Microsoft Purview | Data Loss Prevention for Microsoft 365 Copilot to safeguard prompts

Plan for Change
Major Change

Message ID

MC1181998
View in Message Center

Roadmap ID

515945
View in M365 Roadmap

Services

Microsoft Purview

Affected Platforms

Web

Summary

Microsoft Purview DLP will support Microsoft 365 Copilot to prevent sensitive data leakage by blocking Copilot responses to prompts containing sensitive information. Rolling out from November 2025 (preview) to April 2026 (general availability), admins can configure policies in the Purview portal to safeguard data.

Details

Introduction:

We are expanding Microsoft Purview Data Loss Prevention (DLP) to support Microsoft 365 Copilot, helping organizations safeguard prompts that contain sensitive data. This real-time control helps mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot—including pre-built agents—from returning a response or using sensitive data for grounding in Microsoft 365 or the web.

This message is associated with Microsoft 365 Roadmap ID 515945.

When this will happen:

  • Public Preview: We will begin rolling out in mid-November 2025 and expect to complete by late December 2025.
  • General Availability (Worldwide): We will begin rolling out in late March 2026 and expect to complete by late April 2026.

How this affects your organization:

Who is affected:

  • Microsoft tenants with access to Microsoft 365 Copilot (free and paid), including E1, E3, and E5 license holders.
  • Admins managing Microsoft Purview DLP policies for Microsoft 365 Copilot.
Note: Licensing rollout will complete by December 2025. By then, all tenants will have access to this feature regardless of license tier.

What will happen:

  • Admins can configure DLP policies in the Microsoft Purview portal to restrict Copilot from processing prompts containing selected sensitive information types (SITs), including default and custom SITs.
  • Prompts containing sensitive data will not receive Copilot responses and will not be used for external web search or internal Microsoft Graph grounding.
  • Admins can also view DLP policy recommendations for Microsoft 365 Copilot in Data Security Posture Management:

    Screenshot 1

    user settings

    Screenshot 2

     user settings

    Important: At this time, DLP for Copilot policies do not support enforcement based on sensitive information types (SITs). Hence, no users will be impacted under SIT-based conditions. Admins need to create a new policy to enforce DLP for Copilot prompt based on SIT.

What you can do to prepare:

  • This feature will be available automatically by the specified date with no admin action required.
  • Admins can opt-in to use the feature by setting up a new policy. Review your current configuration to assess the impact on your organization.
  • To edit or view a DLP for Microsoft 365 Copilot policy, an admin account needs to be a member of a required role group. Data Security AI admins are also able to edit a DLP for Microsoft 365 Copilot policy.
  • You may want to notify your users or admins about this change and update your relevant documentation.

Learn more: 


Timeline

Published
Oct 31, 2025
Updated
Oct 31, 2025
End Date
Jun 1, 2026

Tags

New featureUser impactAdmin impact

Category

Plan for Change