Safeguarding Sensitive Data in Microsoft 365 Copilot with Purview DLP (GA Release)

The challenge with sensitive data and access to Copilot Microsoft 365 Copilot empowers users with AI-driven assistance across Microsoft 365 apps, but it also raises concerns about accidental oversharing of sensitive information. In response, Microsoft has extended its Purview Data Loss Prevention (DLP) capabilities to Microsoft 365 Copilot, allowing organizations to enforce information protection policies within AI workflows. The DLP for Microsoft 365 Copilot has been in preview for some time, but Microsoft has now announced it is released for GA (General Availability). Among some of the interesting features are new features like alerting and policy simulation. Key details:  Rollout Timeline: As of June 2025, the rollout has begun. It should be completed worldwide by late July 2025. Scope: Initially, DLP for Copilot was available for Copilot Chat scenarios. By the time of GA this is expanding to Copilot in core Office apps (Word, Excel, PowerPoint) as well. Ensuring that DLP prote...

Sensitivity labels in Teams

A new feature for Sensitivity labels in Azure AD will soon be available to Teams, and can really ensure guests are not invited accidentally into a team with internal or sensitive information.

The feature behind this is currently in preview and can be found described on this page. After the preview has been enabled, a new option appears when labels are created (I have not discovered a way to update existing labels, but I'm hoping this will be a possibility once the feature goes into GA).

By not selecting the highlighted option, it suddenly becomes "impossible" to invite guests to the Team, the site or the group in question.

Please note the current defaults on the image was to not to allow any guests, and the section on managed devices was to block all non-compliant. Be careful not to set policies that could possibly block users from doing their job.

Once the label has been created, it can must be published before group creators have the labels available to them. Existing groups and teams can also have this label added once it is available.

This addition, described as road-map item 57275, is a most welcomed one for my customers who are concerned about the accidental addition of guests into groups or teams where they have sensitive information stored.

The feature requires Azure AD P1 licenses. It is already rolling out, and should be completed by the end of this year according to a message in the O365 admin portal last week.