CISO
Compliance Officer
Enterprise Architect
Industry relevance
Financial Services
Healthcare
Government
DECEMBER 9, 2025
Purview DLP for Copilot is generally available — but it only blocks prompts containing labeled sensitive data. Unlabeled data has no protection.
Microsoft Purview Data Loss Prevention for Microsoft 365 Copilot reached general availability at Ignite 2025. It provides real-time control preventing Copilot, including pre-built agents and Copilot Chat, from returning a response when a prompt contains data on the organization's sensitive information block list. It also blocks internal grounding and web search queries containing sensitive data.
GOVERNANCE IMPLICATION
The general availability of Purview DLP for Copilot prompts closes a specific gap — it blocks Copilot from returning responses when prompts contain data matching sensitivity block lists. The governance limitation is that DLP protection is contingent on the quality and completeness of sensitivity labeling across the organization's data estate. Data that has not been labeled is not protected. For most organizations, the unlabeled portion of their data estate is larger than the labeled portion. Enabling Purview DLP for Copilot without completing sensitivity labeling creates a false confidence — the control appears active but covers only a fraction of the actual data at risk.
SCENARIO
A wealth management firm enables Purview DLP for Copilot immediately after GA in December 2025. The security team reports the control is active and monitoring. Six months later, an internal audit finds that 40% of client documents in SharePoint were never labeled — they predate the firm's sensitivity labeling program. Copilot prompts grounded in unlabeled documents are not subject to DLP controls. The client data those documents contain has been accessible through Copilot without restriction since deployment began.
THE GOVERNANCE QUESTION
Purview DLP for Copilot prompts fires correctly only when your sensitivity labels are current, accurate, and applied at the right granularity across your data estate. Those three conditions require a mature, maintained data governance program — not just a label taxonomy created at Copilot deployment time. How recently was that program independently tested, and who owns the answer when a sensitive prompt gets through?
CONTROL GAP
Purview DLP for Copilot operates against sensitivity labels. Organizations with incomplete label coverage — which is most organizations — have a DLP gap that the control cannot close without prior data governance investment in labeling completeness.
REGULATORY RELEVANCE
SEC Cyber
FINRA
OCC
HIPAA
NIST Ai RMF
PRIMARY SOURCE
Security and governance innovations for Microsoft 365 Copilot and agents from Ignite 2025
Microsoft
Read the primary source →(opens in new tab)CONTINUE READING
MAY 1, 2026
Identity DataMicrosoft confirmed on May 1, 2026 that Conditional Access for agents is generally available for delegated access agents, those that act on behalf of a licensed human user. Conditional Access for own-access agents, those that operate with an independent identity not tied to a user session, remains in public preview. Microsoft Entra ID Protection applies dynamic risk evaluation to both agent and user identity signals and feeds those signals into Conditional Access policies. The GA and preview split means the two agent classes operate under materially different access control regimes at Agent 365 launch.
MARCH 29, 2026
Identity DataMicrosoft’s current guidance on extending Microsoft 365 Copilot with agents explicitly warns that tools and knowledge can pull from untrusted sources and influence behavior. The implication is clear: every custom agent added to Copilot is also a new prompt-injection and tool-governance surface.
MARCH 27, 2026
Identity DataMicrosoft Purview continues to be presented as a portfolio spanning data governance, security, and compliance, including controls such as information protection, DLP, investigations, and compliance tooling. In practice, that means Copilot readiness is inseparable from whether Purview-classification and policy work has actually been done.