MC1269217 - Microsoft Purview compliance portal: Endpoint DLP expands protection to Copilot PC Recall snapshots

Introduction

Microsoft Purview Endpoint Data Loss Prevention (Endpoint DLP) is expanding to support Copilot+ PCs by enabling protection of Windows Recall snapshots. This update helps organizations prevent the capture of sensitive content, including content with restricted sensitivity labels or sensitive information types (SITs). Admins can create Endpoint DLP custom policies designed specifically for Copilot+ PC devices to manage Recall behavior.

This message is associated with Microsoft 365 Roadmap ID 502519.

When this will happen

General Availability (Worldwide): Rollout will begin in early April 2026 and is expected to complete by late April 2026.

How this affects your organization

Who is affected

Admins managing Endpoint DLP within the Microsoft Purview compliance portal
Organizations deploying Copilot+ PCs with Recall enabled through Intune

What will happen

Endpoint DLP will support detection and blocking of Recall snapshots that contain sensitive files.
Purview admins will be able to author custom Endpoint DLP policies that integrate with Windows Recall settings on Copilot+ PCs.
Policies will apply only to Copilot+ PC devices configured by Intune admins.
This change is off by default until policies are created and deployed.
Existing Endpoint DLP policies remain unchanged unless admins choose to extend them.

What you can do to prepare

Ensure all Copilot+ PCs are running anti malware Client version 4.18.26020 or later.
Review your existing Endpoint DLP policies and determine whether additional policies are needed for Recall scenarios.
Coordinate with your Intune administrator to confirm that Copilot+ PCs are configured for Recall.
Notify your helpdesk and security operations teams about expected behavior.
Update internal device or compliance documentation as needed.

Compliance considerations

Question	Answer
Does the change alter how existing customer data is processed, stored, or accessed?	Yes. Endpoint DLP will evaluate content captured in Windows Recall snapshots to determine whether sensitive content is present.
Does the change introduce or modify AI or ML capabilities that interact with customer data?	Yes. The Recall snapshot feature uses AI driven capture and Endpoint DLP will evaluate its output.
Does the change modify DLP policy enforcement?	Yes. DLP enforcement is extended to block or restrict Recall snapshot capture of sensitive content.
Does the change include an admin control, and can it be controlled with Entra ID groups?	Yes. Admins can configure Endpoint DLP policies and may target Entra ID user or device groups.
Does the change allow a user to enable or disable the feature?	Yes. Users can enable or disable Recall, but DLP policies still determine whether sensitive content can be captured.

Introduction

This message is associated with Microsoft 365 Roadmap ID 502519.

When this will happen

General Availability (Worldwide): Rollout will begin in early April 2026 and is expected to complete by late April 2026.

How this affects your organization

Who is affected

Admins managing Endpoint DLP within the Microsoft Purview compliance portal
Organizations deploying Copilot+ PCs with Recall enabled through Intune

What will happen

Endpoint DLP will support detection and blocking of Recall snapshots that contain sensitive files.
Purview admins will be able to author custom Endpoint DLP policies that integrate with Windows Recall settings on Copilot+ PCs.
Policies will apply only to Copilot+ PC devices configured by Intune admins.
This change is off by default until policies are created and deployed.
Existing Endpoint DLP policies remain unchanged unless admins choose to extend them.

What you can do to prepare

Ensure all Copilot+ PCs are running anti malware Client version 4.18.26020 or later.
Review your existing Endpoint DLP policies and determine whether additional policies are needed for Recall scenarios.
Coordinate with your Intune administrator to confirm that Copilot+ PCs are configured for Recall.
Notify your helpdesk and security operations teams about expected behavior.
Update internal device or compliance documentation as needed.

Compliance considerations

Question	Answer
Does the change alter how existing customer data is processed, stored, or accessed?	Yes. Endpoint DLP will evaluate content captured in Windows Recall snapshots to determine whether sensitive content is present.
Does the change introduce or modify AI or ML capabilities that interact with customer data?	Yes. The Recall snapshot feature uses AI driven capture and Endpoint DLP will evaluate its output.
Does the change modify DLP policy enforcement?	Yes. DLP enforcement is extended to block or restrict Recall snapshot capture of sensitive content.
Does the change include an admin control, and can it be controlled with Entra ID groups?	Yes. Admins can configure Endpoint DLP policies and may target Entra ID user or device groups.
Does the change allow a user to enable or disable the feature?	Yes. Users can enable or disable Recall, but DLP policies still determine whether sensitive content can be captured.

Microsoft Purview compliance portal: Endpoint DLP expands protection to Copilot PC Recall snapshots

Message ID

Roadmap ID

Services

Affected Platforms

Summary

Details