Source: BleepingComputer
Author: Sergiu Gatlan
URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/
ONE SENTENCE SUMMARY:
Microsoft will extend Purview DLP to block Copilot on local Office files via AugLoop, following a Copilot bug exposing protected email summaries.
MAIN POINTS:
- Microsoft is expanding DLP controls to restrict Microsoft 365 Copilot processing confidential Office documents.
- Current Purview DLP enforcement applies only to SharePoint and OneDrive-stored files.
- Local device Word, Excel, and PowerPoint files were previously outside Copilot DLP coverage.
- Deployment will occur via the Augmentation Loop (AugLoop) Office component.
- Rollout window is scheduled from late March to late April 2026.
- Copilot will be blocked from documents restricted by DLP-based sensitivity labeling.
- Organizations with existing Copilot-blocking DLP policies get the change automatically enabled.
- Enhancement lets AugLoop read sensitivity labels directly from the Office client.
- Earlier approach relied on Microsoft Graph using SharePoint/OneDrive URLs, limiting enforcement scope.
- A prior Copilot Chat bug summarized confidential Sent Items and Drafts despite active DLP policies.
TAKEAWAYS:
- Uniform DLP enforcement across local and cloud storage reduces Copilot data exposure risk.
- AugLoop label retrieval from clients removes dependency on file URLs for protection decisions.
- Automatic enablement minimizes administrative effort but increases need for policy validation.
- Recent Copilot email summarization bug highlights gaps between intended and actual protection behavior.
- Automation platforms like Tines can reduce manual delays and improve incident response reliability.