoft relies on permissions, labels, and humans to secure Copilot data, but these controls have proven inadequate in practice
-
Poor permission hygiene and ineffective labeling leave M365 data exposed to Copilot hallucination and misuse
-
Before rolling out Copilot, assess your M365 data security posture to enforce least privilege and accurately apply protections like sensitivity labels
![](https://www.bleepstatic.com/content/posts/2023/10/08/varonis-copilot.jpg)