This was actually a decent skim. Microsoft did not think that one through.
Companies paying for a corporate copilot instance to train on their SharePoint documents can inadvertently reveal the contents of those documents to anyone in the company who asks Copilot about them, even if those documents were made highly restricted - in their example, a document full of service account passwords permissioned to only be accessible by a select few members of IT (although sensible IT would be using a password manager right?)
Quite the oversight! That’s sure to slow adoption in any shops with a zero-trust or principle of least pivilege model in place, or even anywhere big that segments their teams to cut down on noise.
threaded - newest
The only thing I want to know about copilot is how to turn it off and get it off my PC
Sorry Dave…
This was actually a decent skim. Microsoft did not think that one through.
Companies paying for a corporate copilot instance to train on their SharePoint documents can inadvertently reveal the contents of those documents to anyone in the company who asks Copilot about them, even if those documents were made highly restricted - in their example, a document full of service account passwords permissioned to only be accessible by a select few members of IT (although sensible IT would be using a password manager right?)
Quite the oversight! That’s sure to slow adoption in any shops with a zero-trust or principle of least pivilege model in place, or even anywhere big that segments their teams to cut down on noise.