Clarification on Purview DLP Coverage for Copilot “Computer Use” Data Exfiltration Scenario

Hi @Ashish Raina
Based on the provided docs, we can explain what Purview DLP can control for Copilot (and what it’s not described to control), but we can’t directly confirm detection/controls for the exact “Copilot computer use → external upload (e.g., Gmail)” exfiltration flow you described.

What Purview DLP for Copilot can control (per docs)

Microsoft Purview DLP supports controls to protect Copilot and Copilot Chat interactions in these main ways:

1. Restrict Copilot from using external web search when prompts contain sensitive data (preview) If a prompt contains sensitive information types (SITs), Copilot automatically blocks external web search as a grounding source and continues using permitted internal Microsoft 365 data sources where applicable.
2. Restrict Copilot from processing sensitive prompts (real-time control) You can create DLP policies so Copilot and Copilot Chat won’t generate responses (and won’t use that sensitive data for internal/external searches) when prompts contain sensitive information types (SITs), including custom SITs.
3. Restrict Copilot from processing sensitive files/emails based on sensitivity labels (generally available) You can create DLP policies to help prevent Copilot from using files and emails with specific sensitivity labels as part of response summarization and prompt grounding.

Important limitation called out in docs:

You can’t combine “content contains sensitive info types (SITs)” and “content contains sensitivity labels” in the same rule. (You can create separate rules for each condition type.)

Why your specific “computer use → retrieve OneDrive file → upload externally” scenario may not be covered by those controls

From the provided documentation, the Copilot-focused DLP controls are described around:

• Prompt content (SIT-based blocking of external web search / blocking processing of sensitive prompts), and
• Sensitivity-label-based restriction on using sensitive files/emails in Copilot grounding/response building.

The docs you provided do not explicitly describe an enforcement capability that detects/blocks Copilot’s “computer use” automated browser/session actions (for example: “Copilot opened Gmail inside its computer-use environment and uploaded a sensitive file”), nor do they describe DLP enforcement against the “data movement” step you outlined.

So, with only the provided documentation, we can’t claim “Purview DLP will detect/control that exfiltration path” the way you’re expecting.

Practical guidance you can use to validate coverage

Even if the docs don’t confirm the exact computer-use exfiltration enforcement, you can still validate whether your scenario triggers one of the supported DLP rule types:

1. Does the Copilot prompt (the user’s prompt that triggers Researcher/computer use) include sensitive data? If yes, a SIT-based DLP rule could block Copilot from processing that prompt and/or from using external web search.
2. Are the OneDrive files assigned sensitivity labels that your DLP rules target? If yes, DLP for Copilot can restrict Copilot from processing those labeled files in grounding/summarization.
3. Make sure the DLP policy you created is actually scoped/enforced for the Copilot location Purview DLP for Copilot uses the “Microsoft 365 Copilot and Copilot Chat policy location” in the Purview portal.
4. Rule timing / enforcement expectations (in general Purview behavior) While enforcement timing specifics depend on policy type, the provided docs note that data source/asset policy types are typically enforced within ~10 minutes; classification/sensitivity-label policy types may take several hours after scanning/publishing.

Follow-up questions (so we can be precise)

1. Are your Purview DLP rules targeting SITs in prompts, sensitivity labels on the file, or both (in separate rules)?
2. For the OneDrive file used in the scenario, do you have a sensitivity label applied? If yes, which label(s)?
3. In the “computer use” flow, does the user’s Copilot prompt include the sensitive values, or does the sensitive data only exist inside the OneDrive document the Copilot retrieves?
4. Are you using Microsoft 365 Copilot specifically (as opposed to a different Copilot product), and is the DLP policy configured at the Copilot/Copilot Chat location in Purview?
5. Do you see any Purview DLP alerts/incidents for the Copilot interaction when the upload happens?

References (from the provided documentation)

• Use Microsoft Purview to manage data security & compliance for Microsoft 365 Copilot & Microsoft 365 Copilot Chat (service capability summary) https://learn.microsoft.com/purview/ai-m365-copilot
• Learn about using Microsoft Purview Data Loss Prevention to protect interactions with Microsoft 365 Copilot and Microsoft 365 Copilot Chat https://learn.microsoft.com/purview/dlp-microsoft365-copilot-location-learn-about
• Microsoft Purview service description (licensing matrix; DLP capabilities for Copilot) https://learn.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-purview-service-description
• Common solutions for Microsoft Purview Data policies – Policy creation (prereqs like data use management enabled) https://supportabilityhub.microsoft.com/solutions/apollosolutions/c90f21d6-e15b-dbe0-62a7-a9c8ef7c0ea4/e12a236b-0ba9-4be3-a09f-729c5ee7e566
• Common solutions for Microsoft Purview Data policies – Policy publish https://supportabilityhub.microsoft.com/solutions/apollosolutions/c90f21d6-e15b-dbe0-62a7-a9c8ef7c0ea4/87a90f27-be61-431b-8e17-04c12b8ddaf2
• Common solutions for Microsoft Purview Data policies – Policy enforcement (enforcement expectations by policy type) https://supportabilityhub.microsoft.com/solutions/apollosolutions/c90f21d6-e15b-dbe0-62a7-a9c8ef7c0ea4/6fab1f3c-7723-49af-9ba8-8ca617b25caf