AI agents in Microsoft 365 do not create new permissions-but they dramatically amplify existing ones. When Copilot, Copilot Studio agents, or Power Platform automations are deployed, data exposure scales instantly across SharePoint, OneDrive, Teams, and connected third-party services.
This session breaks down how AI actually accesses data inside Microsoft 365, mapping real data exposure paths that most organisations don’t realise exist. We’ll explore how permissions, sharing links, connectors, and low-code automation combine to surface sensitive information to AI agents-often unintentionally.
Special attention is given to Copilot Studio and low-code blind spots, where connectors and agent actions can bypass traditional review processes.

Solutions Covered:
• Microsoft 365 Copilot
• Copilot Studio
• SharePoint Online, OneDrive for Business, Microsoft Teams
• Power Platform (Power Apps, Power Automate connectors)
• Microsoft Defender for Cloud Apps
and many more