MC1269217 - Microsoft Purview compliance portal: Endpoint DLP expands protection to Copilot PC Recall snapshots
Service
Published
Tag
Platforms
Summary
Microsoft Purview Endpoint DLP will support Copilot+ PCs by protecting Windows Recall snapshots from capturing sensitive content. Admins can create custom policies for these devices, with rollout starting April 2026. The feature is off by default and requires coordination with Intune and policy updates.
More information
Introduction
Microsoft Purview Endpoint Data Loss Prevention (Endpoint DLP) is expanding to support Copilot+ PCs by enabling protection of Windows Recall snapshots. This update helps organizations prevent the capture of sensitive content, including content with restricted sensitivity labels or sensitive information types (SITs). Admins can create Endpoint DLP custom policies designed specifically for Copilot+ PC devices to manage Recall behavior.
This message is associated with Microsoft 365 Roadmap ID 502519.
When this will happen
- General Availability (Worldwide): Rollout will begin in early April 2026 and is expected to complete by late April 2026.
How this affects your organization
Who is affected
- Admins managing Endpoint DLP within the Microsoft Purview compliance portal
- Organizations deploying Copilot+ PCs with Recall enabled through Intune
What will happen
- Endpoint DLP will support detection and blocking of Recall snapshots that contain sensitive files.
- Purview admins will be able to author custom Endpoint DLP policies that integrate with Windows Recall settings on Copilot+ PCs.
- Policies will apply only to Copilot+ PC devices configured by Intune admins.
- This change is off by default until policies are created and deployed.
- Existing Endpoint DLP policies remain unchanged unless admins choose to extend them.
What you can do to prepare
- Ensure all Copilot+ PCs are running anti malware Client version 4.18.26020 or later.
- Review your existing Endpoint DLP policies and determine whether additional policies are needed for Recall scenarios.
- Coordinate with your Intune administrator to confirm that Copilot+ PCs are configured for Recall.
- Notify your helpdesk and security operations teams about expected behavior.
- Update internal device or compliance documentation as needed.
Compliance considerations
| Question | Answer |
| Does the change alter how existing customer data is processed, stored, or accessed? | Yes. Endpoint DLP will evaluate content captured in Windows Recall snapshots to determine whether sensitive content is present. |
| Does the change introduce or modify AI or ML capabilities that interact with customer data? | Yes. The Recall snapshot feature uses AI driven capture and Endpoint DLP will evaluate its output. |
| Does the change modify DLP policy enforcement? | Yes. DLP enforcement is extended to block or restrict Recall snapshot capture of sensitive content. |
| Does the change include an admin control, and can it be controlled with Entra ID groups? | Yes. Admins can configure Endpoint DLP policies and may target Entra ID user or device groups. |
| Does the change allow a user to enable or disable the feature? | Yes. Users can enable or disable Recall, but DLP policies still determine whether sensitive content can be captured. |