Microsoft 365 Copilot Security

What it is

Microsoft 365 Copilot is the AI assistant integrated across Microsoft 365 applications (Word, Excel, PowerPoint, Outlook, Teams, OneNote). It uses large language models grounded in the user's Microsoft Graph context — emails, documents, chats — to generate responses scoped to what that user technically has access to.

Central risk

Permissions inheritance. Copilot does not bypass permissions; it inherits them. If Charlie has access to a SharePoint folder he never opened, Copilot will surface its contents in response to questions. The security problem moves from access control (which was already lax) to discovery — and Copilot makes discovery one prompt away.

Specific risks

• Latent over-sharing surfaced through prompts
• Sensitive content embedded in documents (PII, secrets, confidential strategy) becoming queryable
• Audit-trail gaps — Microsoft Purview captures Copilot interactions but only if licensed and configured
• Prompt injection through documents and emails (indirect LLM01)
• Output handling in downstream automation (LLM05)

Recommended controls

• Run a permissions audit BEFORE Copilot rollout — scope reduction, group cleanup, label enforcement
• Deploy Microsoft Purview labels and DLP — without these, content classification is ineffective
• Enable Microsoft 365 Audit logging at the appropriate tier (E5 or M365 E5 Compliance)
• Communicate user expectations — Copilot will surface what you have access to, including content you forgot you had
• Test Copilot with adversarial-prompt scenarios specific to indirect injection

Posture Check checkpoint

Take the AI Posture Check before rolling out Copilot. Permissions hygiene is reflected in Q6–Q10 (Data) and Q26–Q30 (Vendor). Most rollout failures trace to weak Data scores.