check before: 2026-06-01
Product:
Copilot, Copilot Chat, eDiscovery, Exchange, Microsoft 365 Copilot, OneDrive, Purview, Purview Communication Compliance, Purview Data Loss Prevention, SharePoint
Platform:
Online, Web, World tenant
Status:
In development
Change type:
New feature, User impact, Admin impact
Links:
561552
(548671)
Details:
Summary:
Microsoft Purview is adding a new DLP control for Microsoft 365 Copilot and Copilot Chat to exclude external emails from being used in AI-generated responses. This feature, off by default, will roll out from June to August 2026 and helps protect organizations by limiting Copilot’s data sources to trusted internal content.
Details:
[Introduction]
We're expanding Microsoft Purview Data Loss Prevention (DLP) controls for Microsoft 365 Copilot and Copilot Chat to help organizations reduce the risk of untrusted or externally sourced content influencing AI-generated responses. This new capability allows admins to exclude emails from external senders from being used as grounding data during Copilot prompt processing. When enabled, Copilot continues to generate responses using trusted internal Microsoft 365 data sources, subject to existing licensing and policy controls.
This message is associated with Microsoft 365 Roadmap ID 561552.
[When this will happen]
Public preview: We will begin rolling out in early June 2026 and expect to complete by late June 2026.
General availability (Worldwide): We will begin rolling out in late July 2026 and expect to complete by late August 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2026-05-06
updated:
2026-05-14
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Data Processing Limitations
If the DLP control is enabled without proper preparation, users may find that external emails are not referenced or summarized in AI-generated responses, potentially leading to incomplete information.
- roles: End Users, Content Creators
- references: https://learn.microsoft.com/purview/dlp-create-deploy-policy#permissions, https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide
User Experience Disruption
Without preparation, users may experience confusion or frustration due to the sudden unavailability of external email content in responses, impacting their workflow and productivity.
- roles: End Users, Support Teams
- references: https://learn.microsoft.com/purview/dlp-microsoft365-copilot-location-learn-about, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=561552
Increased Administrative Burden
Admins may face increased workload to manage and configure the new DLP policies without prior training or documentation updates, leading to potential misconfigurations.
- roles: IT Administrators, Security Teams
- references: https://learn.microsoft.com/purview/dlp-create-deploy-policy#permissions, https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-05-14 | MC Messages | [Introduction]
We're expanding Microsoft Purview Data Loss Prevention (DLP) controls for Microsoft 365 Copilot and Copilot Chat to help organizations reduce the risk of untrusted or externally sourced content influencing AI-generated responses. This new capability allows admins to exclude emails from external senders from being used as grounding data during Copilot prompt processing. When enabled, Copilot continues to generate responses using trusted internal Microsoft 365 data sources, subject to existing licensing and policy controls. This message is associated with Microsoft 365 Roadmap ID 548671. [When this will happen] Public preview: We will begin rolling out in early June 2026 and expect to complete by late June 2026. General availability (Worldwide): We will begin rolling out in late July 2026 and expect to complete by late August 2026. | [Introduction]
We're expanding Microsoft Purview Data Loss Prevention (DLP) controls for Microsoft 365 Copilot and Copilot Chat to help organizations reduce the risk of untrusted or externally sourced content influencing AI-generated responses. This new capability allows admins to exclude emails from external senders from being used as grounding data during Copilot prompt processing. When enabled, Copilot continues to generate responses using trusted internal Microsoft 365 data sources, subject to existing licensing and policy controls. This message is associated with Microsoft 365 Roadmap ID 561552. [When this will happen] Public preview: We will begin rolling out in early June 2026 and expect to complete by late June 2026. General availability (Worldwide): We will begin rolling out in late July 2026 and expect to complete by late August 2026. |
| 2026-05-14 | MC Last Updated | 05/05/2026 20:51:26 | 2026-05-13T19:45:03Z |
| 2026-05-14 | MC prepare | No action is required if you do not plan to use this capability.
If you want to enable the feature: Create or update a DLP policy for Microsoft 365 Copilot in the Microsoft Purview portal. Review existing DLP configurations to understand potential Copilot impact. Ensure your admin account has the required DLP and Purview roles. Inform IT, security, and helpdesk teams about the new control. Update internal documentation related to AI governance and Copilot usage. Learn more: Learn about data loss prevention | Microsoft Purview | Microsoft Learn Learn about using Microsoft Purview Data Loss Prevention to protect interactions with Microsoft 365 Copilot and Copilot Chat | Microsoft Purview | Microsoft Learn Permissions - Create and deploy data loss prevention policies | Microsoft Purview | Microsoft Learn [Compliance considerations] QuestionAnswer Does the change alter how existing customer data is processed?Yes. External email content is excluded from Copilot grounding when the policy is enabled; underlying email storage, access, and retention are unchanged. Does the change introduce or modify AI/ML capabilities interacting with customer data?Yes. Copilot grounding logic is updated to respect a new DLP exclusion for external email content. Does the change modify Purview DLP enforcement?Yes. Adds a new DLP control scoped specifically to Copilot and Copilot Chat grounding behavior. Does the change include an admin control?Yes. The feature is controlled via Microsoft Purview DLP policies and is admin-configurable. https://learn.microsoft.com/purview/dlp-create-deploy-policy#permissions https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide https://learn.microsoft.com/purview/dlp-microsoft365-copilot-location-learn-about https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=548671 | No action is required if you do not plan to use this capability.
If you want to enable the feature: Create or update a DLP policy for Microsoft 365 Copilot in the Microsoft Purview portal. Review existing DLP configurations to understand potential Copilot impact. Ensure your admin account has the required DLP and Purview roles. Inform IT, security, and helpdesk teams about the new control. Update internal documentation related to AI governance and Copilot usage. Learn more: Learn about data loss prevention | Microsoft Purview | Microsoft Learn Learn about using Microsoft Purview Data Loss Prevention to protect interactions with Microsoft 365 Copilot and Copilot Chat | Microsoft Purview | Microsoft Learn Permissions - Create and deploy data loss prevention policies | Microsoft Purview | Microsoft Learn [Compliance considerations] QuestionAnswer Does the change alter how existing customer data is processed?Yes. External email content is excluded from Copilot grounding when the policy is enabled; underlying email storage, access, and retention are unchanged. Does the change introduce or modify AI/ML capabilities interacting with customer data?Yes. Copilot grounding logic is updated to respect a new DLP exclusion for external email content. Does the change modify Purview DLP enforcement?Yes. Adds a new DLP control scoped specifically to Copilot and Copilot Chat grounding behavior. Does the change include an admin control?Yes. The feature is controlled via Microsoft Purview DLP policies and is admin-configurable. https://learn.microsoft.com/purview/dlp-create-deploy-policy#permissions https://learn.microsoft.com/purview/dlp-learn-about-dlp?view=o365-worldwide https://learn.microsoft.com/purview/dlp-microsoft365-copilot-location-learn-about https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=561552 |
| 2026-05-14 | MC Summary | Microsoft Purview is adding a new Data Loss Prevention (DLP) control for Microsoft 365 Copilot and Copilot Chat to exclude external emails from being used as grounding data in AI responses. This feature, off by default, will roll out from June to August 2026 and requires admin configuration. | Microsoft Purview is adding a new DLP control for Microsoft 365 Copilot and Copilot Chat to exclude external emails from being used in AI-generated responses. This feature, off by default, will roll out from June to August 2026 and helps protect organizations by limiting Copilot’s data sources to trusted internal content. |
Last updated 3 days ago ago
