Microsoft adds Copilot data controls to all storage locations
Summary
Microsoft is expanding data loss prevention (DLP, rules that block AI from accessing sensitive documents) controls to protect files stored on local devices, not just in cloud storage like SharePoint or OneDrive. The change, rolling out between March and April 2026, will prevent the Microsoft 365 Copilot AI assistant from reading or processing documents marked as confidential. This update addresses a recent bug where Copilot Chat accidentally read confidential emails despite DLP protections being active.
Solution / Mitigation
Microsoft will deploy the enhancement through the Augmentation Loop (AugLoop, an Office component that helps Copilot access documents) between late March and late April 2026. The fix enables Office clients to provide sensitivity labels directly to AugLoop rather than requiring a call to Microsoft Graph using file URLs, allowing DLP enforcement to apply uniformly across all storage locations, including local files. Organizations with DLP policies already configured to block Copilot from processing sensitivity-labeled content will have this protection automatically enabled without requiring administrative action or changes.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/
First tracked: February 24, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 85%