Microsoft 365 Message Center Archive

MC1234661 - DLP policies will be able to block Copilot processing of sensitivity‑labeled files in all storage locations

Message ID

MC1234661

View in Message Center

Service

Microsoft 365 suite
Microsoft 365 apps
Microsoft Purview

Published

Feb 19, 2026

Tag

New feature
User impact
Admin impact

Roadmap ID

557255

View in M365 Roadmap

Platforms

Android
Desktop
iOS
Mac

Summary

DLP policies will block Microsoft 365 Copilot from processing sensitivity-labeled Word, Excel, and PowerPoint files across all storage locations, including local devices. This rollout begins late March 2026, requires no policy changes, and ensures consistent DLP enforcement without altering Copilot capabilities.

More information

Introduction

We’re expanding Microsoft Purview Data Loss Prevention (DLP) controls to provide broader governance for Microsoft 365 Copilot. With this update, DLP policies that prevent Copilot from processing content based on sensitivity labels will now apply to Word, Excel, and PowerPoint files regardless of where they are stored. This enhancement responds to customer feedback requesting more consistent protection coverage across local and cloud-based file locations.

This feature is associated with Microsoft 365 Roadmap ID 557255.

When this will happen

  • General Availability (Worldwide and GCC): Rollout will begin in late March 2026 and is expected to complete by late April 2026.

How this affects your organization

Who is affected

  • Organizations using Microsoft Purview DLP to restrict Copilot processing of sensitivity-labeled content
  • Admins who manage Purview DLP policies
  • Users working with Microsoft 365 Copilot in Word, Excel, or PowerPoint

What will happen

  • DLP policies that restrict Copilot from processing sensitivity‑labeled files will apply to Word, Excel, and PowerPoint files in all storage locations, including:
    • SharePoint
    • OneDrive for Business
    • Local device storage
    • Other storage locations accessible to Office apps
  • When a DLP policy blocks Copilot processing, Copilot will not process the file’s content in Word, Excel, or PowerPoint.
  • Existing DLP policies will continue to function normally; no policy migration or reconfiguration is required.
  • The feature will be on by default for tenants with relevant DLP rules configured.
  • Users will see consistent DLP enforcement when invoking Copilot in supported Microsoft 365 apps.

Implementation detail:

This update does not modify Copilot capabilities. Instead, Office clients and AugLoop have been enhanced so AugLoop can read a file’s sensitivity label directly from the client. Today, AugLoop retrieves the label by calling Microsoft Graph using the file’s SharePoint or OneDrive URL, which limits DLP enforcement to files stored in OneDrive and SharePoint. By enabling the client to provide the label, DLP enforcement now applies uniformly across all storage locations, including local files.

What you can do to prepare

No action is required to enable this feature.

If your organization uses DLP controls for Copilot, you may optionally:

  • Review existing DLP policies that include sensitivity-label-based restrictions
  • Update internal documentation or helpdesk guidance if needed
  • Communicate this enhancement to relevant security or compliance teams

Learn about managing DLP policies: Learn about data loss prevention | Microsoft Purview | Microsoft Learn

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.