Microsoft Purview Data Loss Prevention now extends to the prompt itself. Organisations can create DLP policies that scan what a user types into Microsoft 365 Copilot in real time — and if the prompt contains sensitive data such as credit card numbers, national ID numbers, or custom sensitive information types your organisation has defined, Copilot blocks the request before it is processed. This is a meaningful step forward for compliance teams that have been asking how to prevent sensitive data from flowing into AI conversations.
What Purview DLP for Copilot Prompts Does
Traditional Purview DLP policies protect files, emails, and SharePoint content — data at rest or in transit. DLP for Copilot prompts is different: it evaluates the text a user is actively typing before that text reaches the AI model. There are three distinct controls:
Block the prompt entirely
If a prompt contains a detected sensitive information type, Copilot does not process it at all — no AI response is generated, no internal files are queried, and no web search is performed. The user receives a policy notification explaining their request cannot be completed due to company policy.
Block external web search only
When a prompt contains sensitive data, Copilot stops that prompt from triggering external web search as a grounding source. Copilot can still respond using permitted internal Microsoft 365 data, but the sensitive content is not passed to any external search provider.
Restrict labelled files and emails
A separate DLP policy type prevents Copilot from using files or emails with specific Microsoft Purview sensitivity labels as grounding sources when generating responses. This is generally available and complements the prompt-scanning capability.
Why This Matters for Enterprise
Without this capability, there is nothing stopping a user from pasting a customer's credit card number, a passport scan, or confidential contract language directly into a Copilot chat and asking a follow-up question. The AI processes it, potentially includes it in a response, and there is no audit trail of what sensitive data entered the conversation.
Real-world scenarios this addresses
- A finance employee pastes a spreadsheet with customer bank account numbers into Copilot to ask for a summary — blocked before processing
- A HR team member asks Copilot to draft a performance letter with an employee's national insurance number included — web search grounding blocked
- A consultant pastes a client NDA excerpt containing confidential project names (defined as a custom SIT) into Copilot — caught by organisation-specific policy
- A user asks Copilot to "look up" information combined with pasted credit card data — external web grounding blocked, response still generated from internal sources only
The Default Policy Microsoft Has Created for You
Microsoft has automatically created a default DLP policy in your tenant called "Default DLP policy - Protect sensitive M365 Copilot interactions". Here is the catch: it runs in simulation mode by default. Events are logged, but prompts containing sensitive data are not actually blocked.
This means you may already have data about sensitive prompts sitting in your DLP reports without realising it. To see what it has found, check the DLP reports in the Microsoft Purview compliance portal.
Important: simulation mode does not protect your data
The default policy only becomes effective when you change its state to enforce mode. Until then, users can paste any sensitive data into Copilot and the policy does nothing to block it. Microsoft recommends at minimum enabling incident reports and notifying your security team so they can review what is in the simulation logs.
How to Configure It
Go to Microsoft Purview compliance portal
Navigate to Data loss prevention → Policies. Find the default Copilot policy or create a new one. The simplified setup experience is also available via the Security section of the Microsoft 365 Admin Center.
Set the location to Microsoft 365 Copilot and Copilot Chat
This is the specific policy location that covers Copilot prompts. It is separate from email, SharePoint, or Teams locations.
Choose your conditions
Add sensitive information types as the condition — either built-in SITs (credit cards, passport numbers, national IDs, etc.) or custom SITs you have defined. Note: you cannot combine SIT conditions and sensitivity label conditions in the same rule — create separate rules for each.
Set the action
Choose between blocking the prompt entirely, or blocking only web search grounding. Start with web search blocking if you want a lower-friction rollout — it protects against external data leakage while still allowing Copilot to respond from internal sources.
Switch the default policy from simulation to enforce
Once you are satisfied with the policy configuration, switch from simulation mode to enforce mode. Monitor the DLP reports for false positives and tune your SIT conditions accordingly.
Roles required to manage this
- Microsoft Entra AI Admin — manages all aspects of M365 Copilot and AI-related services
- Purview Data Security AI Admin — can edit DLP policies for the Copilot location
- Compliance Administrator — standard Purview DLP management role
Official Microsoft References
- Microsoft Learn — Microsoft Purview DLP for Microsoft 365 Copilot and Copilot Chat
- Microsoft Tech Community — Safeguarding Sensitive Data in Microsoft 365 Copilot Interactions: DLP for Microsoft 365 Copilot
- Microsoft Learn — Learn About the Default DLP Policy for Microsoft 365 Copilot
- Microsoft Learn — Use Microsoft Purview to Manage Data Security and Compliance for Microsoft 365 Copilot
- Microsoft Learn — Microsoft Purview Data Security and Compliance Protections for Microsoft 365 Copilot