DATA PROTECTION - COPILOT & AGENTS
The governance question is not whether Microsoft Purview is configured. It is whether any human has formally decided what data your Copilot deployment and your agents are authorized to access, and what triggers a review when the data estate changes. As of May 1, 2026, that question applies to both.
Topics in this research area
THE GOVERNANCE QUESTION
Microsoft Purview Information Protection gives organizations sensitivity labels, data loss prevention policies, and Data Security Posture Management for AI. As of March 31, 2026, expanded DLP for Microsoft 365 Copilot reached general availability, blocking sensitive information types in prompts from being processed or used for web grounding. Agent 365, generally available May 1, 2026, integrates Purview directly into the agent control plane - applying data protection policies and capturing agent activity in the unified audit log. These are real and substantial controls. The technical layer is more capable in April 2026 than it was twelve months ago.
What neither Purview, nor Agent 365, nor the Copilot Control System does is make the organizational decision that preceded the technical configuration. Who decided which sensitivity labels to apply, and on what criteria? Who decided which data Copilot and AI agents are explicitly authorized to access? Who reviews those decisions when the data estate changes - when a SharePoint site is restructured, when a Teams channel is created, when a project ends and its data becomes stale? Those decisions are organizational. No platform makes them for you.
WHAT THE CONTROL PLANE PROVIDES
Microsoft Purview Information Protection lets organizations classify and protect data across Microsoft 365. Sensitivity labels can be applied automatically based on content, or manually by users. Labels travel with the data - encryption, access restrictions, and content markings follow the file wherever it goes.
The organizational gap
A weekly data risk assessment tells you which sites are overshared today. It does not tell you who is responsible for reviewing which Copilot deployments or agents are authorized to access those sites when the site's purpose changes. That is an organizational design decision.
WHO THIS DECISION SERVES
RELATED QUESTIONS
Not what data the agent can technically reach. What data the organization has formally decided it should access as part of its authorized function. This decision must be documented, dated, and signed by a named human before the agent's first execution. It is distinct from sensitivity label configuration. A label controls access. This decision defines intent.
Related frameworks
The Containment layer addresses what agents can access. The organizational design decisions that must precede that configuration.
Explore frameworkDeferred data access authorization decisions compound as the agent estate grows. Three phases: Unreconciled, Exposure Recognized, Coverage Operating.
Explore frameworkThe control plane for data protection in Microsoft 365 is substantially more capable in April 2026 than it was twelve months ago. Expanded DLP for Copilot reached general availability March 31. Agent 365 brings Purview directly into the agent control plane at launch on May 1. DSPM for AI now embeds proactive data security investigations and extends to third-party platforms. These are real investments in data governance infrastructure.
The governance question these investments surface is not technical. It is whether organizations have built the organizational layer that gives the technical layer its meaning: the authorization decisions, the accountability assignments, the review cadences, and the drift detection that together constitute genuine data governance rather than technical configuration without organizational design. Independent commentary in April 2026 - from InformationWeek, governance practitioners, and enterprise architects - converges on the same point: Microsoft's controls are necessary and materially improve the baseline. They do not replace the need for an accountability layer above them.
Purview and Agent 365 can tell you what Copilot and your agents are accessing. The harder document - who decided what they should access, when, and under whose authority - is yours to write.