Tag Archives: MIP

DLP Policies Now Block Copilot Processing Across All Storage Locations

Posted on by

Microsoft is improving how Microsoft Purview Data Loss Prevention (DLP) protects content used by Microsoft 365 Copilot. Until now, DLP rules that block Copilot from processing sensitivity‑labeled content only worked when files lived in SharePoint or OneDrive.

With this update, those same protections will work everywhere, including local files stored on a user’s device. Organizations have asked for more consistent protection across all file locations, and this update delivers exactly that.

This change is associated with Microsoft 365 Roadmap ID 557255.

When it’s coming

General Availability (Worldwide + GCC)
Rollout: Late March 2026 → Late April 2026

Who this impacts

  • Organizations using Microsoft Purview DLP to limit what Copilot can access
  • Admins who manage Purview DLP rules
  • Users working with Copilot in Word, Excel, or PowerPoint

What’s changing

DLP rules that block Copilot from processing certain sensitivity-labeled files will now apply to:

  • SharePoint
  • OneDrive for Business
  • Local device storage
  • Any other file location Office apps can open

So if a DLP policy says “Copilot cannot process Confidential files,” then Copilot will not process those files anywhere, including when they’re opened directly from the desktop.

Key notes:

  • Existing DLP rules continue to work as they do today—no reconfiguration needed.
  • The feature turns on automatically for tenants already using relevant DLP policies.
  • Users will experience consistent protection when using Copilot across Word, Excel, and PowerPoint.

How it works (technical detail)

This update doesn’t change what Copilot can do—it changes how Office apps share sensitivity label information with AugLoop (the Copilot orchestration layer).

Today:
AugLoop reads file labels through Microsoft Graph
This only works for SharePoint or OneDrive files

After the update:

  • Office apps will pass the sensitivity label directly to AugLoop
  • This means DLP rules can finally apply to local and other non-cloud storage files too

This results in uniform, predictable DLP enforcement across all file locations.

Microsoft Office for the web: Apply sensitivity labels with user-defined permissions

Posted on by

Updated February 13, 2026: The roll-out timeline has been updated!!

Microsoft 365 Office for the web will support applying sensitivity labels with user-defined permissions in Word, Excel, and PowerPoint starting mid-March 2026. This aligns with desktop app permissions dialogs, requires no admin changes, and enhances document access control without compliance impacts.

Office for the web now supports sensitivity labels with user‑defined permissions

Microsoft 365 Office for the web (Word, Excel, and PowerPoint) now includes the ability to apply sensitivity labels with user‑defined permissions, giving organizations greater flexibility and control over document access directly in the browser. This update aligns the web experience with the modern permissions dialog available in the desktop apps.

Roadmap ID: 468888

Rollout timeline

General Availability

  • Worldwide & GCC:
    Rollout begins mid‑March 2026 (previously mid‑February) and is expected to complete by early April 2026 (previously early March).
  • GCCH & DoD:
    Rollout begins mid‑March 2026 (previously mid‑February) and is expected to complete by early May 2026 (previously early April).

Who is affected

Compliance considerations

No new compliance impacts have been identified. Organisations may review the change as needed.