Skip to content

Control 2.1: DLP Policies for Microsoft 365 Copilot Interactions

Control ID: 2.1 Pillar: Security & Protection Regulatory Reference: FINRA 4511, SEC Reg S-P, GLBA §501(b), Sarbanes-Oxley §§302/404 Last Verified: 2026-06-06 Governance Levels: Baseline / Recommended / Regulated

Objective

Deploy Data Loss Prevention (DLP) policies that specifically target the Microsoft 365 Copilot location to detect and block sensitive financial data in user prompts, Copilot-generated responses, and files referenced during Copilot grounding. This control supports compliance with GLBA safeguard requirements and helps prevent the unauthorized exposure of personally identifiable information (PII), account numbers, and other regulated data types through AI-assisted interactions.

Why This Matters for FSI

  • GLBA §501(b) requires financial institutions to implement administrative, technical, and physical safeguards to protect customer information — Copilot interactions represent a new vector for potential data exposure that must be governed
  • SEC Reg S-P (17 CFR Section 248), amended effective December 3, 2025 (larger entities) mandates policies and procedures to safeguard customer records and information — DLP for Copilot helps prevent sensitive customer data from being surfaced in AI-generated responses shared beyond intended audiences, and the SIT-based prompt blocking type directly addresses the requirement that customer information safeguards cover AI interaction surfaces
  • FINRA Rule 4511 requires firms to make and preserve books and records — DLP policy match events create an auditable record of when sensitive data was detected in Copilot interactions
  • Sarbanes-Oxley §§302/404 requires adequate internal controls over financial reporting — DLP policies help prevent material non-public information (MNPI) from leaking through AI-generated summaries or drafts
  • FFIEC IT Examination Handbook expects institutions to identify and protect sensitive data across all processing channels, including AI-assisted workflows

Control Description

Microsoft Purview DLP includes Microsoft 365 Copilot as a dedicated location in DLP policy configuration. Administrators can create three architecturally distinct policy types that govern different enforcement points in the Copilot interaction chain. These policy types address fundamentally different risk vectors and must each be configured as separate DLP rules — they cannot be combined within a single DLP rule, but may exist as separate rules within the same policy.

DLP Policy Type 1: Label-Based Response Blocking

Configured in the Microsoft 365 Copilot DLP policy location. When a user's Copilot prompt causes grounding against a file or email that carries a sensitivity label matching the policy condition, Copilot is blocked from including that content in its response.

  • Enforcement point: Copilot's response generation (grounding phase)
  • What is scanned: Files and emails referenced during Copilot's retrieval
  • Primary use: Prevent Copilot from surfacing labeled content to users who should not receive it via AI
  • FSI application: Block Copilot from including MNPI-labeled documents in responses to users on the public side of an information wall; prevent Highly Confidential regulatory materials from being surfaced through Copilot summarization

DLP Policy Type 2: SIT-Based Prompt Blocking

A distinct policy type that scans the user's prompt itself for sensitive information types before Copilot processes the request. When a user types sensitive data directly into a Copilot prompt (for example, pastes credit card numbers or SSNs), Copilot is blocked from responding, including blocking grounding via Microsoft Graph or web search.

  • Enforcement point: The user's prompt (before Copilot processes it)
  • What is scanned: The text the user types into Copilot
  • Primary use: Prevent users from inadvertently submitting sensitive data to Copilot
  • FSI application: Per SEC Regulation S-P (17 CFR Section 248), amended effective December 3, 2025 for larger entities, customer information safeguards must cover AI interaction surfaces — SIT-based prompt blocking addresses this requirement by preventing customer account numbers, SSNs, and other regulated data from entering the Copilot processing chain

All three policy types must each be configured as separate DLP rules — they cannot be combined within a single DLP rule, but may exist as separate rules within the same policy.

DLP Policy Type 3: SIT-Based Web Search Restriction (Preview)

A distinct policy type that scans the user's prompt for sensitive information types and, when matched, blocks only Copilot's use of external web search as a grounding source for that prompt — while still allowing Copilot to generate a response using permitted internal Microsoft 365 data. This provides a more targeted enforcement posture than Type 2, preserving productivity for users who need answers from internal data while preventing sensitive data from reaching external search providers.

