M365 News for August 2025
Be sure to subscribe to my M365 Newsletter for more M365 expertise and news.
Share this post on social media. Share this post on social media.
Share this post on social media.Similar Posts
Copilot Bug is a Big Deal for Confidentiality, But Not That Big
Here’s why this is such a big problem. Microsoft recommends blocking Copilot from accessing sensitive information in emails, meetings, documents, and related content by assigning a label to those items and creating a DLP policy that defines the block. This bug renders the system unusable for the affected emails. You simply can’t provide a governance tool that doesn’t deliver the governance it claims to provide. It’s a bad look, Microsoft. It doesn’t help build customer trust.
No, Copilot did not make these emails public or access private information and make it non-private. It accessed information in response to your prompt that it should ignore. That creates a risk that many users might assume does not exist. That is a significant issue, but it’s not equivalent to a data breach. There is another check in place before data leaks out: the end user.
M365 News for March 2026
This post will be updated throughout the month as new items are added to the tag.
Be sure to subscribe to my M365 Newsletter for more M365 expertise and news.
Worth Reading – Ex-Employee OneDrive Retention: Why Data Is Kept Forever
In the case of a departed user on OneDrive, there may be a cost associated with data from now-unlicensed accounts remaining in your tenant. Many people might not like hearing that, and it does seem a little petty of Microsoft to count it differently from the overall amount of storage you are allocated. On the other hand, for the Information Governance part of my day job, it’s not the worst thing to have a mechanism that forces you to consider why that data is being retained and what decisions were made about it.
Worth Reading – Microsoft Defender Revelation Poses Troubling Questions
If we can’t trust Microsoft’s own tools to work, people will look for other tools. The advantage of being the built-in tool disappears when we can’t trust it.
Worth Reading – Microsoft Copilot Email and Teams Summarization Vulnerability Enables Phishing Attacks
If you can get Copilot to drop a link into the auto-summary, it would be less suspicious than an email sent from outside with a link. That’s probably true. After all, if you trust your AI Summarization tool to summarize the email instead of reading it, why wouldn’t you trust any links it included?
Worth Reading – Beyond Chat: The Hidden Dominoes When You Create a Microsoft Team
Everything about Teams—security, retention, eDiscovery, privacy, and so on— starts with understanding the data involved. To understand the data involved, you need to be familiar with all the details of this chain reaction. You’re not protecting and investigating data in a Teams channel; you’re dealing with data in Exchange, SharePoint, and potentially in various other locations, depending on the apps used in the channel.
