Microsoft has quietly closed a critical gap in its Purview Data Loss Prevention (DLP) rules, making it so that sensitivity labels can block Copilot from processing Office files regardless of where the document is stored. The change, first documented in the Microsoft 365 Roadmap on July 17, 2026, means organizations can now enforce a consistent AI policy across local copies, synced folders, and enterprise repositories alike.
The Policy That Now Follows Your Files
Until now, an organization's ability to stop Microsoft 365 Copilot from reading a sensitivity-labeled Word, Excel, or PowerPoint file depended largely on where that file lived. DLP rules that used the \"Prevent Copilot from processing content\" action only applied to documents stored in SharePoint Online and OneDrive for Business. That left a blind spot for files saved locally, synced via OneDrive, or opened from a third-party location, even if they carried a label like \"Highly Confidential\" or \"Legal Privilege.\"
Roadmap ID 557255 changes that. Marked as \"Launched\" with general availability in April 2026 for Current Channel deployments (including GCC), the update extends the protection to \"all storage locations,\" according to Microsoft's description. In practice, it means the DLP policy now travels with the document's sensitivity label. When a user opens a labeled file in Word, Excel, or PowerPoint, Copilot checks the label against your Purview rules and disables its content-aware skills if a block is configured, no matter whether the file sits in a cloud repository, a local download, or a project folder on a network share.
Administrators set up the rule in the Microsoft Purview portal by creating a custom DLP policy, enabling the Microsoft 365 Copilot and Copilot Chat location, and then selecting sensitivity labels in the rule's \"Content contains\" condition. The selected labels can be any existing classification, such as \"Internal Only,\" \"M&A,\" or \"Restricted.\" When the rule matches, Copilot is excluded from using the file's contents to generate responses, summaries, or draft assistance. However, Microsoft Learn notes an important nuance: the file may still surface as a citation in a Copilot response, even though its underlying content was not processed. A citation alone does not prove Copilot was allowed to reason over the document.
For users working directly in Office apps, the effect is immediate and visible. When a blocked, labeled file opens, the Copilot pane and in-app buttons either gray out or display a restriction message. Some features that do not reference file content or invoke a large language model may remain active, but any AI-powered analysis, rewriting, or summarization tied to that document should stop at the DLP boundary.
Why This Fix Matters for Admins and Users
The earlier location-based limitation caused real deployment headaches. Enterprises rarely keep every active document exclusively in its original cloud repository. Employees sync SharePoint libraries to their desktops, download attachments from line-of-business applications, or edit files in temporary paths dictated by project workflows. Security teams did not want a document's Copilot eligibility to change simply because it was moved or opened through a different route. A properly applied sensitivity label is supposed to communicate a business classification and, where configured, enforce protection policies across the entire document lifecycle. Extending the Copilot DLP decision across all storage locations aligns the AI guardrail more closely with that model.
For IT administrators, the shift reduces the complexity of maintaining and communicating a patchwork policy. Instead of worrying about repository coverage, you now focus on label taxonomy. The key tasks become ensuring that the right labels exist, that they are consistently published to Office clients, and that they map correctly to DLP rules. This change does not replace other controls. SharePoint permissions, Rights Management encryption, endpoint DLP, and Conditional Access still govern access and sharing. The Purview rule adds a strict AI-use decision on top: a user may be able to open and read a document, but Copilot is forbidden from processing its content if the label matches.
It is also important to understand what the feature does not do. A sensitivity-label DLP rule does not revoke the user's permission to read the file, prevent them from copying text manually, or stop them from uploading content elsewhere. It only restricts the specific Copilot processing path covered by the policy. Additionally, this control differs from prompt-based protections, which use sensitive information types to block users from submitting certain data in a Copilot prompt. Microsoft does not allow sensitivity labels and sensitive information types in the same DLP rule, though you can create separate rules in the same policy. That design forces a clear separation in your policy planning: one set of rules protects labeled source content, another set prevents users from typing sensitive values into prompts.
A Timeline of Copilot DLP's Evolution
Microsoft introduced the ability to block Copilot from processing sensitivity-labeled files in 2025, but the initial release was limited to SharePoint Online and OneDrive for Business. The rationale was reasonable: Copilot's primary grounding data came from those cloud repositories, so protecting them first made operational sense. However, feedback from early adopters and security teams highlighted the operational mismatch, as many real-world workflows involve local or synced files. Roadmap ID 557255 appeared in the Microsoft 365 Roadmap in early 2026, promising an expansion to all storage locations. The item was eventually marked as Launched during the summer of 2026, with the final modification date of July 17 signaling that the feature was no longer in development but considered generally available.
Since the April 2026 general availability, the behavior has been rolling out to Current Channel tenants. The update does not require a new Office client version; the enforcement logic is tied to the DLP policy evaluation that occurs when a file opens in a supported Office app. However, administrators should note that DLP policy updates can take up to four hours to appear in the user experience. And there is a session timing consideration: the Copilot restriction is evaluated at file open. If a sensitivity label is applied or changed via auto-labeling while the document is already open, enforcement begins only the next time the file is opened. That small detail matters in incident-response and automated classification workflows.
Five Steps to Harden Your Label-Driven Copilot Block
For Windows administrators and security teams, the practical next step is not simply flipping a switch. It is validating that the entire pipeline works. Here is a sensible checklist:
-
Verify your label taxonomy. Ensure the sensitivity labels you plan to use for Copilot blocking are published to all Office clients and are clearly understood by end users. A label that no one applies correctly undermines the entire enforcement chain.
-
Test across every storage workflow. Open a labeled Word document from each common location in your environment: SharePoint Online, OneDrive for Business, a synced local folder, a downloaded copy, an attachment from a line-of-business system. Repeat with Excel and PowerPoint files, as Office integrations can differ in practice.
-
Run a DLP policy simulation before enforcement. Microsoft Purview supports simulation mode, allowing you to see which documents would be affected without actually blocking Copilot. Use this to tune label conditions and catch false positives.
-
Test the label-timing behavior. Apply a sensitivity label to a file that is already open in Office, then close and reopen the file. Confirm that Copilot remains available until the document is reopened, and then is correctly disabled.
-
Set up audit and alerting. Once enforcement is on, monitor DLP alerts to distinguish expected restrictions from labeling mistakes or configuration errors. Train your security operations team so they can quickly tell the difference.
Additionally, remember that the Copilot and Copilot Chat DLP location is separate from other multi-workload DLP policies. When you select this location in a policy, all other locations are disabled for that particular policy. This design ensures that your Copilot-focused rules are cleanly isolated, but it also means you need dedicated policies for the feature.
What's Next for AI Governance in Microsoft 365
The expansion of Copilot DLP to all storage locations is a significant step toward making sensitivity labels the single source of truth for AI-use policy across Microsoft 365. It folds Copilot more deeply into the existing Purview Information Protection framework, and likely signals a broader push. We can expect similar location-independent enforcement to come to other Copilot-integrated services, such as Teams summaries, Loop components, or even the Copilot pane in Outlook. Microsoft may also tighten the integration between sensitivity labels and prompt-level DLP, perhaps allowing combined rules in the future.
For now, the control is in your hands. The feature is live, and the roadmap item is marked complete. The remaining work is up to tenant administrators: ensure the right labels exist, map them to the right DLP rules, and test the Office paths your employees use every day. That way, when a document is labeled \"Restricted,\" Copilot really does step away—no matter where the file happens to be.