Microsoft is tightening and clarifying how Copilot can access and process user and organizational data across the Microsoft ecosystem. Microsoft is expanding Purview Data Loss Prevention (DLP) enforcement so policies that block Copilot from processing restricted/sensitivity-labeled content will apply not only to files in SharePoint and OneDrive, but also to locally stored Word, Excel, and PowerPoint documents. The change is planned for deployment via the Augmentation Loop (AugLoop) Office component between late March and late April 2026, and is expected to be automatically enabled for organizations already configured to block Copilot from processing labeled content; Microsoft says the update works by allowing the Office client/AugLoop to read sensitivity labels directly rather than relying on Microsoft Graph calls tied to SharePoint/OneDrive URLs.
Separately, a Copilot “Memory” setting labeled “Microsoft usage data” has been reported as enabling Copilot to reference data from other Microsoft products (including Bing, MSN, and Edge) to personalize conversations, with an option for users to disable it if they have privacy concerns. A third, unrelated Microsoft 365 issue—an acknowledged bug in classic Outlook that can cause the mouse pointer to disappear—does not materially relate to Copilot data access or DLP controls and appears to be a usability defect rather than a security event.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft announced it is expanding Microsoft Purview Data Loss Prevention controls so Microsoft 365 Copilot can be blocked from processing sensitivity-labeled Word, Excel, and PowerPoint files regardless of whether they are stored locally, on network drives, in SharePoint Online, or in OneDrive for Business. The change uses Office clients to pass sensitivity label information directly to Copilot's augmentation loop and is set to roll out from late March through late April 2026, automatically enabled for organizations with existing relevant DLP policies.
Microsoft recently disclosed a Microsoft 365 Copilot Chat bug that for nearly a month allowed Copilot to read and summarize confidential emails in Sent Items and Drafts despite DLP policies and confidentiality labels. Microsoft said the issue only exposed summaries to users already authorized to view the emails, but acknowledged the behavior was not intended.
Microsoft introduced a Copilot "Memory" setting that can allow Copilot to reference Microsoft usage data from products such as Bing, MSN, and Edge to personalize conversations. The setting may be enabled automatically, prompting privacy concerns and leading Microsoft to document controls for reviewing, disabling, and deleting memory items.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourcezdnet.com
Open sourcebleepingcomputer.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.