Tag Archives: Compliance

DLP Policies Now Block Copilot Processing Across All Storage Locations

Posted on by

Microsoft is improving how Microsoft Purview Data Loss Prevention (DLP) protects content used by Microsoft 365 Copilot. Until now, DLP rules that block Copilot from processing sensitivity‑labeled content only worked when files lived in SharePoint or OneDrive.

With this update, those same protections will work everywhere, including local files stored on a user’s device. Organizations have asked for more consistent protection across all file locations, and this update delivers exactly that.

This change is associated with Microsoft 365 Roadmap ID 557255.

When it’s coming

General Availability (Worldwide + GCC)
Rollout: Late March 2026 → Late April 2026

Who this impacts

  • Organizations using Microsoft Purview DLP to limit what Copilot can access
  • Admins who manage Purview DLP rules
  • Users working with Copilot in Word, Excel, or PowerPoint

What’s changing

DLP rules that block Copilot from processing certain sensitivity-labeled files will now apply to:

  • SharePoint
  • OneDrive for Business
  • Local device storage
  • Any other file location Office apps can open

So if a DLP policy says “Copilot cannot process Confidential files,” then Copilot will not process those files anywhere, including when they’re opened directly from the desktop.

Key notes:

  • Existing DLP rules continue to work as they do today—no reconfiguration needed.
  • The feature turns on automatically for tenants already using relevant DLP policies.
  • Users will experience consistent protection when using Copilot across Word, Excel, and PowerPoint.

How it works (technical detail)

This update doesn’t change what Copilot can do—it changes how Office apps share sensitivity label information with AugLoop (the Copilot orchestration layer).

Today:
AugLoop reads file labels through Microsoft Graph
This only works for SharePoint or OneDrive files

After the update:

  • Office apps will pass the sensitivity label directly to AugLoop
  • This means DLP rules can finally apply to local and other non-cloud storage files too

This results in uniform, predictable DLP enforcement across all file locations.

Microsoft Office for the web: Apply sensitivity labels with user-defined permissions

Posted on by

Updated February 13, 2026: The roll-out timeline has been updated!!

Microsoft 365 Office for the web will support applying sensitivity labels with user-defined permissions in Word, Excel, and PowerPoint starting mid-March 2026. This aligns with desktop app permissions dialogs, requires no admin changes, and enhances document access control without compliance impacts.

Office for the web now supports sensitivity labels with user‑defined permissions

Microsoft 365 Office for the web (Word, Excel, and PowerPoint) now includes the ability to apply sensitivity labels with user‑defined permissions, giving organizations greater flexibility and control over document access directly in the browser. This update aligns the web experience with the modern permissions dialog available in the desktop apps.

Roadmap ID: 468888

Rollout timeline

General Availability

  • Worldwide & GCC:
    Rollout begins mid‑March 2026 (previously mid‑February) and is expected to complete by early April 2026 (previously early March).
  • GCCH & DoD:
    Rollout begins mid‑March 2026 (previously mid‑February) and is expected to complete by early May 2026 (previously early April).

Who is affected

Compliance considerations

No new compliance impacts have been identified. Organisations may review the change as needed.

Updated Announcement: Microsoft Purview – New Purview Agent Deployment Role

Posted on by

Microsoft Purview introduces a new Purview Agent Deployment role added to several built-in role groups, allowing analysts to deploy and manage Purview agents without admin help. Rollout starts late February 2026, improving onboarding and agent use while maintaining existing data access and compliance controls.

Microsoft introducing a new Microsoft Purview Role-Based Access Control (RBAC) role—Purview Agent Deployment—and adding it to several existing built‑in Purview role groups. This enhancement empowers analysts who work with Purview agents to deploy and manage them directly, without requiring administrator involvement. The change streamlines onboarding and supports broader adoption of Purview’s AI‑powered agent capabilities.

This update corresponds to Roadmap ID 551147.

