Microsoft plans to relaunch its Rewrite by Copilot feature in Edge no sooner than August 2026, baking in enterprise-grade data protection that requires Entra ID sign-in—a move that reshapes how commercial users edit text in the browser. The updated feature, which has been paused for months, will process all rewrites locally or within the customer’s compliance boundary, addressing the data leakage fears that originally sidelined it.

The timing matters because Copilot-powered text editing is now table stakes in modern browsers, yet enterprises have hesitated to turn on such features without ironclad guarantees that confidential text never leaves their tenant. Pushing the general availability target to mid-2026 gives Microsoft room to engineer the kind of zero-trust architecture that regulators and CISOs demand.

The Pause That Preceded the Rework

Rewrite by Copilot first appeared in Edge as an experimental flag, offering users the ability to highlight any text box—think comment fields, web forms, or even Office Online documents—and have Copilot revise, shorten, or expand the content. The feature was a natural extension of the Copilot sidebar, but security-conscious organizations noticed it sent the highlighted text to Microsoft’s cloud for processing.

That default behavior clashed with data handling policies in finance, healthcare, and government, where even metadata can be sensitive. Microsoft quickly restricted the feature to consumer accounts and paused the preview for commercial tenants. An update on the Microsoft 365 roadmap later confirmed that rewrite capabilities would return only when enterprise data protection was in place.

Now, that return is pegged to August 2026, as noted in the latest roadmap entry titled “Edge Rewrite by Copilot: Entra ID Enterprise Data Protection (GA August 2026).” The explicit mention of Entra ID signals a fundamental shift: rather than a consumer-style service, Rewrite will operate under the same compliance framework as Microsoft 365 Copilot, honouring data residency, encryption, and audit controls tied to the organizational identity.

How the New Architecture Protects Diligent Text

Under the upcoming design, whenever a user signed in with an Entra ID (formerly Azure Active Directory) account triggers a rewrite, the browser will check whether enterprise data protection applies. If it does, the text never transits through Microsoft’s consumer Copilot infrastructure. Instead, processing occurs either on-device—leveraging small language models that run locally—or within the customer’s dedicated Microsoft 365 service boundary, where prompts and outputs are walled off from other tenants.

This model mirrors the commitment Microsoft made for Bing Chat Enterprise (now renamed Copilot for Microsoft 365). Data is not retained, not used to train foundation models, and not visible to Microsoft support engineers except in rare, authorized break-glass scenarios. For regulated firms, that’s the difference between a banned tool and an essential productivity booster.

IT administrators will be able to toggle Rewrite via the Edge management service or group policies in Intune. Policies will likely allow them to restrict rewrite domains, require content labels for sensitive information, or disable the feature entirely for specific roles. Microsoft has not yet published the full policy set, but insiders expect parity with the controls already available for Copilot chat in Edge.

The Entra ID Pivot: Zero-Trust Editing

Linking Rewrite to Entra ID is more than a checkbox exercise. It allows Microsoft to apply Conditional Access policies that are the backbone of corporate zero-trust architectures. For example, an organization could require that rewrite requests only work when the device is compliant, the user is on a trusted network, and the credential has passed multi-factor authentication. Without those checks, Rewrite sits idle—no text leaves the browser.

The Entra ID tie-in also clarifies licensing. The roadmap entry doesn’t specify SKUs, but it’s safe to assume that Rewrite under enterprise data protection will require either a Microsoft 365 E3/E5 license or an add-on that includes Copilot for Microsoft 365. That aligns with how other Copilot features are monetized inside the Edge sidebar. Organizations still running Office 365 E1 or unlicensed users may see a downgraded experience that either stays consumer-grade (no protection) or restricts the feature to basic on-device rewrites.

The Competitive Landscape: Browsers as AI Editors

Edge isn’t the only browser baking AI rewriting into text fields. Google has rolled out “Help me write” across Chrome on desktop and mobile, powered by Gemini models. For Workspace Enterprise customers, the same data residency controls apply, but the feature is on by default in Chrome, with opt-out policies. Apple is testing Writing Tools in Safari as part of Apple Intelligence, though enterprise adoption of that ecosystem remains nascent.

Microsoft’s differentiator is the broad compliance stack behind Microsoft 365—the same reason that Copilot for Microsoft 365 won over many CIOs in 2024. Rewrite by Copilot, when it finally ships, becomes another node in that stack. An HR manager drafting a sensitive feedback form inside a web-based ERP can click “Rewrite,” and the resulting text will be handled under the same DLP and eDiscovery rules as an Outlook email. Few competitors can offer that depth of integration today.

That said, a 2026 GA date risks ceding mindshare. By then, Chrome’s Gemini-powered rewriting may be deeply embedded in enterprise workflows, especially as Google pushes its own workspace AI agents. Microsoft is effectively betting that CIOs will wait for the trust story rather than switch to a rival browser for editing. The bet is plausible: browser switching in enterprise is rare once security profiles are locked down, and Edge’s market share inside Microsoft 365 shops has been steadily climbing.

