Microsoft is expanding its Purview Data Loss Prevention platform to intercept Microsoft 365 Copilot prompts that contain sensitive data, blocking AI-generated responses before they are returned to users.

The capability, currently rolling out as part of Microsoft's 2026 product roadmap, prevents Copilot - including pre-built agents in Microsoft 365 Copilot - from processing or grounding responses on content that matches DLP policy conditions.

According to Microsoft's product documentation, the control is designed to mitigate data leakage and oversharing risks that arise when employees interact with AI assistants using company data. When a prompt containing sensitive information is detected, Copilot is prevented from returning a response.

The update is one of several Purview enhancements rolling out in 2026. A companion feature, Insider Risk Management for risky AI usage, adds detection of intentional and unintentional insider risk activity across generative AI applications - including third-party platforms beyond Microsoft's own products.

Microsoft has also extended Purview data classification across SharePoint, Teams and OneDrive, and introduced improved compliance reporting for AI-generated content.

For organisations that have deployed or are evaluating Microsoft 365 Copilot, the Purview controls address a governance gap that has concerned compliance and records management teams. Copilot's ability to surface content from across a Microsoft 365 environment has raised concerns about whether sensitive or classified content could be inadvertently exposed through AI-generated responses.

A Gartner survey of IT leaders found data oversharing caused 40 per cent of organisations to delay Copilot deployments by three months or more.

Whether the DLP controls are sufficient in practice will depend heavily on how well organisations have classified and labelled their data within Purview. Organisations without mature data classification frameworks may find the protection incomplete - sensitive data that has not been labelled cannot be caught by DLP policies.

The Purview developments sit alongside a broader licensing shift. Microsoft announced the 365 E7 "Frontier Suite" will be available from May 1, 2026, which includes by default advanced Purview capabilities, expanded identity governance through Entra Suite, and Agent 365 — a new control plane for governing and scaling AI agents across an organisation.