Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Purview Data Loss Prevention (DLP) can help you protect interactions with Microsoft 365 Copilot and Copilot Chat in two ways:
Restrict Microsoft 365 Copilot and Copilot Chat from processing sensitive prompts (preview), you can create a DLP policy to help protect against the use of sensitive information types (SIT), such as credit card numbers, passport identification, or social security numbers in Microsoft Copilot 365 prompts. This includes Microsoft provided SITs and custom SITs that you create. This real-time control helps organizations mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot and Copilot Chat, including pre-built agents in Microsoft 365 Copilot and Copilot Chat, from returning a response when prompts contain sensitive data and from using that sensitive data for both internal and external web searches.
Restrict M365 Copilot and Copilot Chat processing sensitive files and emails (generally available), you can create a DLP policy to help protect against the inclusion of files and emails that have sensitivity labels from being used in the response summarization to prompt in Microsoft 365 Copilot and Copilot Chat.
Important
You can't use both content contains sensitive info types and content contains sensitivity labels conditions in the same rule. You can create a rule for each condition in the same policy, but not in the same rule.
Licensing
For information on licensing, see
Permissions
Accounts with one of the below role or role groups will be able to create or edit a DLP policy to safeguard Microsoft 365 Copilot and Copilot Chat:
- Entra AI Admin - Role for managing all aspects of Microsoft 365 Copilot and AI-related enterprise services in Microsoft 365.
- Purview Data Security AI Admin - Role for editing Data Loss Prevention policies related to Copilot and viewing AI content in Data Security Posture Management. This role does not have access to read prompts and responses of AI interactions.
- Purview Data Security AI Admins - Use this group to assign editing capabilities for Data Loss Prevention policies related to Copilot and viewing AI content in Data Security Posture Management. Review the role description for access details. It contains the Data Security AI Admin role.
- Purview Compliance Administrator
- Purview Compliance Data Administrator
- Purview Information Protection
- Purview Information Protection Admin
- Purview Security Administrator
- Entra Global Admin - Role for managing all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities.
Important
Microsoft recommends that you use roles with the fewest permissions. Minimizing the number of users with the Global Administrator role helps improve security for your organization. Learn more about Microsoft Purview roles and permissions.
Block sensitive information types in prompts
This feature is in preview. Check your tenant to see if rollout has reached your tenant. It's available in Microsoft 365 Copilot, Copilot Chat and Copilot in Word, Excel, PowerPoint. This protection also extends to pre-built agents in Microsoft 365 Copilot and Copilot Chat.
This feature is available for all tenants with access to Microsoft 365 Copilot and Copilot Chat. The licensing update is rolling out in progress.
To set this up, create DLP policies that use the Microsoft 365 Copilot and Copilot Chat policy location with the Content contains > Sensitive information types condition. This policy prevents Copilot from returning a response when prompts contain sensitive data and from using that sensitive data for both internal and external web searches.
Tip
During preview, the user messaging in Word, Excel, PowerPoint might not clearly state that the interaction with Copilot in those products is blocked due to an organizational policy. The sensitive prompt is still restricted, and Copilot will not provide a response.
Block SITs in prompts use case example
Contoso encourages their employees to use Microsoft 365 Copilot to enhance productivity, but they don't want their users placing Canada physical addresses or EU debit card numbers into prompts.
To meet this business need, Contoso creates a DLP policy that targets the Microsoft 365 Copilot and Copilot Chat location and has a rule that uses the Content contains > Sensitive information types > Canada physical addresses or EU debit card numbers condition to identify prompts that contain those SITs. The actions in the rule are configured to Restrict Copilot from processing content > Processing prompts.
When a user attempts to submit a prompt that contains either of these sensitive information types, they receive a message indicating that the request can't be completed because it contains sensitive information that the organization has blocked Microsoft 365 Copilot from using.
Block files and emails with sensitivity labels from being processed
This feature is generally available. It's available in Microsoft 365 Copilot, Copilot Chat and Copilot in Word, Excel, PowerPoint. This protection also extends to pre-built agents in Microsoft 365 Copilot and Copilot Chat. It is not supported in Copilot in Outlook.
To set this up, create DLP policies that use the Microsoft 365 Copilot and Copilot Chat policy location with the Content contains > Sensitivity labels condition to exclude items from being processed. Identified items still appear in the citations of the response, but the content of the item isn't used in the response or accessed by Copilot.
Block items with sensitivity labels example use case
Contoso establishes and applies a sensitivity label taxonomy to their data. The taxonomy includes these labels:
- Highly Confidential
- Confidential
- Internal
- Public
- Personal
They deploy Microsoft 365 Copilot and Copilot Chat to help users find and use Contoso enterprise information in their organization. They want to minimize the risk of General Data Protection Regulation (GDPR) data being included in Microsoft 365 Copilot and Copilot Chat summaries and also exclude private information from summaries. They create a DLP policy that uses the Microsoft 365 Copilot and Copilot Chat policy location with the Content contains > Sensitivity labels condition to exclude items that have the Personal sensitivity label from being processed in the response summary and also to exclude items that have the Highly Confidential sensitivity label from being processed in the response summary.
Coverage types of content email and files
The DLP for Microsoft 365 Copilot and Copilot Chat policy location supports specific content that Copilot processes across various experiences.
Microsoft 365 Copilot and Copilot Chat rule configured to protect items with sensitivity labels supports:
File items, which are stored and items that are actively open. For more information on supported file types, see: file types supported by sensitivity labels.
Emails sent on or after January 1, 2025.
Calendar invites are not supported. Local files are not supported.
Note
When a file is open in Word, Excel, or PowerPoint and has a sensitivity label for which DLP policy is configured to prevent processing by Microsoft 365 Copilot and Copilot Chat, the skills in these apps are disabled. Certain experiences that don't reference file content or that aren't using any large language models aren't currently blocked on the user experience.
Availability
- The Microsoft 365 Copilot and Copilot Chat policy location is only available in the Custom policy template.
- When you select the Microsoft 365 Copilot and Copilot Chat policy location, all other locations for that policy are disabled.
- DLP alerts, DLP notifications, and policy simulation mode are supported.
- Updates to a DLP policy can take up to four hours to reflect in Microsoft 365 Copilot and Copilot Chat experience.
Admin units
The Microsoft 365 Copilot and Copilot Chat policy location doesn't support Admin units.
Supported Conditions and Actions
The Microsoft 365 Copilot and Copilot Chat policy location supports the following conditions and actions:
| Conditions | Description | Supported policy actions | Description |
|---|---|---|---|
| Content contains > Sensitivity labels | Detects when a file or an email in Exchange has a chosen sensitivity label | Prevent Copilot from processing content | The content of the item isn't processed by Copilot or used in the response summary, but the item could be available in the citations of the response. |
| Content contains > Sensitive information types | Detects when a prompt contains chosen sensitive information types | Prevent Copilot from processing content > Processing prompts | Copilot does not respond to the prompt. Prompt is not used for internal or web searches. |
Note
All Microsoft 365 Copilot prompts run in the security context of the user who initiates the prompt. This means for a user to see an item in a prompt response, they must first have the necessary permissions to access the content of the item. You can then use the Microsoft 365 Copilot and Copilot Chat policy location feature to exclude items from being processed in the response summary.