DataSecurity – Catastrophic Failure

Microsoft is rolling out an important enhancement to help organizations use Microsoft 365 Copilot more securely. Starting this year, Microsoft Purview Data Loss Prevention (DLP) will include new protections designed specifically for Copilot and Copilot Chat. The goal: prevent sensitive data from being sent to external web search engines during AI‑assisted interactions.

This update introduces real‑time DLP evaluation for prompts that contain Sensitive Information Types (SITs). When Copilot detects protected data in a user’s prompt, it will block any external web search from taking place. Instead, Copilot will continue responding only with internal Microsoft Graph data provided that the user’s licensing allows it.

This feature corresponds with Microsoft 365 Roadmap ID 548671.

Rollout Timeline

Public Preview
Begins: Late March 2026
Completes: Late April 2026

General Availability (Worldwide)
Begins: Late June 2026
Completes: Late July 2026

What This Means for Your Organization

Who Will Be Affected?

This update is relevant for:

Organizations using Microsoft 365 Copilot, Copilot Chat, or Copilot Studio agents published to Microsoft 365.
Admins who manage Data Loss Prevention policies in the Microsoft Purview portal.

What’s Changing?

New DLP Control for Copilot Web Search

Admins will soon see a new option when configuring DLP policies: the ability to stop Copilot from using external web search when a prompt includes specific sensitive information types.

When this policy is triggered:

Copilot will not send content to external web search providers.
Copilot will still respond, drawing exclusively from internal Microsoft Graph data sources (assuming the user’s licensing supports this).

Microsoft Purview introduces a new Purview Agent Deployment role added to several built-in role groups, allowing analysts to deploy and manage Purview agents without admin help. Rollout starts late February 2026, improving onboarding and agent use while maintaining existing data access and compliance controls.

Microsoft introducing a new Microsoft Purview Role-Based Access Control (RBAC) role—Purview Agent Deployment—and adding it to several existing built‑in Purview role groups. This enhancement empowers analysts who work with Purview agents to deploy and manage them directly, without requiring administrator involvement. The change streamlines onboarding and supports broader adoption of Purview’s AI‑powered agent capabilities.

This update corresponds to Roadmap ID 551147.

Rollout Timeline

General Availability (Worldwide): Begins late February 2026
Expected Completion: Mid‑March 2026

Who is affected

Administrators managing Purview role groups
Analysts deploying or working with Microsoft Purview agents

What’s changing

The new Purview Agent Deployment role will be added to the following built‑in role groups:

Compliance Administrator
Data Security Management
Information Protection
Information Protection Analysts
Information Protection Investigators
Insider Risk Management
Insider Risk Management Analyst
Insider Risk Management Investigator
Purview Agent Management

The Purview Agent Management role group will continue to include the Purview Content Analyst role and retain access to Posture agent capabilities.

Capabilities enabled

Users assigned to these role groups will be able to deploy, use, and manage Purview agents end‑to‑end, including:

Data Loss Prevention (DLP) — Data Security Triage Agent
Insider Risk Management (IRM) — Data Security Triage Agent
Data Security Posture Management (DSPM) — Posture Agent
Future Purview agents as they are released

Important:

No default data access permissions are modified.
No new visibility into customer content is introduced.
Organizations can optionally enforce separation of responsibilities by using custom role groups.