You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
sensitivity labels
About this tag
Sensitivity labels in Microsoft Purview are a core information protection feature for Microsoft 365, enabling organizations to classify and protect documents and emails based on sensitivity. Recent updates expand label enforcement to block Copilot content analysis, detect labels inside ZIP archives, support user-defined permissions in Office for the web, and extend controls to Microsoft Entra security groups. These changes address gaps between classification and enforcement, particularly as AI tools like Copilot introduce new governance challenges. The tag covers label-based DLP, guest access control, and real-world incidents where labels interacted with Copilot bugs, highlighting the evolving role of sensitivity labels in enterprise security.
Microsoft added Microsoft 365 Roadmap item 566617 on June 25, 2026, saying Microsoft Purview Endpoint Data Loss Prevention will begin detecting sensitivity labels on files inside archive containers, with preview planned for July 2026 and general availability for August 2026. The change sounds...
Microsoft has launched Microsoft Purview support for applying sensitivity labels with user-defined permissions in Office for the web across Word, Excel, and PowerPoint, bringing the feature to General Availability in April 2026 for commercial, GCC, GCC High, and DoD Microsoft 365 tenants. The...
Microsoft is rolling out a Microsoft Purview sensitivity-label change in 2026 that makes labeled Word, Excel, and PowerPoint files ineligible for all Microsoft connected experiences that analyze content, including Microsoft 365 Copilot, when the label uses the existing content-analysis blocking...
Microsoft is expanding Microsoft Purview sensitivity-label enforcement for commercial Microsoft 365 tenants so protected Word, Excel, PowerPoint, and Outlook content can be blocked from Copilot and other connected experiences that analyze files, with rollout expected to complete by the end of...
Microsoft has moved sensitivity labels for Microsoft Entra cloud security groups into public preview, extending Microsoft Purview-governed access controls to static, non-mail-enabled security groups used across Azure, SharePoint, Power BI, and other corporate resources. The change sounds narrow...
The email mistake most organisations fear is rarely the glamorous kind. It is not a stealthy zero-day exploit or a nation-state campaign slipping through a firewall at 3am. More often, it is a simple human error: a spreadsheet with payroll data, a misdirected attachment, and a message that lands...
A quiet configuration error in Microsoft 365 Copilot’s Chat feature has once again exposed a sore truth about modern workplace AI: convenience and deep integration can outpace the guardrails organizations rely on to protect their most sensitive data.
Background / Overview
In late January 2026...
Microsoft’s Copilot for Microsoft 365 briefly did exactly what it was built to do — read, understand and summarise email content — and in doing so it accidentally summarised messages that organizations had explicitly labelled Confidential, exposing a gap between AI convenience and longstanding...
Microsoft’s Copilot Chat quietly summarized emails labeled “Confidential,” bypassing the data‑loss protections administrators relied on and forcing a hard assessment of how AI features must be governed inside Microsoft 365...
Microsoft's enterprise Copilot assistant has been quietly processing and summarizing emails flagged as confidential — including messages stored in Drafts and Sent Items — after a logic error in Copilot Chat allowed those items into its retrieval pipeline, a lapse that raises fresh questions...
Microsoft's own Copilot Chat briefly overran its guardrails: a code error allowed the service to summarize emails labeled as confidential, processing messages from users' Sent Items and Drafts in ways that violated intended Data Loss Prevention (DLP) and sensitivity-label behavior.
Background
In...
Microsoft’s flagship workplace assistant, Microsoft 365 Copilot Chat, briefly read and summarized email messages that organizations had explicitly labeled Confidential, a logic error the company logged internally as service advisory CW1226324 and that has forced a re‑examination of how embedded...
admx templates
ai governance
copilot bug
copilot privacy
data loss prevention
data protection
email security
enterprise ai
enterprise governance
gpo management
group policy editor
microsoft copilot
privacy governance
sensitivitylabels
windows 11 policy
Microsoft’s flagship workplace assistant, Microsoft 365 Copilot Chat, mistakenly accessed and summarised some users’ confidential Outlook messages — a logic error the company first detected in late January and has since patched — raising fresh questions about how embedded AI interacts with...
Microsoft’s Copilot Chat briefly summarized emails that organizations had explicitly labeled as confidential — a failure Microsoft attributes to a server‑side code error that allowed items in users’ Sent Items and Drafts to be picked up and summarized by the Copilot “Work” chat experience, and...
For weeks this winter, a logic error in Microsoft 365 Copilot Chat’s “Work” experience allowed the AI to read and summarize emails that organizations had explicitly marked Confidential, bypassing configured Data Loss Prevention (DLP) and sensitivity‑label protections and exposing a material risk...
Microsoft’s flagship productivity assistant, Microsoft 365 Copilot Chat, briefly read and summarized emails that organizations had explicitly labeled “Confidential,” exposing a gap between automated AI convenience and long‑standing enterprise access controls...
copilot
copilot bug
copilot security
data governance
data loss prevention
dlp policies
enterprise governance
enterprise security
microsoft 365 copilot
microsoft copilot
sensitivitylabels
For weeks this winter, Microsoft’s enterprise assistant, Microsoft 365 Copilot, quietly read and summarized email messages that organizations had explicitly marked Confidential, bypassing established Data Loss Prevention (DLP) and sensitivity‑label protections — a logic bug Microsoft has tracked...
Microsoft’s flagship productivity assistant briefly did what it was built to do — read, index and summarise corporate communications — and in doing so it accidentally summarised email messages organizations had explicitly marked Confidential, bypassing Data Loss Prevention (DLP) and...
Microsoft confirmed a logic bug in Microsoft 365 Copilot that, for a window of weeks, allowed Copilot Chat’s “Work” experience to index and summarize emails that organizations had explicitly labeled as Confidential, effectively bypassing configured Data Loss Prevention (DLP) and...
For weeks this winter, Microsoft’s flagship productivity assistant, Microsoft 365 Copilot Chat, quietly indexed and summarised emails that organizations had explicitly marked Confidential, bypassing sensitivity labels and Data Loss Prevention (DLP) controls designed to stop exactly that — a...