Rollout Timeline

  • General Availability (Worldwide): Begins late February 2026
  • Expected Completion: Mid‑March 2026

Who is affected

  • Administrators managing Purview role groups
  • Analysts deploying or working with Microsoft Purview agents

What’s changing

The new Purview Agent Deployment role will be added to the following built‑in role groups:

  • Compliance Administrator
  • Data Security Management
  • Information Protection
  • Information Protection Analysts
  • Information Protection Investigators
  • Insider Risk Management
  • Insider Risk Management Analyst
  • Insider Risk Management Investigator
  • Purview Agent Management

The Purview Agent Management role group will continue to include the Purview Content Analyst role and retain access to Posture agent capabilities.

Capabilities enabled

Users assigned to these role groups will be able to deploy, use, and manage Purview agents end‑to‑end, including:

  • Data Loss Prevention (DLP) — Data Security Triage Agent
  • Insider Risk Management (IRM) — Data Security Triage Agent
  • Data Security Posture Management (DSPM) — Posture Agent
  • Future Purview agents as they are released

Important:

  • No default data access permissions are modified.
  • No new visibility into customer content is introduced.
  • Organizations can optionally enforce separation of responsibilities by using custom role groups.

🎤AI Cloud & Modern Workplace Conference 2026

Posted on by

I’m truly honored to be speaking at the AI Cloud & Modern Workplace Conference 2026 as a Microsoft MVP in M365 Copilot & Exchange, and to share insights on one of the topics I’m most passionate about:

🎤 Session: “Your Data. Your Control. Your Copilot.”
📅 14 February 2026
🕙 10:00 AM (UTC+2)

📝 Session Description:
This session brings together everything I deeply believe in:

  • Zero Trust as the backbone of AI safety
  • Purview‑driven compliance
  • Responsible Copilot adoption
  • Empowering users without compromising security
  • Making complex topics accessible and practical

I’m grateful for the warm welcome, the recognition, and the opportunity to contribute to a community I truly care about — a community that values inclusion, innovation, and meaningful collaboration.

Looking forward to connecting with everyone on February 14th and sharing practical guidance on how organizations can move forward confidently in this new AI era. 🚀🔐🤖

Empowering Cybersecurity with Microsoft Purview Data Security Investigations (Preview)

Posted on by

Data Security Investigations (preview) workflow helps you quickly identify, investigate, and take action on data associated with security and data breach incidents. This workflow isn’t a linear process. It includes significant iteration requirements for several of the steps to fine tune searches, evidence gathering, classification, and investigation by using AI and activities.

Analysts can use Data Security Investigations (preview) features in your organization to:

  • Quickly and efficiently search, discover, and identify impacted data.
  • Use deep content AI analysis to discover exact data risks hidden in data.
  • Take action to reduce the impact of data security incidents and quickly mitigate ongoing risks.
  • Collaborate with internal and external stakeholders on investigation details.

Check out the following videos to learn about how Data Security Investigations (preview) can help you respond to data security incidents:

DSI builds on and extends Microsoft Purview’s existing best-of-breed Data Security portfolio. Our information protection, data loss prevention, and insider risk management solutions have provided customers with a strong foundation to protect their crown jewels, their data. Data is at the center of cyberattacks, and now DSI will use AI to re-imagine how customers investigate and mitigate data security incidents, accelerating the process dramatically.  Most organizations we spoke to (77%) believe that AI will accelerate data security detection and response, and 76% think AI will improve the accuracy of data security detection and response strategies. With its cutting edge, generative AI-powered investigative capabilities, DSI will transform and scale how data security admins analyze incident-related data. DSI uncovers key security and sensitive data risks and facilitates secure collaboration between partner teams to mitigate those identified risks. This simplifies previously complex, time-consuming tasks – what once took months, can now be done in a fraction of the time.

Read more:
Get started with Data Security Investigations (preview)
Learn about Data Security Investigations (preview)