Microsoft adds Copilot data controls to all storage locations

Source: BleepingComputer

Author: Sergiu Gatlan

URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/

https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/

ONE SENTENCE SUMMARY:

Microsoft will extend Purview DLP to block Copilot on local Office files via AugLoop, following a Copilot bug exposing protected email summaries.

MAIN POINTS:

  1. Microsoft is expanding DLP controls to restrict Microsoft 365 Copilot processing confidential Office documents.
  2. Current Purview DLP enforcement applies only to SharePoint and OneDrive-stored files.
  3. Local device Word, Excel, and PowerPoint files were previously outside Copilot DLP coverage.
  4. Deployment will occur via the Augmentation Loop (AugLoop) Office component.
  5. Rollout window is scheduled from late March to late April 2026.
  6. Copilot will be blocked from documents restricted by DLP-based sensitivity labeling.
  7. Organizations with existing Copilot-blocking DLP policies get the change automatically enabled.
  8. Enhancement lets AugLoop read sensitivity labels directly from the Office client.
  9. Earlier approach relied on Microsoft Graph using SharePoint/OneDrive URLs, limiting enforcement scope.
  10. A prior Copilot Chat bug summarized confidential Sent Items and Drafts despite active DLP policies.

TAKEAWAYS:

  1. Uniform DLP enforcement across local and cloud storage reduces Copilot data exposure risk.
  2. AugLoop label retrieval from clients removes dependency on file URLs for protection decisions.
  3. Automatic enablement minimizes administrative effort but increases need for policy validation.
  4. Recent Copilot email summarization bug highlights gaps between intended and actual protection behavior.
  5. Automation platforms like Tines can reduce manual delays and improve incident response reliability.