  • Enforcement point: The user's prompt (external web search grounding path only)
  • What is scanned: The text the user types into Copilot
  • Primary use: Prevent sensitive data in user prompts from being transmitted to external web search infrastructure while retaining Copilot's ability to respond from internal Microsoft 365 sources
  • FSI application: For firms handling MNPI or client PII where complete prompt blocking (Type 2) would unduly restrict productivity, Type 3 allows Copilot to remain useful for internal research and drafting tasks while restricting the external web search grounding vector — reducing the risk of sensitive data reaching external search services
  • Status: Preview as of mid-2026. Organizations should evaluate in non-production environments and confirm enforcement behavior before broad deployment.

Type 2 vs. Type 3: Type 2 blocks the entire Copilot response when a prompt contains SITs. Type 3 blocks only the external web search leg — Copilot may still return an answer using internal Microsoft Graph data. Use Type 2 for maximum prompt restriction; use Type 3 where a targeted web-search restriction is sufficient and internal-data responses are acceptable.

Policy Type Comparison

Aspect Label-Based Response Blocking SIT-Based Prompt Blocking SIT-Based Web Search Restriction
Enforcement point Copilot response (grounding phase) User prompt (before processing) User prompt (web search path only)
What is scanned Files and emails referenced by Copilot The text the user types into Copilot The text the user types into Copilot
Trigger Sensitivity label on source content SIT pattern match in prompt text SIT pattern match in prompt text
Effect on Copilot Blocks labeled content from grounding response Blocks entire Copilot response; no internal or web grounding Blocks external web search only; Copilot may still answer from internal M365 data
Can be combined with other types No — separate DLP rule required No — separate DLP rule required No — separate DLP rule required
FSI use Block AI surfacing of labeled NPI/MNPI Block users pasting account numbers, SSNs into prompts Restrict web grounding when prompt contains MNPI/PII while permitting internal-data responses
Status Generally available Preview Preview
Configured via Purview DLP > Create policy > Copilot location Purview DLP > Create policy > Copilot location Purview DLP > Create policy > Copilot location

Default DLP Policy for Copilot

Microsoft deploys a default DLP policy for Copilot in simulation mode (GA January 2026, MC1182689). This is the SIT-based prompt blocking type. The default policy detects sensitive information in Copilot prompts and runs in simulation mode — audit only, no blocking — to provide visibility without disrupting users during initial deployment.

  • Access path: Microsoft 365 Admin Center > Copilot > Security, or Microsoft Purview > Data loss prevention > Policies
  • Default behavior: Simulation mode — matches are logged but not blocked
  • When to act: Review the default policy simulation results before enabling enforcement; tune SIT confidence levels based on observed false positive rates

Edge Browser DLP for Copilot

DLP policies now extend to Copilot interactions within Microsoft Edge, preventing sensitive data from being submitted through browser-based Copilot interfaces (GA September 2025). Edge browser DLP catches interactions through the browser that the native M365 app DLP location may not cover.

  • How it works: Edge browser DLP applies policy evaluation to Copilot interactions at m365copilot.com and other Copilot web surfaces accessed through Edge
  • Complement to app DLP: The native Copilot location in Purview DLP covers Copilot within M365 apps (Word, Teams, Outlook, etc.); Edge DLP extends coverage to browser-based access
  • Configuration: Enable through Microsoft Purview > Data loss prevention > Endpoint DLP settings, with Edge configured as a monitored browser

Device Scoping for Endpoint DLP Policies

As of mid-2026, scoping Endpoint DLP policies by device (in addition to user) reached general availability. When a DLP policy includes the Devices location, enforcement can be conditioned on both the user and the device being in scope — the policy applies only when both conditions are met. Device groups are defined as dynamic groups in Microsoft Entra ID.

