Exclude Content from M365 Copilot Using SIT

Microsoft has now released extended support for Data Loss Prevention (DLP) in Microsoft 365 Copilot. This means you can prevent sensitive information from being used in Copilot responses without blocking access to the documents themselves.

By using Sensitive Information Types (SIT) and Purview DLP policies, you can define which data should be excluded from AI processing.

As I wrote back in January (Exclude content from M365 Copilot 🤖), there has been support for excluding content for AI agents in Microsoft via DLP rules on documents classified with a label. Microsoft Purview DLP has now been updated with a new location: Microsoft 365 Copilot. This allows you to create rules that:

• Match content based on Sensitivity Labels or Sensitive Information Types (SIT) (as described in MC1181998).

• Prevent Copilot from using content in responses, summaries, or generation.

• Apply to both Copilot Chat and in-app Copilot in Word, Excel, and PowerPoint.

Getting Started

1. Create a DLP Policy for Copilot

   • Go to Microsoft Purview compliance portal → Data Loss Prevention.

   • Select Custom policy template and policy location: Microsoft 365 Copilot.

   • Add rule: Content contains > Sensitivity labels or Sensitive Information Types.

   • Action: Prevent Copilot from processing content.

   In my example below, I’ve chosen a standard SIT from Microsoft: “Norway identity number”.

Test and Monitor

• Use policy simulation before full rollout.

• Remember that changes can take up to 4 hours to reflect in Copilot.

Inform Users

• Explain why certain files cannot be used by Copilot and how they can still work with the documents manually.

Bjørnar&AI