@SecurityWriter What would be really useful would be to have a sharepoint system that does reproduce it, then change the configuration, and show how the attempts now fail. That would be a powerful demo to put the issue in its proper context. Otherwise people are left scratching their heads wondering. If the examples don’t work on their system, is that because they’re properly configured or is it because they’re vulnerable but they’re testing it wrong?
@paco I’ve raised concerns about what would happen if we let Copilot index first and restrict Access later (say for future sites), I really don’t know what would happen as it’s undocumented.
I might give it a whirl should I get time.
@SecurityWriter @paco main thing I noticed yesterday is that Restricted Search is disabled by default. Which makes me unhappy.
@v_perjorative @paco it’s rather silly. Should be opt-in. Not opt out.
@SecurityWriter @paco yup, but entirely at odds with the entire business model of AI