Data Loss Prevention policies in Microsoft Purview can stop Copilot from processing or outputting sensitive information. Without DLP controls, Copilot might surface confidential data from emails, documents, or chats during a user prompt. This article explains how DLP policies apply to Copilot interactions, what triggers a block, and how to verify the protection is working correctly.
When a DLP rule matches sensitive content in a Copilot prompt or response, Microsoft 365 can block the action or show a policy tip. The blocking mechanism works at the Microsoft Graph layer, not inside the Copilot chat window directly. Understanding this integration helps administrators secure Copilot without breaking legitimate productivity workflows.
This guide covers the exact conditions that cause a block, the end-user experience, and how to test your DLP configuration with Copilot.
Key Takeaways: How DLP Blocks Copilot Actions
- Microsoft Purview compliance portal > Data Loss Prevention > Policies: DLP policies inspect Copilot prompt and response data through Microsoft Graph connectors.
- Sensitive info types and trainable classifiers: DLP blocks Copilot when content matches a rule, such as credit card numbers or custom confidential labels.
- Policy tip in Copilot: Users see a red banner with the message “This content is blocked by your organization’s DLP policy” instead of the generated response.
How DLP Policies Intercept Copilot Data
DLP policies in Microsoft Purview do not block Copilot itself. They block the data that Copilot attempts to read or output. When a user types a prompt in Copilot for Microsoft 365, the request travels through Microsoft Graph. The Graph layer evaluates the data against active DLP rules before Copilot processes the answer.
If the prompt contains sensitive information like a social security number, the DLP engine identifies the match and stops the request from reaching Copilot. The same check runs on the response side. If Copilot generates text that includes a sensitive data match, the DLP engine blocks the output and replaces it with a policy tip.
Three components make this possible:
- Microsoft Graph Data Connect: Carries the prompt and response payload for inspection.
- Sensitive information types: Built-in or custom patterns that DLP uses to detect credit cards, passport numbers, or proprietary document IDs.
- Trainable classifiers: Machine learning models that identify content like legal contracts or financial reports without exact pattern matching.
Where DLP Applies in the Copilot Flow
DLP policies apply to Copilot in Microsoft 365 apps: Word, Excel, PowerPoint, Outlook, Teams, and the Copilot side pane in Edge. The policy scope includes:
- Prompts typed by the user
- Contextual data from the current file, email, or meeting
- Generated responses from Copilot
Policies do not apply to Copilot queries that use public web data through the Copilot with commercial data protection mode. DLP only inspects data from Microsoft 365 services like Exchange Online, SharePoint, and OneDrive.
Steps to Configure a DLP Policy That Blocks Copilot
Before you start, confirm you have the required licenses: Microsoft 365 E5 or Microsoft 365 E5 Compliance. The DLP policy must target the Copilot workload specifically.
- Open the Microsoft Purview compliance portal
Go tohttps://compliance.microsoft.comand sign in with an account that has Compliance Administrator or DLP Administrator role. - Create a new DLP policy
Navigate to Data Loss Prevention > Policies. Click Create policy. Choose Custom to build a policy that targets Copilot. - Select the Copilot location
In the Locations step, check Devices and Microsoft 365 Copilot. Do not skip the Devices location because Copilot activity is logged as endpoint data. - Define the sensitive info type or classifier
Click Create or customize advanced DLP rules. Add a rule. Under Conditions, select Content contains. Choose built-in sensitive info types like U.S. Social Security Number or a custom trainable classifier like Source Code. - Set the action to block
Under Actions, select Block and choose Block users from sharing and restrict access. Enable Notify users with a policy tip so users see the reason for the block. - Test the policy in simulation mode first
Before turning on the policy, set the mode to Test. Run test prompts in Copilot with sample sensitive data. Review the DLP alerts in the Alerts tab to confirm detection. - Turn on the policy
After testing, set the policy mode to Turn it on immediately. Monitor the DLP reports for false positives over the next 48 hours.
What the User Sees When DLP Blocks Copilot
When a DLP policy blocks a Copilot action, the user does not see the generated response. Instead, Copilot displays a red banner at the top of the chat pane with this message: This content is blocked by your organization’s DLP policy. No part of the response appears in the chat history. The prompt itself remains visible because DLP blocks the output, not the input.
If the block occurs on the prompt side, Copilot shows a similar banner before any response starts. The user cannot see the Copilot answer at all. The blocked action also generates an alert in the Microsoft Purview compliance portal under Alerts > DLP alerts.
What Happens to the Data After a Block
The blocked content is not stored in Copilot history or activity logs. Microsoft 365 Audit logs record the event with the following fields:
- Operation: DlpBlocked
- Workload: Copilot
- Policy name: The DLP policy that triggered the block
- Sensitive info type: The matched pattern or classifier
Admins can search for these events in the Audit log under Solutions > Audit. The log does not contain the actual prompt or response text.
If DLP Does Not Block Copilot as Expected
Copilot Responds With Sensitive Data Despite Active DLP Policy
This usually happens when the DLP policy does not include the Copilot location. Go to the policy in Microsoft Purview and confirm that Microsoft 365 Copilot is listed under Locations. If it is missing, edit the policy and add the location. Also check that the policy is set to Turn it on immediately and not still in test mode.
Policy Tip Does Not Appear When Block Occurs
The policy tip only shows when you enable the notification action in the DLP rule. Edit the rule and under Actions, verify that Notify users with a policy tip is turned on. The tip also requires that the user is running a supported version of Microsoft 365 Apps. Users on older builds of Word or Outlook may see a generic error instead of the policy tip.
False Positive Blocks on Non-Sensitive Prompts
Trainable classifiers can sometimes misclassify benign content. Review the DLP alerts for the false positive. In the alert details, note the Matched item and the Classifier that fired. Adjust the classifier sensitivity or add an exclusion list to the rule. For built-in sensitive info types, lower the confidence level threshold to reduce false matches.
DLP Blocking in Copilot vs Standard DLP on Email and Files
| Item | Copilot DLP Blocking | Standard DLP on Email and Files |
|---|---|---|
| Data inspected | Prompt text, contextual file data, and generated response | Email body, attachments, and file content in SharePoint or OneDrive |
| Block behavior | Response replaced with policy tip banner | Email blocked from sending or file upload blocked |
| User notification | Red banner inside Copilot pane | Email notification or policy tip in Outlook |
| Audit event | DlpBlocked with Copilot workload | DlpBlocked with Exchange or SharePoint workload |
| Policy location requirement | Microsoft 365 Copilot and Devices locations enabled | Exchange, SharePoint, OneDrive, or Devices as needed |
DLP blocking for Copilot uses the same detection engine as standard DLP but applies a different action. Instead of blocking a send or save operation, it blocks the rendering of content in the Copilot interface. Both systems generate alerts and audit logs in the same compliance portal.
You can reuse existing sensitive info types and classifiers from your email DLP policies when creating Copilot-specific rules. This saves configuration time and ensures consistent protection across workloads.
Now you can configure DLP policies that block sensitive data from appearing in Copilot responses. Start by testing a policy in simulation mode with a single sensitive info type like credit card numbers. After confirming detection, turn on the policy and monitor the DLP alerts for any false positives. For advanced protection, combine trainable classifiers with custom keyword lists to catch organization-specific confidential terms.