MC1182689 – (Updated) Microsoft Purview | New Copilot Security Controls in Microsoft Admin Center

Product:

Copilot, Copilot Chat, Entra, Microsoft 365 admin center, Microsoft 365 Copilot, Microsoft Graph, Purview, Purview Communication Compliance, Purview compliance portal, Purview Data Loss Prevention

Platform:

Developer, Online, Web, World tenant

Status:

Rolling out

Change type:

Admin impact, New feature, Updated message

Links:

MC1181998
523212

Details:

Summary:
Microsoft Purview introduces new Copilot security controls in Microsoft Admin Center, including a default DLP policy in simulation mode, visibility into oversharing risks, and admin-configurable protections. Rollout begins mid-November 2025 (preview) and mid-January 2026 (general availability). Entra admin roles are required for policy management.

Details:
Updated November 12, 2025: We have updated the content. Thank you for your patience.
[Introduction]
To help organizations adopt Microsoft 365 Copilot securely, Microsoft Purview is introducing new capabilities in Microsoft Admin Center. These enhancements allow AI and IT admins to gain visibility into oversharing risks, remediate issues, and apply a new Data Loss Prevention (DLP) policy directly within Microsoft Admin Center. This update supports secure usage of Copilot by enabling protection of sensitive interactions.

This message is associated with Microsoft 365 Roadmap ID 523212.
[When this will happen:]
Public Preview: We will begin rolling out mid-November 2025 and expect to complete by late November 2025.
General Availability (Worldwide): We will begin rolling out mid-January 2026 and expect to complete by late January 2026.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2025-11-04

updated:
2025-11-13

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Data Loss Prevention Policy Implementation
Without proper preparation, the implementation of the new DLP policy may lead to unintended blocking of legitimate data usage in Copilot, causing disruptions in workflows.
   - roles: IT Admin, Data Security Admin
   - references: https://learn.microsoft.com/purview/ai-m365-copilot, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=523212

Oversharing Risk Visibility
Lack of preparation may result in admins being unaware of oversharing risks, leading to potential data breaches and compliance issues.
   - roles: IT Admin, Compliance Officer
   - references: https://learn.microsoft.com/purview/ai-m365-copilot, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=523212

Admin Role Requirements
If changes are made without preparation, admins may not have the necessary Entra roles configured, preventing them from managing the new security features effectively.
   - roles: Entra AI Admin, Global Admin
   - references: https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#ai-administrator, https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#global-administrator

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Data Security and Compliance Monitoring
With the introduction of new DLP policies for Microsoft 365 Copilot, organizations can proactively manage and mitigate oversharing risks. This opportunity allows for better visibility and control over sensitive data interactions, enhancing overall data security and compliance with regulations.
   - next-steps: Identify key sensitive data types relevant to your organization. Collaborate with data security admins to configure DLP policies in the Microsoft Admin Center and monitor compliance metrics regularly.
   - roles: Data Security Admin, Compliance Officer, IT Administrator
   - references: https://learn.microsoft.com/purview/ai-m365-copilot, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=523212

Streamlined Policy Management
The new Copilot security controls will allow admins to manage DLP policies directly from the Microsoft Admin Center, streamlining the policy management process. This centralization can lead to improved efficiency in administrative tasks and quicker response times to potential data breaches.
   - next-steps: Train IT staff on the new features and functionalities in the Microsoft Admin Center. Develop a standard operating procedure for policy management and incident response using the new tools.
   - roles: IT Administrator, Entra AI Admin, Global Admin
   - references: https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#ai-administrator, https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#global-administrator

Proactive Risk Management
The ability to gain visibility into oversharing risks associated with Copilot interactions allows organizations to proactively address potential vulnerabilities before they lead to data breaches. This opportunity supports a culture of risk awareness and data stewardship.
   - next-steps: Establish a regular review process for assessing oversharing risks. Implement training sessions for staff on the importance of data protection and how to utilize the new visibility features effectively.
   - roles: Risk Management Officer, Data Security Admin, Compliance Officer
   - references: https://learn.microsoft.com/purview/ai-m365-copilot, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=523212

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

Microsoft is introducing new security controls for Microsoft 365 Copilot through Microsoft Purview, aimed at helping organizations protect sensitive data when using AI tools. Think of this update like adding a new lock to your office door. Just as a lock helps keep your office secure by controlling who can enter, these new security controls help manage who can access and share sensitive information through Copilot.

The update includes a feature called Data Loss Prevention (DLP), which acts like a security guard for your data. It monitors the information being shared and can prevent sensitive data from being misused or overshared. Initially, this DLP policy will be in a "simulation mode," similar to a trial run, allowing admins to see how it works without fully enforcing it. Once they are comfortable, they can activate it to start blocking specific types of sensitive information.

Admins will also gain better visibility into potential oversharing risks, much like how a security camera provides a view of what's happening in and around your office. This visibility allows them to identify and address any issues proactively.

To manage these new features, certain admin roles are required, similar to needing a key or a code to access certain areas of a building. Only those with the appropriate roles, like Entra AI Admin or Global Admin, can configure these policies.

Overall, these updates are designed to ensure that using Microsoft 365 Copilot is as secure as possible, helping organizations protect their sensitive data while benefiting from AI capabilities.