Safeguarding Sensitive Data in Microsoft 365 Copilot with Purview DLP (GA Release)

The challenge with sensitive data and access to Copilot Microsoft 365 Copilot empowers users with AI-driven assistance across Microsoft 365 apps, but it also raises concerns about accidental oversharing of sensitive information. In response, Microsoft has extended its Purview Data Loss Prevention (DLP) capabilities to Microsoft 365 Copilot, allowing organizations to enforce information protection policies within AI workflows. The DLP for Microsoft 365 Copilot has been in preview for some time, but Microsoft has now announced it is released for GA (General Availability). Among some of the interesting features are new features like alerting and policy simulation. Key details:  Rollout Timeline: As of June 2025, the rollout has begun. It should be completed worldwide by late July 2025. Scope: Initially, DLP for Copilot was available for Copilot Chat scenarios. By the time of GA this is expanding to Copilot in core Office apps (Word, Excel, PowerPoint) as well. Ensuring that DLP prote...

Copilot in Teams will be available for multitenant organizations (B2B)

Microsoft has announced that Copilot will be accessible to Business-to-Business (B2B) members within Multi-Tenant Organizations (MTO). This update allows users with B2B (shadow) identities to utilize Copilot during Teams meetings, provided they have a license in their host tenant. This will help organizations boost collaboration and productivity when working with different organizations.

There will be a new policy setting in the Teams Admin Center (TAC) enabling IT administrators to manage and control Copilot access specifically for B2B members.

According to the Roadmap ID 423474, we can expect this feature to be rolling to the first customers at the end of this month. Keep an eye out on the messeage center, and in the Teams Admin Center for these changes. 

I know a lot of users and customers are asking for this feature, but organizations should make sure such access is aligned with their own security and access policies. And users should be informed that when the feature is released, some organizations might not turn it on.