Microsoft 365 Copilot Bug Summarized Confidential Emails Despite DLP Policies

[UPDATE | 9:24 AM GMT+1] A Microsoft spokesperson reached out to us with the following statement: “We identified and addressed an issue where Microsoft 365 Copilot Chat could return content from emails labeled confidential authored by a user and stored within their Draft and Sent Items in Outlook desktop. This did not provide anyone access to information they weren’t already authorized to see.

While our access controls and data protection policies remained intact, this behavior did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access. A configuration update has been deployed worldwide for enterprise customers.”

[ORIGINAL ARTICLE] Microsoft 365 Copilot is constantly evolving, with new features such as Copilot Tasks reportedly in testing and broader integration planned across Microsoft 365 apps. However, a newly confirmed issue shows that not every Copilot upgrade has gone smoothly.

According to Bleeping Computer, Microsoft has acknowledged a Microsoft 365 Copilot bug that allowed the AI assistant to read and summarize confidential emails without proper authorization.

Copilot Bypassed DLP Policies And Gained Access to User Emails

The issue, tracked under service alert CW1226324, was first detected on January 21. Microsoft says the problem has been occurring since late January.

The bug affected the Copilot “work tab” chat feature. In certain cases, Copilot incorrectly accessed and summarized emails located in users’ Sent Items and Drafts folders.

More concerning, this behavior occurred even when those emails carried confidentiality or sensitivity labels. These labels exist specifically to prevent automated access and enforce Data Loss Prevention (DLP) policies.

Despite DLP protections being configured, Copilot Chat still processed the labeled content. Microsoft later identified the root cause as an unspecified code error that allowed Copilot to pick up emails that should have remained restricted.

Fix Rolling Out, Impact Still Unclear

Microsoft began rolling out a fix in early February and continues to monitor the deployment. The company is also contacting a subset of affected users to verify whether the remediation works as expected.

No final remediation timeline has been provided. Microsoft has also not disclosed how many users or organizations were impacted.

The incident currently carries an advisory classification, which typically indicates limited scope or impact rather than a widespread outage.

Growing Scrutiny Around AI in the Workplace

The disclosure comes as Microsoft pushes to expand Copilot capabilities across Microsoft 365 applications. Reports suggest the company is also testing Copilot Tasks, signaling deeper AI automation inside enterprise workflows.

At the same time, incidents like this highlight why some institutions remain cautious. The European Parliament recently disabled AI features on work devices to reduce the risk of confidential data leaks.

As enterprises increasingly integrate AI assistants into daily operations, ensuring strict compliance with DLP and sensitivity labeling policies will remain critical.

Via Bleeping Computer