Microsoft 365 Message Center item MC1301714

MC1301714 - Microsoft Purview | Data Loss Prevention- DLP to restrict processing external emails in M365 Copilot and Copilot Chat

Microsoft Purview is adding a new DLP control for Microsoft 365 Copilot and Copilot Chat to exclude external emails from being used in AI-generated responses. This feature, off by default, will roll out from June to August 2026 and helps protect organizations by limiting Copilot’s data sources to trusted internal content.

Message Center ID
MC1301714
Category
stay Informed
Severity
normal
Services
Microsoft Copilot (Microsoft 365), Microsoft Purview, Microsoft 365 Copilot Chat
Tags
New feature, User impact, Admin impact
Roadmap ID
561552
Platforms
Web
Published
2026-05-05
Last updated
2026-05-13
Expires
2026-08-31

[Introduction]We’re expanding Microsoft Purview Data Loss Prevention (DLP) controls for Microsoft 365 Copilot and Copilot Chat to help organizations reduce the risk of untrusted or externally sourced content influencing AI‑generated responses. This new capability allows admins to exclude emails from external senders from being used as grounding data during Copilot prompt processing. When enabled, Copilot continues to generate responses using trusted internal Microsoft 365 data sources, subject to existing licensing and policy controls.This message is associated with Microsoft 365 Roadmap ID 561552.[When this will happen]Public preview: We will begin rolling out in early June 2026 and expect to complete by late June 2026.General availability (Worldwide): We will begin rolling out in late July 2026 and expect to complete by late August 2026.[How this affects your organization]Who is affectedOrganizations using Microsoft 365 Copilot (Premium) or Copilot ChatAdmins managing AI governance, security, and data protection using Microsoft PurviewWhat will happenA new DLP policy control will be available for Microsoft 365 Copilot and Copilot Chat.When enabled by an admin:Emails sent from external or untrusted domains are excluded from being:ReferencedSummarizedUsed as grounding data by CopilotCopilot continues to generate responses using trusted internal Microsoft 365 data sources (for example, SharePoint, OneDrive, and internal Exchange content), subject to existing licensing and policy.This change does not:Affect email delivery, retention, eDiscovery, or user accessChange existing Copilot interaction behavior unless the policy is explicitly configuredDefault state:Off by default.There is no change unless an admin enables this control in Microsoft Purview.Screenshot 1. Select Microsoft 365 Copilot and Copilot Chat as the DLP policy location: Screenshot 2. New DLP setting to restrict processing of external email content: [What you can do to prepare]No action is required if you do not plan to use this capability.If you want to enable the feature:Create or update a DLP policy for Microsoft 365 Copilot in the Microsoft Purview portal.Review existing DLP configurations to understand potential Copilot impact.Ensure your admin account has the required DLP and Purview roles.Inform IT, security, and helpdesk teams about the new control.Update internal documentation related to AI governance and Copilot usage.Learn more:Learn about data loss prevention | Microsoft Purview | Microsoft LearnLearn about using Microsoft Purview Data Loss Prevention to protect interactions with Microsoft 365 Copilot and Copilot Chat | Microsoft Purview | Microsoft LearnPermissions - Create and deploy data loss prevention policies | Microsoft Purview | Microsoft Learn[Compliance considerations]QuestionAnswerDoes the change alter how existing customer data is processed?Yes. External email content is excluded from Copilot grounding when the policy is enabled; underlying email storage, access, and retention are unchanged.Does the change introduce or modify AI/ML capabilities interacting with customer data?Yes. Copilot grounding logic is updated to respect a new DLP exclusion for external email content.Does the change modify Purview DLP enforcement?Yes. Adds a new DLP control scoped specifically to Copilot and Copilot Chat grounding behavior.Does the change include an admin control?Yes. The feature is controlled via Microsoft Purview DLP policies and is admin-configurable.