Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one

Microsoft's CW1226324 advisory confirms Copilot bypassed sensitivity labels and DLP policies for four weeks. Combined with EchoLeak (CVE-2025-32711), it reveals a structural blind spot in enterprise ...

Microsoft Copilot Ignored Sensitivity Labels, Processed Confidential Emails

A code error in Copilot Chat’s “Work” tab allowed the AI to pull emails from users’ Sent Items and Drafts folders — even when those emails carried confidentiality labels and had DLP rules explicitly ...
Windows Report

New DLP Update Stops Copilot From Reading Sensitive Office Files

Microsoft expands DLP controls to prevent Copilot from processing confidential Office files across local devices, SharePoint, and OneDrive.
Windows Report

Microsoft 365 Copilot Bug Summarized Confidential Emails Despite DLP Policies

Microsoft confirms a Copilot bug that summarized confidential emails despite DLP protections. Fix is rolling out, impact remains unclear.
Redmond Magazine

Sensitivity Labels for Microsoft 365 Copilot, Part 1: Setup

Sensitivity labels and label policies have been a part of Microsoft 365 for quite some time. Even so, organizations might consider revisiting the feature now that Microsoft Copilot has been released.

sensitivity labels

A code bug blew past every security label in the book… and exposed the fatal flaw in how we govern AI.
Redmond Magazine

Sensitivity Labels for Microsoft 365 Copilot, Part 2

In Part 1 of this series, I walked you through the process of creating a sensitivity label that could be used to restrict Microsoft 365 Copilot from accessing certain types of content. Now, I want to ...