Microsoft has rolled out a significant update that extends data‑loss prevention (DLP) safeguards to the Microsoft 365 Copilot AI assistant across all storage locations—whether files are stored in SharePoint, OneDrive, or on local devices.
Previously, DLP policies only applied to documents residing in cloud repositories, leaving locally saved Word, Excel and PowerPoint files vulnerable to Copilot’s processing. With this enhancement, the Office Augmentation Loop (AugLoop) component will now read a file’s sensitivity label directly from the client, enabling uniform enforcement of DLP rules regardless of where the file is stored.
The rollout is scheduled for late March through late April 2026 and is automatically enabled for any organization that has configured its DLP policies to block Copilot from accessing sensitivity‑labeled content. No additional administrative action is required; the change simply integrates the existing DLP controls into Copilot’s workflow.
Microsoft emphasized that this update does not alter Copilot’s core capabilities. Instead, it ensures that sensitive documents—marked as restricted by DLP—cannot be read or processed by Copilot, whether they are locally saved or stored in cloud services.
This development follows a recent bug that allowed Copilot to summarize confidential emails in users’ Sent Items and Drafts folders despite active DLP protections. The bug was identified on January 21, affecting the “work tab” chat feature and inadvertently exposing protected content to authorized users only. Microsoft confirmed that this behavior was unintended and addressed it promptly.
By broadening DLP coverage, Microsoft aims to provide consistent protection across all file locations, addressing customer feedback for more reliable security in both local and cloud environments. The updated policy will help safeguard confidential data while maintaining Copilot’s productivity features.
