DLP

Here’s why this is such a big problem. Microsoft recommends blocking Copilot from accessing sensitive information in emails, meetings, documents, and related content by assigning a label to those items and creating a DLP policy that defines the block. This bug renders the system unusable for the affected emails. You simply can’t provide a governance tool that doesn’t deliver the governance it claims to provide. It’s a bad look, Microsoft. It doesn’t help build customer trust. 

No, Copilot did not make these emails public or access private information and make it non-private. It accessed information in response to your prompt that it should ignore. That creates a risk that many users might assume does not exist. That is a significant issue, but it’s not equivalent to a data breach. There is another check in place before data leaks out: the end user.