  • FSI application: Scope an Endpoint DLP policy so that, for example, controls apply when Finance users access regulated data from managed Windows devices but follow a different posture on unmanaged or non-Windows endpoints. This helps tailor enforcement to device risk posture rather than applying a single blanket policy.
  • Operational visibility: A device health reports dashboard surfaces device onboarding status, policy update readiness, and feature readiness for Endpoint DLP, and Endpoint DLP device configuration and policy-sync attributes can be queried at scale via the DeviceInfo table's DlpInfo column in Advanced Hunting (Microsoft Defender portal).
  • Caveat: Both the user and the device must be onboarded and in scope for a device-scoped policy to take effect; organizations should verify device onboarding and Entra ID group membership before relying on device-scoped enforcement.

Expanded Endpoint DLP File Type Support on Mac

As of early 2026, Microsoft has expanded endpoint DLP file type coverage on macOS from approximately 40 to over 100 monitored file types. This brings Mac endpoint DLP to near-parity with the file type coverage already available for Exchange, SharePoint, and OneDrive DLP locations. For FSI organizations with Mac-heavy environments (common in executive suites, research, and client-facing roles), this update closes a significant coverage gap where sensitive financial documents in less common file formats could bypass endpoint DLP detection on macOS devices.

Adaptive Scoping for SharePoint DLP Policies

DLP policies targeting SharePoint now support adaptive scoping, enabling more granular site-level policy targeting. Adaptive scopes use site attributes (name, URL, sensitivity label) to dynamically target DLP policies to specific SharePoint sites rather than applying policies to all sites.

  • FSI application: Create adaptive scopes that target DLP policies to sites containing regulated content (e.g., sites labeled "Confidential — MNPI" or sites in the investment banking division) while excluding non-sensitive collaboration sites, reducing false positive volume and improving policy signal quality
  • Configuration: Microsoft Purview > Data loss prevention > Policies > Create policy > Choose locations > SharePoint sites > Use adaptive scope
  • Limitation: Adaptive scopes for DLP follow the same attribute-based targeting model as adaptive scopes for retention — organizations should verify scope definitions match the intended site populations before enforcement

AI-Powered DLP Policy Explanations via Security Copilot

Microsoft Security Copilot now provides natural language explanations of DLP policy configurations and recent policy changes. When reviewing or auditing DLP policies, administrators can ask Security Copilot to explain what a policy does, what changed in a recent modification, and why specific matches triggered.

  • Audit transparency: For FSI firms subject to examination, Security Copilot-generated policy explanations can supplement internal documentation by providing plain-language summaries of DLP policy logic — useful for demonstrating policy intent to non-technical examiners
  • Change tracking: Security Copilot explains the differences between policy versions, aiding in change management documentation
  • Access: Available through the Microsoft Security Copilot interface when connected to the Microsoft Purview DLP data source

DLP Controls for Copilot Prompt Usage and Web-Grounding Restrictions

New DLP controls allow administrators to restrict how Copilot handles prompts involving sensitive data and web-grounding lookups. When enabled, these controls help prevent Copilot from using web search to supplement responses when the user's prompt or grounding context contains sensitive information types.

  • FSI application: Prevents a scenario where a user prompts Copilot with client-specific data and Copilot supplements the response with web-sourced information, potentially creating a data leakage vector or generating misleading financial content by mixing internal and external data
  • Configuration: Available as an additional enforcement action within the Microsoft 365 Copilot DLP location policy settings
  • Recommended for: Organizations handling MNPI, client PII, or other data where web-grounding could introduce compliance risk

"M365 Copilot and Copilot Chat" DLP Policy Location

Preview status (Roadmap ID 548671)

The M365 Copilot and Copilot Chat DLP policy location entered Public Preview in late March 2026. General availability is expected late June 2026. Organizations should evaluate this capability in preview and plan for GA enforcement timelines.

Microsoft is consolidating Copilot-specific DLP enforcement under a dedicated "M365 Copilot and Copilot Chat" policy location within Microsoft Purview DLP. This location provides real-time evaluation of user prompts before they are sent to external web search or processed by Copilot, and it unifies prompt-level and response-level DLP enforcement for all Copilot surfaces.

