Microsoft is rolling out an important enhancement to help organizations use Microsoft 365 Copilot more securely. Starting this year, Microsoft Purview Data Loss Prevention (DLP) will include new protections designed specifically for Copilot and Copilot Chat. The goal: prevent sensitive data from being sent to external web search engines during AI‑assisted interactions.

This update introduces real‑time DLP evaluation for prompts that contain Sensitive Information Types (SITs). When Copilot detects protected data in a user’s prompt, it will block any external web search from taking place. Instead, Copilot will continue responding only with internal Microsoft Graph data provided that the user’s licensing allows it.

This feature corresponds with Microsoft 365 Roadmap ID 548671.

Rollout Timeline

Public Preview
Begins: Late March 2026
Completes: Late April 2026

General Availability (Worldwide)
Begins: Late June 2026
Completes: Late July 2026

What This Means for Your Organization

Who Will Be Affected?

This update is relevant for:

• Organizations using Microsoft 365 Copilot, Copilot Chat, or Copilot Studio agents published to Microsoft 365.
• Admins who manage Data Loss Prevention policies in the Microsoft Purview portal.

What’s Changing?

New DLP Control for Copilot Web Search

Admins will soon see a new option when configuring DLP policies: the ability to stop Copilot from using external web search when a prompt includes specific sensitive information types.

When this policy is triggered:

• Copilot will not send content to external web search providers.
• Copilot will still respond, drawing exclusively from internal Microsoft Graph data sources (assuming the user’s licensing supports this).