Learn about the Microsoft 365 Copilot policy location (preview)

Microsoft Purview Data Loss Prevention (DLP) can help you prevent items that have specific sensitivity labels applied from being used in the response summarization to prompts in Microsoft 365 Copilot (preview). You do this by creating DLP policies that use the Microsoft 365 Copilot (preview) policy location with the Content contains > Sensitivity labels condition to exclude items from being processed. Identified items will still be available in the citations of the response, but the content of the item won't be used in the response.

Tip

Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.

Example use case

Contoso has established and applied a sensitivity label taxonomy to their data. The taxonomy includes these labels:

  • Highly Confidential
  • Confidential
  • Internal
  • Public
  • Personal

They have deployed Microsoft 365 Copilot to help users find and use Contoso enterprise information in their organization. They want to minimize the risk of General Data Protection Regulation (GDPR) data being included in Microsoft 365 Copilot summaries and also exclude private information from summaries. They plan to create a DLP policy that uses the Microsoft 365 Copilot (preview) policy location with the Content contains > Sensitivity labels condition to exclude items that have the Personal sensitivity label from being processed in the response summary and also to exclude items that have the Highly Confidential sensitivity label from being processed in the response summary.

Availability

  • This capability is rolling out. It will appear in your tenant when the rollout reaches you.
  • The Microsoft 365 Copilot (preview) policy location is only available in the Custom policy template.
  • When you select the Microsoft 365 Copilot (preview) policy location, all other locations for that policy are disabled.

Coverage

The Microsoft 365 Copilot (preview) policy location exclusion is only be applied to items in SharePoint and OneDrive for Business.

In preview, DLP for Microsoft 365 Copilot is supported for Business Chat. It isn't fully implemented in Word, Excel, and PowerPoint. For example, Copilot won't summarize a labeled document in the chat if the document is subject to the DLP policy, but will if you ask Copilot on the page to summarize the same document.

Admin unit support

  • The Microsoft 365 Copilot (preview) policy location doesn't support Admin units.

Supported Conditions and Actions

While in preview, the Microsoft 365 Copilot (preview) policy location supports the following conditions and actions:

Conditions Description Supported policy actions Description
Content contains > Sensitivity labels Detects when an item in SharePoint or OneDrive for Business has a chosen sensitivity label attached Prevent Copilot from processing content The content of the item won't be used in the response summary, but the item will still be available in the citations of the response.

Note

All Microsoft 365 Copilot prompts are run in the security context of the user who initiated the prompt. This means for a user to see an item in a prompt response, they must first have the necessary permissions to access the content of the item. You can then use the Microsoft 365 Copilot (preview) policy location feature to exclude items from being processed in the response summary.

Alerts, notifications, and simulation mode

While in preview, the Microsoft 365 Copilot (preview) policy location doesn't support DLP alerts, DLP notifications, or DLP policy simulation mode.

See also