What the Pause Taught Microsoft About AI Governance

The original Rewrite stumble was one of several early Copilot mishaps that forced Microsoft to slow down. The Windows Recall controversy, where a local snapshot feature was initially overbroad, and the Copilot in Office missteps that inadvertently surfaced internal data in PowerPoint slides, all underscored the same lesson: enterprise AI features must be locked down by default. Microsoft’s security chief, Charlie Bell, later codified this in the company’s Secure Future Initiative, promising that new AI capabilities would ship with “on-by-default protections” for commercial data.

Rewrite’s pause is a direct application of that principle. Instead of patching the consumer flow with a toggle, the Edge team chose to rebuild the feature from the ground up for the enterprise stack. The outcome is a feature that may launch as a preview in early 2026—likely at the Microsoft 365 conference or a spring Ignite event—before reaching GA in August 2026. Roadmap dates in the past have slipped, but the specific mention of “GA August 2026” suggests the engineering work is already in progress and has passed internal design review.

Practical Impact for Daily Users

For the average employee inside a large organization, the 2026 version of Rewrite will feel mostly invisible. They’ll select text in any editable web field—a JIRA ticket, a LinkedIn post, a content management system—and right-click or open the Copilot floating menu. The rewrite options will appear, and the transformed text will populate the field, just as before. What they won’t see is a consent dialog warning that the text leaves the tenant; that dialog will be suppressed for Entra ID users under the enterprise data protection umbrella.

The quality of rewrites should also improve. The locally processed or tenant-bound models are still GPT-4 class, fine-tuned for enterprise tone and jargon. Early testing of the paused version showed solid paraphrasing and summarisation capabilities, but the safety filters were sometimes overzealous, blocking rewrites that mentioned benign clinical terms. Microsoft will likely tune those filters during the extended preview.

One wrinkle: on-device rewrites require relatively modern hardware. Users on older thin clients or locked-down VDI environments may fall back to cloud processing within the tenant boundary, which adds a slight latency penalty. IT teams will need to weigh that against the security profile they want to enforce, and Microsoft will probably document the CPU and memory thresholds in its IT deployment guides.

Administrator Controls and Policy Levers

IT admins will find the new Rewrite controls inside the Microsoft 365 admin center under the Edge management blade, as well as in Intune’s settings catalog. Based on the existing pattern for Copilot in Edge, the following controls are likely:

  • Enable Rewrite with enterprise data protection: Off by default until the admin explicitly turns it on for the tenant.
  • Restrict to specific URL patterns: Limit rewriting to internal apps (e.g., *.company.com) or block it on competitor sites.
  • Require supervised usage: Force a “human-in-the-loop” prompt where users must confirm they’ve reviewed the rewrite before posting.
  • Audit logging: Copilot interactions (prompt, response, timestamp, user ID) are captured in the Microsoft Purview audit log, searchable if an investigation arises.

Additional controls may surface through the Cloud Policy service for Microsoft 365, allowing granular per-group assignment—so power users get Rewrite early while the rest of the organisation waits for change management.

The Road to August 2026: What to Expect

Microsoft has adopted a slow-drip communication approach for this feature. The roadmap entry is the first public acknowledgment of the 2026 target, and it’s likely to be followed by a Microsoft 365 message center post when a controlled preview begins. Historically, such previews open to organizations that opt into targeted release and have a direct Microsoft account team.

By early 2026, Microsoft will likely publish a detailed technical paper explaining the data flows, subprocessor list, and compliance certifications that cover Rewrite. Expect FedRAMP, HIPAA, and EU Data Boundary coverage at launch, given the emphasis on enterprise protections. The feature will probably enter the Service Trust Portal’s compliance matrices alongside other Copilot services.

Between now and then, Edge will continue to roll out companion AI features that share the same enterprise data protection foundation. Recent additions like the text predictor and the “elaborate” command in the Copilot sidebar already honour Entra ID sign-in status, so the ecosystem is gradually weaving itself together.

Is the Wait Worth It?

Two years is an eternity in AI. In 2024, GPT-4 Turbo was state of the art; by 2026, we may be on GPT-6 or its open-weight equivalent. Microsoft’s cadence suggests it prioritises correct architecture over speed, and that decision likely reflects pressure from its largest compliance-bound customers—banks, insurers, and defense contractors—that won’t license Copilot without a complete data isolation story.

The risk is that frontline users, impatient for AI-assisted writing, will paste sensitive text into consumer ChatGPT or other unsanctioned tools, creating a shadow AI problem that negates the careful pause. Microsoft’s bet is that by embedding Rewrite deeply into the browser—an app that IT already manages—it can provide a safer alternative that employees actually use.

For companies that have already adopted Microsoft 365 Copilot, the 2026 launch of Rewrite will feel like a natural extension of the same promise: AI assistance everywhere, under the same security umbrella. For those still on the fence, it’s another reason to stay within the Microsoft ecosystem when evaluating AI productivity tools.

When Rewrite finally lands, Edge will become an even tighter hub for enterprise content creation. The combination of AI editing, built-in compliance, and familiarity is a compelling pitch—as long as the 2026 deadline holds.