Microsoft has announced a significant enhancement to its data protection capabilities with the introduction of a new Data Loss Prevention (DLP) feature that will prevent Microsoft 365 Copilot from processing emails containing sensitivity labels.
This development represents a crucial step in safeguarding sensitive organizational data within AI-powered productivity tools.
Enhanced DLP for Microsoft 365 Copilot Data Protection
The rollout schedule for this enhanced DLP functionality follows a structured timeline designed to ensure smooth implementation across Microsoft’s global infrastructure.
.png
)
The public preview phase commenced in early June 2025 and is expected to reach completion by late June 2025, providing organizations with an opportunity to test and evaluate the new capabilities before full deployment.
Following the preview period, general availability worldwide will begin in early August 2025, with complete rollout anticipated by late August 2025.
This staggered approach allows Microsoft to monitor system performance and address any potential issues before widespread adoption.
Notably, the feature will only apply to emails sent on or after January 1, 2025, ensuring that historical communications remain unaffected by the new restrictions.
The new DLP extension operates within the Microsoft Purview Data Loss Prevention framework, enabling administrators to configure policies that detect sensitivity labels in emails used as enterprise grounding data.
When such labels are identified, the system automatically restricts Microsoft 365 Copilot’s access to these communications during chat experiences, preventing potential data exposure.
Administrators can access these controls through the Microsoft Purview portal, where they can create and manage DLP policies specifically targeting the Copilot location.
The feature integrates with Data Security Posture Management for AI (DSPM for AI), providing recommendations for creating comprehensive Microsoft 365 Copilot policies. Importantly, organizations do not require a separate Microsoft 365 Copilot license to utilize this DLP functionality.
Current preview limitations include the absence of alerts, audit records, and policy simulation capabilities, which may be addressed in future updates.
The system automatically extends existing DLP policies at the Copilot location to include email protection without requiring additional administrative intervention.
Purview DLP to Restrict Microsoft 365 Copilot
Organizations currently operating without existing DLP policies for Microsoft 365 Copilot will experience minimal immediate impact from this rollout.
However, entities with established DLP frameworks should review their current configurations to assess potential implications for their operational workflows.
The automatic rollout requires no preliminary administrative action, though Microsoft recommends that organizations evaluate their existing policy structures.
For tenants with pre-configured DLP policies at the Copilot location, the system will seamlessly incorporate email restrictions without manual intervention.
Preparation activities should include notifying relevant personnel about the upcoming changes and updating organizational documentation to reflect the new data protection measures.
Administrators should familiarize themselves with the enhanced policy creation process and consider leveraging DSPM for AI recommendations to optimize their security posture.
This development underscores Microsoft’s commitment to balancing AI innovation with robust data protection, allowing enterprises to leverage the power of Copilot while maintaining strict control over sensitive information access and processing.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
