Microsoft Expands Copilot Data Loss Prevention Controls

- Previously, Microsoft Purview DLP policies for Copilot only applied to files stored in SharePoint or OneDrive, leaving a gap for documents on local devices. The new update extends these controls to Word, Excel, and PowerPoint documents regardless of their location, including local and network drives. - This expansion of DLP controls is being deployed through an Office component called the Augmentation Loop ("AugLoop"), which connects local applications with cloud services to enforce policies. This allows the client-side application to provide the file's sensitivity label, ensuring uniform DLP enforcement across all storage locations. - The rollout for this enhanced DLP functionality is scheduled to begin in late March 2026 and is expected to be completed worldwide by late April 2026. - Organizations with existing DLP policies configured to block Copilot from processing content with specific sensitivity labels will have these new protections enabled automatically, requiring no administrative changes. - This update addresses a significant enterprise concern and follows a recent software bug where Copilot Chat was found to be reading and summarizing confidential emails from users' Sent Items and Drafts folders, despite them being protected by DLP policies. - Microsoft Purview's DLP capabilities for Copilot can be configured to restrict the AI from processing prompts that contain sensitive information types (SITs), such as credit card or social security numbers. - The foundation of Copilot's data protection model relies on Microsoft Purview's sensitivity labels. The effectiveness of these DLP controls is directly tied to an organization's strategy for identifying and applying these labels to sensitive documents. - All data processed by Copilot for Microsoft 365, including prompts and generated responses, remains within the organization's secure Microsoft 365 tenant and is not used to train the foundation Large Language Models (LLMs).