Share via

Copilot Cannot Open a File Protected with a Sensitivity Label and Encryption

Mountain Pond 1,716 Reputation points
2026-05-29T09:25:44.2533333+00:00

The idea is to apply sensitivity labels with encryption enabled to files and allow analysis and processing of those files exclusively through Microsoft 365 Copilot.

This way, if a third-party AI service cannot decrypt the content, it should be considered non-compliant from a security perspective which is the intended goal.

I based this configuration on the following Microsoft documentation:

https://learn.microsoft.com/en-us/purview/ai-microsoft-purview

https://learn.microsoft.com/en-us/purview/ai-m365-copilot-considerations#copilot-honors-existing-protection-with-the-extract-usage-right

The documentation states:

When the sensitivity label applies encryption, users must have the EXTRACT usage right, as well as VIEW, for the AI apps to return the data.

What I configured:

  1. Created a sensitivity label named "AI-Allowed" in Microsoft Purview.
  2. Configured access rights:

AuthenticatedUsers — Editor role (VIEW and EXTRACT enabled)

  • TestUser — permissions: VIEW, EXTRACT, View rights, Allow macros
    1. Published the "AI-Allowed" sensitivity label.

Additionally (not directly related to the question): I have Conditional Access policies for Office 365 and Defender for Cloud Apps session policies configured to allow file uploads to Copilot only when the file has the "AI-Allowed" sensitivity label applied.

Then I performed the following steps:

Signed in to Office 365 and Windows as TestUser

Created an Excel file

Applied the "AI-Allowed" sensitivity label

Saved the file

Uploaded the file to Copilot through the browser for analysis

Result: Copilot accepts the file and attempts to process it, but it cannot read the document content.

Could you please advise what I might be missing in the configuration?

Thank you in advance.

Microsoft Copilot | Microsoft Security Copilot

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-05-29T09:26:07.43+00:00

    For Microsoft 365 Copilot to read and use content in an encrypted, sensitivity-labeled file, two conditions must be met simultaneously:

    1. The user must have both VIEW and EXTRACT rights on the encrypted content.
    2. The AI app (Microsoft 365 Copilot) must be able to access the file through a supported path and service.

    From the provided documentation, the key points are:

    • “When the sensitivity label applies encryption, users must have the EXTRACT usage right, as well as VIEW, for the AI apps to return the data.”
    • This protection extends to data stored in SharePoint, OneDrive, and “data in use” when the file is open in an Office app.
    • For the best experience, sensitivity labels should be enabled for SharePoint and OneDrive; otherwise, encrypted files that Copilot can access are limited to data in use from Office apps on Windows.

    In the described scenario, the configuration of the label and EXTRACT right for the user is correct in principle, but the missing element is the supported access path for Copilot to actually open and decrypt the file.

    To align with the documented behavior and allow Copilot to read the content:

    1. Ensure the file is stored in a supported location
      • Store the labeled and encrypted file in SharePoint or OneDrive where sensitivity labels are enabled.
      • Follow the guidance in “Enable sensitivity labels for Office files in SharePoint and OneDrive” so that these services can process labeled and encrypted files.
      • If sensitivity labels are not enabled for SharePoint/OneDrive, Copilot’s access to encrypted files is effectively limited to “data in use” from Office apps on Windows, not arbitrary uploads.
    2. Use a supported interaction pattern for encrypted content
      • Instead of relying on a generic browser upload, open the labeled file directly in Word/Excel/PowerPoint (desktop or web) where Copilot is integrated, and invoke Copilot from within the Office app. In this mode, Copilot works against the file that the Office app has already opened and decrypted for the signed-in user.
      • This matches the documented “data in use” scenario: when the file is open in an Office app, Copilot can honor the EXTRACT right and return data.
    3. Verify the label and encryption behavior end-to-end
      • Confirm that the “AI-Allowed” label is a standard Purview sensitivity label with encryption configured, not a custom or unsupported encryption mechanism.
      • Confirm that the label is recognized in Office apps (label name visible in the ribbon, content markings if configured).
      • Confirm that the user can open the file normally in Excel and that the label shows as applied.
    4. Keep in mind external/extension limitations
      • If any external data sources, plugins, or Graph connectors are involved, sensitivity labels and encryption from those external sources are not recognized by Microsoft 365 Copilot Chat. The supported model is: content protected by Purview sensitivity labels inside the Microsoft 365 tenant, accessed via supported apps and services.

    In summary, the EXTRACT right on the label is necessary but not sufficient. Copilot must access the file through a supported Microsoft 365 path (SharePoint/OneDrive with sensitivity labels enabled, or as “data in use” in an Office app). A direct browser upload of an encrypted, labeled file does not guarantee that Copilot can open and decrypt the content, which explains why Copilot accepts the file but cannot read its contents.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.