Listen to this Post
Strengthening AI with Stronger Data Governance
In an era where artificial intelligence is reshaping how we work, Microsoft is making a bold move to balance innovation with security. The tech giant has announced a significant update to its Data Loss Prevention (DLP) capabilities, specifically targeting its AI-powered assistant, Microsoft 365 Copilot. With rising concerns over data leaks and regulatory compliance, the update ensures that sensitive emails marked with classification labels will not be accessible to Copilot’s processing engine.
Set to enter public preview in June 2025 and officially roll out in August 2025, the feature is a response to enterprises demanding tighter controls over how AI interacts with sensitive information. Tied to Microsoft 365 Roadmap ID 489221, this enhancement gives IT administrators the ability to restrict Copilot’s access to emails marked with labels like “Highly Confidential” or “Personal.” It’s part of a larger strategy by Microsoft to build responsible AI tools while keeping enterprise-grade security at the core.
Microsoft’s New DLP Expansion in Detail
Comprehensive Overview of the Announcement
Microsoft is refining the boundaries of its AI tools by enabling expanded DLP capabilities that restrict Microsoft 365 Copilot from using sensitive emails in its processing workflows. This development targets emails sent on or after January 1, 2025, ensuring that they’re excluded from Copilot’s summarization and grounding mechanisms.
Organizations that already have DLP policies applied to Microsoft 365 Copilot in preview will automatically see those protections extend to sensitive emails — no administrative action needed. Notably, even companies that don’t hold a Copilot license can implement and enforce these rules through the Microsoft Purview portal using the “Content contains > Sensitivity labels” condition. This integration taps into Microsoft’s Data Security Posture Management for AI (DSPM for AI), giving admins a centralized, real-time oversight tool.
During the preview phase, some features like alerts, audit logs, and simulations won’t be available. Still, the core functionality provides crucial control over AI interaction with confidential data. From a technical standpoint, Copilot now checks user permissions before accessing labeled content. Documents or emails encrypted and labeled as “Highly Confidential” are completely excluded unless the user has specific viewing or extraction rights.
What’s more, this update extends beyond SharePoint and OneDrive, reaching into Exchange Online to include emails — an important expansion given how email remains a critical data vector. Microsoft also ensures that any new content generated by Copilot automatically inherits the highest sensitivity label from its source, maintaining data protection continuity.
To help mitigate risks, Microsoft recommends four major strategies: use sensitivity labels with encryption, identify and label sensitive data through DSPM, provide user training to minimize disruptions, and test configurations before deployment. All of these reinforce Microsoft’s broader vision of secure, compliant AI integration across the Microsoft 365 ecosystem.
What Undercode Say:
Navigating Security Challenges in the Age of Generative AI
This move by Microsoft is not just a routine update — it’s a clear signal of how serious the risks have become around AI-driven data exposure. As generative AI becomes more embedded in workplace tools, security infrastructures must evolve at the same pace. By allowing administrators to restrict Copilot’s access to sensitive information, Microsoft is taking a proactive stance in mitigating AI-induced data leaks.
The inclusion of emails in the DLP scope is particularly impactful. Emails are often the most frequent and unguarded entry points for sensitive data. Historically, data protection focused on static files stored in SharePoint or OneDrive. By expanding this protection to Exchange Online, Microsoft is closing a significant security gap that many organizations didn’t even know existed.
Automating DLP policy extension to sensitive emails without requiring manual configurations streamlines protection. It’s efficient and minimizes the human error that often causes data breaches. Moreover, Copilot’s sensitivity-aware behavior, including its refusal to summarize or use data without proper user rights, ensures that confidential material doesn’t inadvertently leak into AI outputs.
The
However, the lack of audit logs and alerts during the preview period is a limitation worth noting. For security-sensitive sectors like healthcare, legal, or finance, visibility into Copilot’s actions is not a luxury — it’s a requirement. These gaps should ideally be resolved by the general availability release in August 2025.
In terms of compliance, this is a huge advantage. Copilot will now align more seamlessly with data governance protocols and regional privacy regulations like GDPR, HIPAA, and others. The fact that you don’t need a Copilot license to enable these protections means Microsoft is treating this as a platform-wide priority rather than a feature gated behind a paywall.
From a broader industry perspective, Microsoft is setting the standard. As AI gets integrated into platforms like Word, Excel, and Teams, the precedent they’re establishing here will likely become a benchmark for other tech providers. The update places Microsoft ahead in the race to build secure, scalable AI ecosystems.
This move should also drive internal shifts within enterprises. IT teams will need to review and update their sensitivity labels, align them with DLP enforcement policies, and educate staff on how Copilot interacts with restricted data. The inclusion of Microsoft Mechanics tutorials is a helpful touchpoint to reduce friction during the transition.
Ultimately, this update isn’t just about tech — it’s about trust. Microsoft understands that enterprise adoption of AI will only scale when organizations are confident that their data remains protected, no matter how intelligent the system becomes.
🔍 Fact Checker Results
✅ Microsoft 365 Roadmap ID 489221 confirms the new DLP feature will enter preview in June 2025
✅ Emails labeled with sensitivity tags like “Highly Confidential” are excluded from Copilot processing
✅ DLP policy setup does not require a Copilot license
📊 Prediction
As AI tools like Copilot become staples in business workflows, expect DLP capabilities to become increasingly customizable and user-specific. Microsoft will likely enhance the audit and alert systems post-preview, responding to enterprise demand for greater transparency. We also predict further integration of AI policy engines with compliance suites, allowing real-time AI access governance across all Microsoft 365 apps. 🌐🔐
References:
Reported By: cyberpress.org
Extra Source Hub:
https://www.linkedin.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
