Microsoft Extends DLP Protection for Copilot Across Office Apps
Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...
Key Takeaways:
- The new Data Loss Prevention (DLP) policy now covers Copilot experiences within Office apps.
- This new functionality builds on the DLP policy introduced in March.
- Organizations with existing DLP policies for Copilot Chat will have those same protections automatically applied to Copilot within Office apps.
Microsoft has announced the public preview of enhanced Data Loss Prevention (DLP) capabilities for Microsoft 365 Copilot within Office apps. This feature extends the DLP policy first introduced in March 2025.
A Data Loss Prevention (DLP) policy is a set of rules designed to detect and prevent the unauthorized sharing, transfer, or exposure of sensitive information outside an organization. These policies help businesses comply with data protection regulations and protect against data breaches.
Previously, administrators could configure DLP rules to block Copilot Chat from accessing sensitive documents. However, these protections didn’t apply to Copilot experiences within Office apps like Microsoft Word, PowerPoint, and Excel.
Microsoft has expanded DLP controls to cover in-app Copilot experiences in Office apps. This means that organizations can now enforce the same data protection rules across all Copilot features, including generating formulas in Excel, summarizing presentations in PowerPoint, and rewriting text in Word.
“Data oversharing and leakage is a top concern for organizations using generative AI technology, and securing AI-based workflows can feel overwhelming. We’ve been laying a strong foundation with Microsoft Purview Data Loss Prevention—especially with DLP for M365 Copilot—and are excited to expand its reach to further reduce the risk of AI-related oversharing at scale,” Microsoft explained.
How do sensitivity labels work with Microsoft 365 Copilot?
Microsoft 365 Copilot respects sensitivity labels applied to documents and spreadsheets when they are opened. If a file is labeled and a DLP policy restricts Copilot access, features like content generation and summarization are automatically disabled. Moreover, users won’t be able to interact with the Copilot AI assistant within that file.
Additionally, Microsoft 365 Copilot won’t be able to reference any file protected by a sensitivity label enforced through a DLP policy. This restriction exists because referencing a file requires Copilot to extract and process its contents, which could risk exposing sensitive data.
To enable DLP policies for Copilot in Office apps, administrators can go to the Microsoft Purview compliance portal. There, they can configure policies based on sensitivity labels at the file, group, site, or user level.
Organizations that have already configured a DLP policy for the Microsoft 365 Copilot Chat preview don’t need to take any further action. Those existing policies will automatically extend to Copilot features within Office apps. If you’re interested, you can learn more about DLP for Microsoft 365 Copilot on this support page.
