Considerations for deploying Microsoft Purview data security and compliance protections for Copilot

Microsoft 365 licensing guidance for security & compliance, Microsoft Purview Audit service description, Microsoft Purview eDiscovery service description

When you understand how you can use Microsoft Purview with Copilot for Microsoft 365 to manage data security and compliance protections, use the following detailed information for any considerations and exceptions that might apply to your organization. Be sure to read these in conjunction with Microsoft Copilot for Microsoft 365 requirements.

For licensing information to use these capabilities for Copilot, see the licensing and service description links at the top of the page. For licensing information for Copilot, see the service description for Microsoft Copilot for Microsoft 365.

Information protection considerations for Copilot

Microsoft Copilot for Microsoft 365 has the capability to access data stored within your Microsoft 365 tenant, including mailboxes in Exchange Online and documents in SharePoint or OneDrive.

In addition to accessing Microsoft 365 content, Copilot can also use content from the specific file you're working on in the context of an Office app session, regardless of where that file is stored. For example, local storage, network shares, cloud storage, or a USB stick. When files are open by a user within an app, access is often referred to as data in use.

Before you deploy Copilot for Microsoft 365, make sure you're familiar with the following details that help you strengthen your data protection solutions:

  • If a user has encrypted content open in an app and the content grants the user VIEW usage rights but not EXTRACT, they won't be able to use Copilot.

  • Unlike other automatic labeling scenarios, an inherited label will replace a lower priority label that was manually applied.

  • When the application of the inherited sensitivity label can't be applied, the text won't be added to the destination item. For example:

    • The destination item is read-only
    • The destination item is already encrypted and the user doesn't have permissions to change the label (requires EXPORT or FULL CONTROL usage rights)
    • The inherited sensitivity label isn't published to the user
  • If a user asks Copilot to create new content from labeled and encrypted items, label inheritance isn't supported when the encryption is configured for user-defined permissions and the user won't be able to send this data to the destination item.

  • Because Double Key Encryption (DKE) is intended for your most sensitive data that is subject to the strictest protection requirements, Copilot can't access this data. As a result, items protected by DKE won't be returned by Copilot, and if a DKE item is open (data in use), you won't be able to use Copilot in the app.

  • Sensitivity labels that protect Teams meetings and chat aren't currently recognized by Copilot. For example, data returned from a meeting chat or channel chat won't display an associated sensitivity label, copying chat data can't be prevented for a destination item, and the sensitivity label can't be inherited. This limitation doesn't apply to meeting invites, responses, and calendar events that are protected by sensitivity labels.

App-specific exceptions:

  • Copilot in PowerPoint: Copilot can't create a presentation from an encrypted file.

  • Copilot in Word: Copilot can't generate draft content from encrypted files.

  • Copilot in Edge, Copilot in Windows: Unless data loss prevention (DLP) is used in Edge, Copilot can reference encrypted content from the active browser tab in Edge when that content doesn't grant the user EXTRACT usage rights. For example, the encrypted content is from Office for the web or Outlook for the web.

  • Copilot with Microsoft 365 Chat:

    • When meeting invites have a sensitivity label applied, the label is applied to the body of the meeting invite but not to the metadata, such as date and time, or recipients. As a result, questions based just on the metadata return data without the label. For example, "What meetings do I have on Monday?" Questions that include the meeting body, such as the agenda, return the data as labeled.
    • If content is encrypted independently from its applied sensitivity label, and that encryption doesn't grant the user EXTRACT usage rights (but includes the VIEW usage right), the content can be returned by Copilot and therefore sent to a source item. An example of when this configuration can occur if a user has applied Office restrictions from Information Rights Management when a document is labeled "General" and that label doesn't apply encryption.
    • When the returned content has a sensitivity label applied, users won't see the Edit in Outlook option because this feature isn't currently supported for labeled data.
    • If you're using the extension capabilities that include plugins and the Microsoft Graph Connector, sensitivity labels and encryption that are applied to this data from external sources aren't recognized by Copilot's Microsoft 365 Chat feature. Most of the time this limitation won't apply because the data is unlikely to support sensitivity labels and encryption, although one exception is Power BI data. You can always disconnect the external data sources by using the Microsoft 365 admin center to turn off those plugins for users, and disconnect connections that use a Graph API connector.

Will an existing label be overridden for sensitivity label inheritance?

Summary of outcomes when Copilot automatically applies protection with sensitivity label inheritance:

Existing label Override with sensitivity label inheritance
Manually applied, lower priority Yes
Manually applied, higher priority No
Automatically applied, lower priority Yes
Automatically applied, higher priority No
Default label from policy, lower priority Yes
Default label from policy, higher priority No
Default sensitivity label for a document library, lower priority Yes
Default sensitivity label for a document library, higher priority No

Compliance management considerations for Copilot

Compliance management for Copilot for Microsoft 365 interactions extends across Copilot in Word, Excel, PowerPoint, Teams, Loop, Whiteboard, OneNote, and the Microsoft 365 Chat feature.

Compliance tools identify the source Copilot interactions by the name of the app. For example, Copilot in Word, Copilot in Teams, and Microsoft 365 Chat.

Before you deploy Copilot for Microsoft 365, make sure you're familiar with the following details to support your compliance management solutions:

  • Copilot in Outlook isn't currently supported for compliance management.

  • Retention policies for Copilot interactions don't currently inform users when messages are deleted as a result of a retention policy.

  • Auditing captures the Copilot activity of search, but not the actual user prompt or response. For this information, use eDiscovery.

  • Admin-related changes for auditing Copilot aren't yet supported.

  • Device identify information isn't currently included in the audit details.

App-specific exceptions:

  • Copilot in Teams:

    • If transcripts are turned off, the capabilities for auditing, eDiscovery, and retention aren't supported
    • If transcripts are referenced, this action isn't captured for auditing
  • Copilot with Microsoft 365 Chat:

    • In Teams, Copilot activity for eDiscovery isn't currently shown as blocks of messages when you review the data but instead displays the raw JSON format
    • In Teams, Copilot currently can't retain as cloud attachments, referenced files that it returns to users. Files referenced by users are supported to be retained as cloud attachments.