Security & Infrastructure Tools
Microsoft Adds Copilot Data Controls to All Storage Locations
Microsoft is expanding its data‑loss prevention controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel and PowerPoint documents regardless of where they are stored—whether on local devices or in SharePoint/OneDrive. The update will be deployed through the Augmentation Loop (AugLoop) Office component between late March and late April 2026, automatically enabling the restriction for organizations that already have DLP policies set to block Copilot from handling sensitivity‑labeled content. This change follows a bug that had allowed Copilot to summarize confidential emails in users’ Sent Items and Drafts folders despite active DLP protections.

Microsoft has rolled out a significant update that extends data‑loss prevention (DLP) safeguards to the Microsoft 365 Copilot AI assistant across all storage locations—whether files are stored in SharePoint, OneDrive, or on local devices.
Previously, DLP policies only applied to documents residing in cloud repositories, leaving locally saved Word, Excel and PowerPoint files vulnerable to Copilot’s processing. With this enhancement, the Office Augmentation Loop (AugLoop) component will now read a file’s sensitivity label directly from the client, enabling uniform enforcement of DLP rules regardless of where the file is stored.
The rollout is scheduled for late March through late April 2026 and is automatically enabled for any organization that has configured its DLP policies to block Copilot from accessing sensitivity‑labeled content. No additional administrative action is required; the change simply integrates the existing DLP controls into Copilot’s workflow.
Microsoft emphasized that this update does not alter Copilot’s core capabilities. Instead, it ensures that sensitive documents—marked as restricted by DLP—cannot be read or processed by Copilot, whether they are locally saved or stored in cloud services.
This development follows a recent bug that allowed Copilot to summarize confidential emails in users’ Sent Items and Drafts folders despite active DLP protections. The bug was identified on January 21, affecting the “work tab” chat feature and inadvertently exposing protected content to authorized users only. Microsoft confirmed that this behavior was unintended and addressed it promptly.
By broadening DLP coverage, Microsoft aims to provide consistent protection across all file locations, addressing customer feedback for more reliable security in both local and cloud environments. The updated policy will help safeguard confidential data while maintaining Copilot’s productivity features.