  • Real-time prompt evaluation: When a prompt contains sensitive information types matching the DLP policy, Copilot is blocked from sending the prompt to external web search. Copilot may still answer from internal Microsoft Graph data if the grounding context does not violate label-based policies.
  • Web search blocking behavior: If web search is blocked by the DLP policy due to sensitive data in the prompt, the user receives a policy tip explaining that the response is limited to internal data. This helps prevent inadvertent disclosure of sensitive data to external search infrastructure.
  • Required roles: Entra AI Admin, Purview Data Security AI Admin, Purview Compliance Admin, or Entra Global Admin
  • FSI application: Enables firms to maintain web grounding for general use while automatically restricting external data retrieval when prompts contain customer PII, account numbers, or MNPI patterns — a more granular approach than disabling web search entirely

DLP Policy Components for Copilot

Component Description FSI Application
Copilot Location Dedicated DLP location targeting all Copilot interactions Apply FSI-specific SIT detection to all AI interactions
Sensitive Information Types (SITs) Built-in and custom pattern matching for regulated data Detect SSNs, account numbers, ABA routing numbers, SWIFT codes
Sensitivity Label Conditions DLP rules triggered by document labels Block Copilot from processing "Highly Confidential" labeled content (Type 1)
Policy Tips Real-time user notifications when DLP triggers Educate users about data handling during Copilot use
Block Actions Prevent Copilot from processing or returning matched content Hard-block MNPI and customer PII in Copilot responses or prompts

FSI-Specific Sensitive Information Types

SIT Name Pattern Confidence Level Example
US Social Security Number \d{3}-\d{2}-\d{4} High 123-45-6789
ABA Routing Number \d{9} with check digit validation High 021000021
Credit Card Number Luhn-validated 13-19 digit patterns High 4111-1111-1111-1111
US Bank Account Number 8-17 digit patterns with context keywords Medium Account: 12345678901
SWIFT/BIC Code [A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})? High BOFAUS3N
CUSIP Number [A-Z0-9]{6}[A-Z0-9]{2}[0-9] Medium 037833100
ISIN Number [A-Z]{2}[A-Z0-9]{9}[0-9] Medium US0378331005
FINRA CRD Number Custom SIT with CRD context keywords Medium CRD# 12345
Material Non-Public Information Custom keyword dictionary + context Medium "insider", "material", "non-public"

DLP for Copilot Architecture

User Prompt ──────────────────────────────────────→ Copilot Service
     │                                                     │
     ├──▶ SIT-Based Prompt Blocking (Type 2)       Label-Based Response Blocking (Type 1)
     │    Scans prompt for SIT patterns             Scans referenced files/emails for labels
     │         │                                          │
     │         ├── No SIT → Copilot processes       ├── No label → Copilot returns content
     │         └── SIT match → Block all + Log      └── Label match → Block + Audit Log
     └──▶ SIT-Based Web Search Restriction (Type 3) [Preview]
          Scans prompt for SIT patterns
               ├── No SIT → web search proceeds normally
               └── SIT match → Block web search only + Log
                               (Copilot may still respond from internal M365 data)

Edge Browser DLP (September 2025)
Applied to Copilot interactions via Microsoft Edge browser
Extends coverage to browser-based Copilot surfaces (m365copilot.com)

Integration with DSPM for AI

Microsoft Purview now offers two related but distinct DSPM experiences for AI governance:

  • Data Security Posture Management (DSPM) — the current recommended experience, accessible via Microsoft Purview > Data Security Posture Management. This is the preferred interface for new deployments, offering expanded coverage across Copilot experiences, enterprise AI apps, and other AI apps, with richer analytics and the AI activities tab in activity explorer.
  • Data Security Posture Management for AI (classic) — the original DSPM-for-AI experience (accessible via Microsoft Purview > DSPM for AI). Microsoft has designated this path as "(classic)," indicating it is being superseded by the current DSPM experience. Organizations still relying on the classic interface should plan to transition to the current DSPM experience; Microsoft Learn documentation now refers to the classic path explicitly to distinguish it from the newer offering.

When combined with DLP policies, the current DSPM experience enables:

  • Real-time dashboards showing DLP policy matches across Copilot interactions (all three policy types)
  • Identification of users who frequently trigger DLP policies in Copilot
  • Trend analysis of sensitive data exposure attempts through AI interactions
  • Risk scoring for Copilot usage patterns based on data sensitivity
  • Accessible from: Microsoft Purview > Data Security Posture Management, or MAC > Copilot > Security

Copilot Surface Coverage

M365 Application DLP for Prompts DLP for Responses DLP for Referenced Files Notes
Microsoft 365 Copilot Chat Yes Yes Yes Primary concern — accesses all workloads
Word Yes Yes Yes Document drafting and summarization
Excel Yes Yes Yes Formula generation, data analysis
PowerPoint Yes Yes Yes Presentation generation
Outlook Yes Yes Yes Email drafting and summarization
Teams Yes Yes Yes Meeting summaries, chat interactions
OneNote Yes Yes Yes Note summarization
Loop Yes Yes Yes Collaborative content generation
Copilot Pages Yes Yes Yes New collaboration surface
SharePoint (Agents) Yes Yes Yes Declarative agent interactions
Edge Browser (Copilot web) Yes Yes Yes Edge DLP (GA September 2025) — browser-based access

Governance Levels

Level Requirement Rationale
Baseline Enable the default DLP policy for Copilot (SIT-based, simulation mode); enable at least one label-based DLP policy with US PII SITs (SSN, credit card) in audit-only mode; review simulation matches weekly Provides visibility across both policy types without blocking — suitable for initial deployment to understand data flow patterns
Recommended Enable both enforcement policy types: label-based blocking for Highly Confidential content; SIT-based prompt blocking for high-confidence matches (SSN, account numbers, ABA routing); consider adding SIT-based web search restriction (Type 3) for MNPI/PII patterns where full prompt blocking is too restrictive; enable Edge browser DLP; add MNPI keyword dictionary; enable policy tips for medium-confidence matches; transition default policy from simulation to enforcement after tuning Balances user productivity with data protection — appropriate for most FSI firms after initial monitoring period
Regulated All three policy types enforced with custom FSI SITs (CUSIP, ISIN, CRD, SWIFT); Edge DLP mandatory with Endpoint DLP for complete browser and device coverage; no simulation mode — all policies in enforcement; label-based blocking applied to all Confidential and above sub-labels; DLP incident review within 4 hours; current DSPM dashboards reviewed weekly by compliance Comprehensive protection for firms subject to frequent examinations or handling highest-sensitivity data

Setup & Configuration

Step 1: Navigate to DLP Policy Creation

Portal: Microsoft Purview Compliance Portal > Data loss prevention > Policies > Create policy Alternative: Microsoft 365 Admin Center > Copilot > Security (for accessing the default Copilot DLP policy)

Step 2: Create a Label-Based Response Blocking Policy (Type 1)

  1. Select Custom policy in the policy creation wizard
  2. In the "Choose locations to apply the policy" step, enable Microsoft 365 Copilot
  3. Optionally scope to specific users or groups for phased rollout
  4. Keep other locations (Exchange, SharePoint, OneDrive, Teams) enabled for comprehensive coverage
  5. Add rule condition: "Content contains sensitivity label = Highly Confidential"
  6. Action: Block Copilot from processing the content
  7. Policy tip: "This document is classified as Highly Confidential and cannot be processed by Copilot"

Step 3: Create a SIT-Based Prompt Blocking Policy (Type 2)

This is a separate policy from Type 1 — configure it independently in Purview DLP:

  1. Create a new DLP policy targeting the Microsoft 365 Copilot location
  2. Add rule conditions for FSI SITs:
  3. U.S. Social Security Number (SSN)
  4. Credit Card Number
  5. U.S. Bank Account Number
  6. ABA Routing Number
  7. Action: Block Copilot from responding to the prompt
  8. Policy tip: Notify the user that their prompt contains sensitive information

Step 4: Review and Configure the Default DLP Policy

  1. Access via: MAC > Copilot > Security, or Purview > DLP > Policies
  2. The default policy runs in simulation mode — review match data before enabling enforcement
  3. Tune SIT confidence levels based on observed false positive rates
  4. Enable enforcement after validation period (minimum 2 weeks of simulation data)

Step 5: Configure Edge Browser DLP

  1. In Microsoft Purview > Data loss prevention > Endpoint DLP settings
  2. Enable Microsoft Edge as a monitored browser for DLP enforcement
  3. Ensure the Endpoint DLP policies include the Copilot web surface conditions
  4. Verify Edge browser version meets minimum requirements for DLP policy enforcement

Step 6: Configure Sensitive Information Types

  1. Select built-in SITs for US financial data:
  2. U.S. Social Security Number (SSN)
  3. Credit Card Number
  4. U.S. Bank Account Number
  5. ABA Routing Number
  6. Add custom SITs for FSI-specific patterns:
  7. CUSIP Numbers
  8. ISIN Numbers
  9. MNPI keyword dictionaries

Step 7: Set Policy Actions

Match Confidence Baseline Action Recommended Action Regulated Action
High (>85%) Audit Block + notify user Block + notify user + alert compliance
Medium (65-85%) Audit Warn (policy tip) Block + notify user
Low (40-65%) No action Audit Warn (policy tip)

Step 8: Configure Alerts and Notifications

  1. Set up alert policies for DLP matches in Copilot
  2. Route high-severity alerts to the compliance team distribution group
  3. Configure incident reports with matched content samples (for authorized reviewers only)
  4. Set escalation timeline: 4 hours for high-severity, 24 hours for medium-severity

Key PowerShell Commands

# Connect to Security & Compliance PowerShell
Connect-IPPSSession

# View existing DLP policies targeting Copilot
Get-DlpCompliancePolicy | Where-Object { $_.Workload -match "Copilot" }

# View DLP policy rules and their SIT configurations
Get-DlpComplianceRule -Policy "FSI Copilot DLP Policy"

# Export DLP match report for Copilot location
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date) `
  -Operations "DlpRuleMatch" -ResultSize 5000 | Export-Csv "CopilotDLPMatches.csv"

Financial Sector Considerations

  • Broker-Dealers: Deploy both DLP policy types. The label-based type should include MNPI keyword dictionaries aligned with the firm's restricted list — preventing Copilot from surfacing MNPI content in responses. The SIT-based prompt blocking type catches registered representatives who inadvertently paste client account details or position data into Copilot prompts.
  • Registered Investment Advisers: Client portfolio details (account numbers, holdings, performance data) must be protected when Copilot summarizes or generates documents. Custom SITs for portfolio identifiers support the SIT-based prompt blocking policy; label-based DLP prevents Copilot from summarizing labeled client files for unauthorized users.
  • Banking (Commercial/Retail): Loan application data (SSN, income, credit scores) processed through Copilot must trigger DLP policies. The SIT-based prompt blocking type prevents bank employees from pasting SSNs or account numbers into Copilot queries; label-based blocking prevents Copilot from surfacing loan files labeled Highly Confidential.
  • Insurance Carriers: Protected health information (PHI) that intersects with insurance claims processing requires DLP rules aligned with both GLBA and HIPAA where applicable.
  • Examination Readiness: During FINRA or SEC examinations, regulators may ask to see DLP policy configuration and match statistics for AI-assisted tools. Maintain documented evidence of both policy types — their deployment dates, configuration, and match histories demonstrate proactive risk management across both the prompt and response enforcement points.
  • DSPM Reports: Use the current Data Security Posture Management (DSPM) experience in Microsoft Purview to generate examination-ready reports showing how sensitive data is governed across Copilot interactions. Organizations should use the current DSPM experience rather than DSPM for AI (classic), which is being superseded. These reports can demonstrate proactive risk management to examiners.
  • Cross-Workload Considerations: Microsoft 365 Copilot Chat searches across all workloads. A single Copilot Chat prompt may retrieve content from SharePoint, OneDrive, Exchange, and Teams simultaneously — label-based DLP policies must account for this cross-workload grounding behavior.

Verification Criteria

  1. Three DLP Policy Types Evaluated: Confirm at least one label-based response blocking policy and one SIT-based prompt blocking policy exist with the Microsoft 365 Copilot location enabled; evaluate whether SIT-based web search restriction (Type 3, preview) is appropriate for the organization's risk posture — verify in Microsoft Purview > DLP > Policies
  2. