Microsoft will give enterprise compliance teams the ability to read flagged AI prompts and responses in plaintext through Microsoft Purview, with a preview arriving in May 2026 and general availability slated for June 2026. The move marks a significant escalation in how organizations can monitor and control the fast-growing use of generative AI tools like Microsoft 365 Copilot.

Corporate legal departments and compliance officers have spent months asking for more transparency into employee conversations with AI. Until now, Purview’s communication compliance and eDiscovery capabilities captured the metadata of these interactions—who asked what, when, and from which device—but stopped short of surfacing the actual content. That barrier falls in June.

Plaintext review closes the oversight gap

The new capability lives inside Microsoft Purview Communication Compliance, where it will surface AI prompts and responses that have been flagged by existing policies. Reviewers with appropriate roles can then expand a conversation thread to see the exact wording the user typed and the answer the model returned. Everything appears in cleartext within the Purview review pane, eliminating the need to export data to external tools or request decryption keys from IT.

“Authorized enterprise reviewers” is the operative phrase. Microsoft is not opening this up to every manager with a Purview license. Access requires one of the built-in compliance roles—Communication Compliance Analyst, Investigator, or Administrator—and every view is captured in Purview’s audit log. The feature also respects the existing scoping logic of communication compliance policies, meaning a reviewer in Europe won’t see prompts from a user in North America unless the policy explicitly permits cross-border supervision.

What the plaintext unveils

The plaintext disclosure covers the full prompt and the complete model response as they existed at the time the interaction was flagged. That includes:

  • Direct user messages to Copilot in Teams chats, Outlook emails, Word documents, and Excel queries
  • The model’s generated output, even if the user later edited or discarded the suggestion
  • Context attachments used by the model, such as referenced documents, meeting transcripts, or emails (these appear as links that open a sanitized preview)

Purview does not, however, expose the internal chain-of-thought or raw model activations. Reviewers see only what the user and the model exchanged, not the reasoning steps behind the response. This distinction preserves some intellectual property while still giving compliance teams actionable evidence.

Why plaintext changes the game

Metadata tells you that an employee asked Copilot about “Q4 revenue forecast,” but it does not tell you whether they also pasted an entire confidential spreadsheet into the prompt or instructed the model to draft a letter that violates a regulatory order. Plaintext review answers those questions.

For legal teams, the benefit is immediate: eDiscovery against Copilot data becomes far more precise. Attorneys can keyword-search the actual prompt text, not just the generic topic labels generated by Microsoft’s classifiers. This reduces false-positive hits and speeds up early case assessment. It also makes it possible to place a legal hold on specific conversational content, something that was previously only possible at the mailbox or Teams channel level.

From a trust perspective, the plaintext capability carries a dual weight. On one hand, it offers organizations the transparency they need to prove that AI usage complies with internal policies and external regulations. On the other hand, it raises employee privacy questions that were muted when review was limited to metadata. Microsoft’s documentation emphasises that organisations should update their employee monitoring disclosures before turning on plaintext review, and that the feature should only be used after a data protection impact assessment (DPIA).

How Purview enforces guardrails

Microsoft has built several technical controls to prevent abuse of plaintext access:

  • Conditional access policies can be layered on top of Purview roles, requiring the reviewer to be on a managed device or inside a compliant network before the plaintext renders.
  • Retention labels applied to AI interactions inherit the same restrictions as email or Teams messages. When a label prevents content deletion, plaintext remains viewable until the retention period expires.
  • Privileged access management (PAM) can gate even the “Review” button behind just-in-time approval workflows. A compliance analyst might need manager sign-off to open plaintext for a specific case, and that sign-off is logged.
  • Customer Lockbox ensures that even Microsoft support engineers cannot inspect the plaintext without explicit customer approval, matching the protection already in place for Exchange Online and SharePoint content.

These controls arrive built into the Purview admin experience, requiring no additional SKU purchase beyond the E5 Compliance or Communication Compliance add‑on license under which the feature is delivered.

The eDiscovery revolution

Microsoft’s announcement positions plaintext AI prompt review as a foundational component of its eDiscovery workflow. Until now, copilot interactions sat in a grey zone: they were neither traditional documents nor standard communications. Collecting them for litigation meant exporting conversations in a proprietary format and then using third‑party tools to decipher the obfuscated prompt envelope.

