CISO
Compliance Officer
Enterprise Architect
Industry relevance
Financial Services
Healthcare
Government
DECEMBER 9, 2025
Purview DLP for Copilot is generally available — but it only blocks prompts containing labeled sensitive data. Unlabeled data has no protection.
Microsoft Purview Data Loss Prevention for Microsoft 365 Copilot reached general availability at Ignite 2025. It provides real-time control preventing Copilot, including pre-built agents and Copilot Chat, from returning a response when a prompt contains data on the organization's sensitive information block list. It also blocks internal grounding and web search queries containing sensitive data.
GOVERNANCE IMPLICATION
The general availability of Purview DLP for Copilot prompts closes a specific gap — it blocks Copilot from returning responses when prompts contain data matching sensitivity block lists. The governance limitation is that DLP protection is contingent on the quality and completeness of sensitivity labeling across the organization's data estate. Data that has not been labeled is not protected. For most organizations, the unlabeled portion of their data estate is larger than the labeled portion. Enabling Purview DLP for Copilot without completing sensitivity labeling creates a false confidence — the control appears active but covers only a fraction of the actual data at risk.
SCENARIO
A wealth management firm enables Purview DLP for Copilot immediately after GA in December 2025. The security team reports the control is active and monitoring. Six months later, an internal audit finds that 40% of client documents in SharePoint were never labeled — they predate the firm's sensitivity labeling program. Copilot prompts grounded in unlabeled documents are not subject to DLP controls. The client data those documents contain has been accessible through Copilot without restriction since deployment began.
THE GOVERNANCE QUESTION
Purview DLP for Copilot prompts fires correctly only when your sensitivity labels are current, accurate, and applied at the right granularity across your data estate. Those three conditions require a mature, maintained data governance program — not just a label taxonomy created at Copilot deployment time. How recently was that program independently tested, and who owns the answer when a sensitive prompt gets through?
CONTROL GAP
Purview DLP for Copilot operates against sensitivity labels. Organizations with incomplete label coverage — which is most organizations — have a DLP gap that the control cannot close without prior data governance investment in labeling completeness.
REGULATORY RELEVANCE
SEC Cyber
FINRA
OCC
HIPAA
NIST Ai RMF
PRIMARY SOURCE
Security and governance innovations for Microsoft 365 Copilot and agents from Ignite 2025
Microsoft
Read the primary source ->(opens in new tab)CONTINUE READING
MAY 21, 2026
Identity DataMicrosoft's May 2026 security roundup (Microsoft Security Blog, May 21, 2026) introduced an Anthropic Claude connector for Microsoft Purview, extending centralized visibility and audit signals across Claude Enterprise, Claude Console, and the Claude API. The same update reported Agent 365 reaching general availability and Windows 365 for Agents expanding in public preview. The connector gives Purview insight into Claude interaction and audit log activity alongside an organization's existing Microsoft AI estate.
MAY 7, 2026
Identity DataMicrosoft Digital published an internal governance guide for Microsoft 365 Copilot on May 7, 2026, updated June 8, 2026, authored by Alex Fleck on the Inside Track Blog. The guide states that by trusting employees to apply sensitivity labels and defaulting new content to inherit labels from parent containers, Microsoft accounts for 99 percent of its governance needs. The guide covers eight chapters: self-service container creation, label taxonomy, file-label inheritance, employee training, DLP-based verification, lifecycle attestation, company-shareable links, and oversharing detection through Microsoft Graph Data Connect.
MAY 1, 2026
Identity DataMicrosoft confirmed on May 1, 2026 that Conditional Access for agents is generally available for delegated access agents, those that act on behalf of a licensed human user. Conditional Access for own-access agents, those that operate with an independent identity not tied to a user session, remains in public preview. Microsoft Entra ID Protection applies dynamic risk evaluation to both agent and user identity signals and feeds those signals into Conditional Access policies. The GA and preview split means the two agent classes operate under materially different access control regimes at Agent 365 launch.