I had a recent exchange with Microsoft and a group of CISOs and how it was explained to US by MS is that Copilot relies on existing file sharing security (OneDrive, Sharepoint) to determine what user could receive as feedback from Copilot. While it seems like a reasonable approach to rely on existing controls it honestly sent shivers down my spine. Anyone who had some experience securing MS platforms data sharing knows those become a total mess overtime for large organizations.
I just have to look at my ancient msn account being effectively turned unusable for several (notably: Skype, Xbox) MS services due to being stuck in some limbo between MS auth service migrations (?) to gauge my confidence in their control of user data.... And no, several hours with their support agents spread over several weeks did not resolve it.
I had a recent exchange with Microsoft and a group of CISOs and how it was explained to US by MS is that Copilot relies on existing file sharing security (OneDrive, Sharepoint) to determine what user could receive as feedback from Copilot. While it seems like a reasonable approach to rely on existing controls it honestly sent shivers down my spine. Anyone who had some experience securing MS platforms data sharing knows those become a total mess overtime for large organizations.