When you create a Copilot page in Microsoft 365, the sensitivity label applied to the source file or conversation often does not automatically transfer to the new page. This can leave Copilot pages unlabeled or incorrectly labeled, creating a compliance gap for organizations that rely on Microsoft Purview Information Protection. The inheritance rules depend on how the page is created, who creates it, and what labels are configured for automatic or default assignment. This article explains the exact conditions under which sensitivity labels are inherited by Copilot pages, what causes label loss, and how to enforce correct labeling through policy settings.
Key Takeaways: Copilot Page Sensitivity Label Inheritance
- Automatic labeling via Microsoft Purview auto-labeling policies: Applies labels only if the page content matches sensitive info types or trainable classifiers.
- Default label from Microsoft 365 Groups or SharePoint sites: Inherited only when the Copilot page is stored in a container that has a configured default label.
- Manual label assignment by the creator: Required if no automatic or default label policy is in place; the page starts unlabeled.
How Sensitivity Labels Flow Into Copilot Pages
A Copilot page is a .loop file stored in the creator’s OneDrive for Business or a shared SharePoint site. Sensitivity labels are metadata that define the confidentiality level of the content. Label inheritance for Copilot pages follows the same rules as any other file in Microsoft 365, but three specific mechanisms apply:
Automatic Labeling via Microsoft Purview
If your tenant has auto-labeling policies configured for SharePoint and OneDrive, those policies scan Copilot pages after they are saved. The label is applied only when the page content matches defined sensitive information types such as credit card numbers, passport IDs, or custom patterns. This is not inheritance from a source file. It is a post-creation scan. If the page is created from a conversation that contained sensitive data, but that data is not present in the final page content, no label is applied.
Default Label From the Container
When a Copilot page is created inside a SharePoint site or a Microsoft 365 Group that has a default sensitivity label configured, the page inherits that default label. This is the most reliable inheritance path. The default label is applied at the moment the file is created, before any content is added. For example, if the site is labeled “Internal – General,” every Copilot page saved to that site starts with that label. This rule also applies to pages stored in the creator’s OneDrive if the OneDrive root site has a default label configured.
No Inheritance From Source Files or Conversations
When a user selects “Add to a page” from a Copilot chat response or exports a conversation to a Copilot page, the new page does not inherit the label from the source document or the chat thread. The Copilot response itself is not a labeled object. The only way the label transfers is if the user manually assigns it or if the container default or auto-labeling policy applies. This is the most common cause of unlabeled Copilot pages in organizations.
Steps to Verify and Enforce Label Inheritance for Copilot Pages
Use the following steps to check current label behavior and enforce correct inheritance for all new Copilot pages.
- Check default label on the SharePoint site
Go to the SharePoint site where Copilot pages are stored. Select Settings > Site permissions > Sensitivity. If no default label is listed, configure one. Use the Microsoft 365 admin center > SharePoint > Active sites > select the site > Policies > Sensitivity to set a default label. - Enable auto-labeling for SharePoint and OneDrive
In Microsoft Purview compliance portal, go to Information protection > Auto-labeling. Create or edit a policy. Set the scope to “SharePoint sites” and “OneDrive locations.” Define the sensitive info types you want to detect. Publish the policy. Allow up to 24 hours for the first scan of existing pages. - Configure a default label for OneDrive
Go to Microsoft 365 admin center > Org settings > Security & privacy > Sensitivity labels for files. Select the label you want as the default for OneDrive. This label will apply to all new Copilot pages stored in the user’s OneDrive unless a more specific site-level default overrides it. - Train users to manually label pages
Instruct users to open the Copilot page, select the sensitivity label button in the top-right corner of the page header, and choose the correct label. Without a default or auto-label policy, this is the only way to ensure the page is labeled. - Audit unlabeled pages with Microsoft Purview Activity Explorer
Use the Activity Explorer in Purview to filter by workload “SharePoint” and activity “Sensitivity label removed” or “File created.” Look for Copilot pages created without a label. Export the audit log to identify pages that need manual remediation.
Common Label Inheritance Failures and How to Resolve Them
Copilot page shows “No sensitivity label” even though the source document was labeled
This is expected behavior. The label from the source document is not copied to the Copilot page. To fix this, configure a default label on the SharePoint site where the page is stored. Alternatively, use Microsoft Purview auto-labeling to scan the page content after creation. If the page contains the same sensitive data as the source, the auto-label policy will apply the correct label within 24 hours.
Copilot page inherits the wrong label from the container
If the SharePoint site has a default label that is too restrictive or too permissive, all Copilot pages stored there will inherit that label. To resolve this, change the default label on the site to one that matches the intended confidentiality level for pages created there. Use a sub-site or a separate site collection for pages that require a different label.
Auto-labeling policy does not apply to Copilot pages
Auto-labeling policies scan files in SharePoint and OneDrive, but they may skip Copilot pages if the policy is scoped only to “Exchange” or “Teams.” Verify that the policy scope includes “SharePoint sites” and “OneDrive locations.” Also confirm that the policy is set to “Simulation” mode. Policies in simulation mode do not apply labels. Change the policy to “Publish” mode to enforce labeling.
User cannot manually label a Copilot page
The user may not have a sensitivity label license or the label may be configured for “user-defined” permissions that require additional rights. Ensure the user is assigned a license for Microsoft Purview Information Protection. Check the label configuration in the Purview portal to confirm that the label is published to the user’s group and that the label policy is enabled.
Copilot Page Label Inheritance: Default vs Auto vs Manual
| Item | Default Label From Container | Auto-Labeling Policy | Manual Assignment |
|---|---|---|---|
| When label is applied | At page creation | After page is saved and scanned | User selects label after creation |
| Requires configuration | Default label set on SharePoint site or OneDrive | Auto-labeling policy in Microsoft Purview | No admin configuration needed |
| Content dependency | No | Yes – page must match sensitive info types | No |
| Inherits from source file | No | No – scans page content only | No |
| Best for | Ensuring all pages in a site have a baseline label | Applying labels based on actual sensitive content | Ad-hoc labeling by knowledgeable users |
The table above shows that no single method covers all scenarios. A combination of a default label on the container and a published auto-labeling policy provides the most complete coverage for Copilot pages. Manual assignment should be treated as a fallback for edge cases where neither automatic method applies the correct label.
You can now configure default labels on SharePoint sites and OneDrive to automatically protect all new Copilot pages. Use Microsoft Purview auto-labeling policies to catch pages that contain sensitive data even when the container default is too broad. For pages stored in unlabeled containers, instruct users to assign the label manually using the sensitivity button in the page header. To refine your approach, test label inheritance by creating a Copilot page in a site with a configured default label and verify the label appears within one minute of creation.