With June’s update, a single eDiscovery search across a custodian’s Microsoft 365 footprint will return relevant Copilot prompts merged into the same review set as email messages and files. The prompts appear in native format with full text search, conversation threading, and export to load files compatible with Relativity, Nuix, and other review platforms.

This parity eliminates the time‑consuming “AI exception” that many legal teams had to carve out during discovery. A multinational bank that piloted the feature (according to Microsoft’s announcement) reported cutting its Copilot‑related eDiscovery processing time from three days per custodian to under four hours.

Timeline and licensing

The roadmap Microsoft shared in May 2026 is concrete:

  • Public preview: Available to all tenants with an E5 Compliance license starting May 13, 2026. The preview includes plaintext rendering for new communication compliance policies only; existing policies will need to be re‑saved after May 20 to inherit the capability.
  • General availability: Rolling out globally from June 9, 2026, targeting full coverage by June 30. GA extends plaintext to eDiscovery standard and premium searches, as well as to policies created before the preview window.
  • Licensing: The feature is included in Microsoft 365 E5 Compliance, Microsoft 365 E5 Information Protection and Governance, and as an add‑on for E3/F3 customers who license the Communication Compliance or eDiscovery add‑ons. No separate “AI prompt review” SKU exists.

Industry context: AI governance becomes operational

Microsoft’s move is not happening in a vacuum. Regulators in the EU, U.S., and Asia have been tightening guidelines around AI transparency. The EU AI Act, which entered its high‑risk enforcement phase in early 2026, requires that deployers of AI systems retain logs of prompts and outputs for at least six months and make them available to competent authorities. The SEC and FINRA have issued joint guidance explicitly recommending that broker‑dealers capture the content of advisor‑client AI interactions, not just metadata.

Purview’s plaintext feature gives enterprises a native, auditable way to meet these obligations without stitching together SIEM data, API logs, and screenshot-based monitoring. The same dashboard that already monitors email, Teams chats, and Yammer posts now extends to AI, closing what had been a major compliance blind spot.

Competitors are watching. Veritas and Proofpoint have announced partners that integrate with Microsoft’s Copilot APIs, but Microsoft’s native solution holds an advantage: zero‑latency data access and no additional data egress charges. For heavily regulated industries—financial services, healthcare, energy—this integration is likely to make Purview the default governance layer for Microsoft 365 Copilot.

What IT and compliance teams should do now

With preview barely days away, admins should take six preparatory steps:

  1. Inventory AI usage. Use the Microsoft 365 admin center’s Copilot usage report to identify which users and departments are generating the most interactions. This will help scope initial plaintext policies.
  2. Update employee notices. Ensure your acceptable use policy and privacy notice explicitly state that AI prompt and response content may be reviewed. Many firms updated these when Copilot launched, but now is the time to add the plaintext disclosure.
  3. Work with legal to define review scope. Decide whether you will review all AI interactions, only those flagged by trainable classifiers (e.g., “offensive language” or “financial misconduct”), or only those that match a specific eDiscovery case.
  4. Assign and restrict reviewer roles. Use the Purview role groups to create a dedicated “AI prompt reviewer” team with just-in-time access via PAM. Restrict which geographic scopes each reviewer can see.
  5. Test in a sandbox tenant. Before turning on plaintext review in production, use a trial tenant to understand what the experience looks like for reviewers and to confirm that audit trails capture every view.
  6. Plan for data volume. AI prompt review can generate significantly more data for human review than metadata alone. Talk to your eDiscovery provider about scalable review workflows or consider bringing the review in-house with Purview’s built-in tagging and redaction tools.

The broader trust equation

The plaintext capability closes a technical gap but opens a governance conversation. Organizations that implement it transparently—with clear policies, limited reviewer scopes, and robust auditing—stand to strengthen employee trust by showing that AI oversight is proportional and professional. Those that deploy it as a covert surveillance tool risk a backlash that could undermine the very AI adoption they are trying to protect.

Microsoft’s careful staging of the feature, its insistence on role‑based access, and its documentation of the privacy checks suggest the company understands this dynamic. The next test will be how enterprises actually behave once the “View plaintext” button goes live in June.