MC1181998 – Microsoft Purview | Data Loss Prevention for Microsoft 365 Copilot to safeguard prompts

Product:

Copilot, Microsoft 365 Copilot, Microsoft Graph, Purview, Purview Communication Compliance, Purview compliance portal, Purview Data Loss Prevention

Platform:

Developer, Online, Web, World tenant

Status:

In development

Change type:

New feature, User impact, Admin impact

Links:

515945

Details:

Summary:
Microsoft Purview DLP will support Microsoft 365 Copilot to prevent sensitive data leakage by blocking Copilot responses to prompts containing sensitive information. Rolling out from November 2025 (preview) to April 2026 (general availability), admins can configure policies in the Purview portal to safeguard data.

Details:
[Introduction:]
We are expanding Microsoft Purview Data Loss Prevention (DLP) to support Microsoft 365 Copilot, helping organizations safeguard prompts that contain sensitive data. This real-time control helps mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot-including pre-built agents-from returning a response or using sensitive data for grounding in Microsoft 365 or the web.
This message is associated with Microsoft 365 Roadmap ID 515945.
[When this will happen:]
Public Preview: We will begin rolling out in mid-November 2025 and expect to complete by late December 2025.
General Availability (Worldwide): We will begin rolling out in late March 2026 and expect to complete by late April 2026.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability

Created:
2025-11-01

updated:
2025-11-01

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Data Leakage Risk
Without proper DLP policies, sensitive data may be inadvertently shared through Copilot responses, leading to potential data breaches.
   - roles: Data Security Admin, Compliance Officer
   - references: https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=515945

User Experience Degradation
Users may experience delays or lack of responses from Copilot when prompts contain sensitive information, impacting productivity.
   - roles: End User, Business Analyst
   - references: https://learn.microsoft.com/purview/dlp-create-deploy-policy#permissions, https://learn.microsoft.com/purview/dlp-microsoft365-copilot-location-learn-about

Increased Admin Workload
Admins may face increased workload to configure and manage new DLP policies, especially if users are not informed about the changes.
   - roles: IT Admin, Data Security Admin
   - references: https://learn.microsoft.com/purview/dlp-create-deploy-policy#permissions, https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide

Compliance Violations
Failure to implement DLP policies may lead to non-compliance with data protection regulations, resulting in legal repercussions.
   - roles: Compliance Officer, Legal Advisor
   - references: https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=515945

Training and Documentation Gaps
Users and admins may not be adequately trained on the new DLP features, leading to misuse or underutilization of the tool.
   - roles: Training Coordinator, IT Support
   - references: https://learn.microsoft.com/purview/dlp-create-deploy-policy#permissions, https://learn.microsoft.com/purview/dlp-microsoft365-copilot-location-learn-about

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Data Security Policies
Implementing Microsoft Purview DLP for Microsoft 365 Copilot allows organizations to create customized data security policies that prevent sensitive information from being processed or shared. This will help reduce the risk of data breaches and ensure compliance with data protection regulations.
   - next-steps: Review current data security policies and assess the types of sensitive information that need protection. Set up new DLP policies in the Purview portal to safeguard prompts containing sensitive data.
   - roles: Data Security Administrators, Compliance Officers, IT Managers
   - references: https://learn.microsoft.com/purview/dlp-create-deploy-policy#permissions, https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide

User Training and Awareness Programs
With the introduction of DLP for Microsoft 365 Copilot, it is crucial to educate users about the types of sensitive information that should not be included in prompts. This can enhance user awareness and adherence to data protection practices.
   - next-steps: Develop training materials and sessions to inform users about the new DLP policies and best practices for handling sensitive data within Microsoft 365 Copilot.
   - roles: Training Coordinators, HR Managers, IT Support Staff
   - references: https://learn.microsoft.com/purview/dlp-microsoft365-copilot-location-learn-about

Integration with Existing Security Frameworks
Integrating Microsoft Purview DLP with existing security frameworks can provide a comprehensive approach to data protection. This can streamline compliance efforts and enhance overall security posture by aligning DLP policies with other security measures.
   - next-steps: Evaluate current security frameworks and identify integration points with Microsoft Purview DLP. Collaborate with security teams to align policies and ensure comprehensive data protection.
   - roles: Chief Information Security Officers (CISOs), IT Security Analysts, Compliance Managers
   - references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=515945

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only