Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Purview Data Loss Prevention (DLP) can help you prevent items that have specific sensitivity labels applied from being used in the response summarization to prompts in Microsoft 365 Copilot (preview). You do this by creating DLP policies that use the Microsoft 365 Copilot (preview) policy location with the Content contains > Sensitivity labels condition to exclude items from being processed. Identified items will still be available in the citations of the response, but the content of the item won't be used in the response.
Tip
Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.
Example use case
Contoso has established and applied a sensitivity label taxonomy to their data. The taxonomy includes these labels:
- Highly Confidential
- Confidential
- Internal
- Public
- Personal
They have deployed Microsoft 365 Copilot to help users find and use Contoso enterprise information in their organization. They want to minimize the risk of General Data Protection Regulation (GDPR) data being included in Microsoft 365 Copilot summaries and also exclude private information from summaries. They plan to create a DLP policy that uses the Microsoft 365 Copilot (preview) policy location with the Content contains > Sensitivity labels condition to exclude items that have the Personal sensitivity label from being processed in the response summary and also to exclude items that have the Highly Confidential sensitivity label from being processed in the response summary.
Availability
This capability is available in preview worldwide.
The Microsoft 365 Copilot (preview) policy location is only available in the Custom policy template.
When you select the Microsoft 365 Copilot (preview) policy location, all other locations for that policy are disabled.
Updates to a DLP policy can take up to 4 hours to reflect in Copilot experience.
Coverage
The DLP Microsoft 365 Copilot (preview) policy location supports specific content that’s processed across various Copilot experiences.
Microsoft 365 Copilot Chat supports:
- File items which are stored and items that are actively open. For more information on supported file types, see: file types supported by sensitivity labels.
- It also supports emails. In preview, if an email does not have a sensitivity label that matches the DLP policy, and its attachment does, DLP won't block the attachment from Copilot.
Microsoft 365 apps such as Word, Excel, and PowerPoint support files (in preview), but not emails.
Note
In preview, the below Copilot features do not support DLP.
- Copilot in PowerPoint: On-canvas rewrite
- Copilot in PowerPoint: Add a slide with Copilot
- Copilot in Excel: Clean data
These preview features are in the process of being rolled out.
Admin unit support
- The Microsoft 365 Copilot (preview) policy location doesn't support Admin units.
Supported Conditions and Actions
While in preview, the Microsoft 365 Copilot (preview) policy location supports the following conditions and actions:
| Conditions | Description | Supported policy actions | Description |
|---|---|---|---|
| Content contains > Sensitivity labels | Detects when a file in SharePoint or OneDrive or an email in Exchange has a chosen sensitivity label | Prevent Copilot from processing content | The content of the item won't be used in the response summary, but the item will still be available in the citations of the response. |
Note
All Microsoft 365 Copilot prompts are run in the security context of the user who initiated the prompt. This means for a user to see an item in a prompt response, they must first have the necessary permissions to access the content of the item. You can then use the Microsoft 365 Copilot (preview) policy location feature to exclude items from being processed in the response summary.
Alerts, notifications, and simulation mode
While in preview, the Microsoft 365 Copilot (preview) policy location doesn't support DLP alerts, DLP notifications, or DLP policy simulation mode.