A Copilot for M365 session was initiated by a user originating from a location that is unusual for the user and/or environment within the context of this functionality.
Possible Root Causes
An attacker may be using the Copilot for M365 functionality to simplify their ability to discover knowledge documented within your environment that can help them enable their next steps within your environment (i.e. IT policies and procedures, documented static passwords/accounts, etc.).
An attacker may be using the Copilot for M365 functionality to simplify the discovery and extraction of sensitive information from e-mails stored within the M365 environment.
A legitimate user has accessed this functionality from a location that is not typical for your environment, but is using the functionality for benign/approved use cases.
Business Impact
An attacker utilizing Copilot for M365 can simplify the process of mining important knowledge about your organization and hide files that were accessed to support gaining that knowledge. This is because Copilot for M365 does not always log the files accessed to provide a response.
Steps to Verify
This detection is most interesting when it is accompanied by other detections indicating this account may be compromised.
Review whether the unusual location aligns with what is expected for this user.
Consult the available logs to determine if the activity prior to the registration is as expected.
If warranted, reach out to the account owner to confirm they accessed this functionality in this way.
M365 Suspicious Copilot for M365 Access
Possible root causes
Malicious Detection
Benign Detection
M365 Suspicious Copilot for M365 Access
Example scenarios
M365 Suspicious Copilot for M365 Access
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.
Don't just read about the possibilities – experience them.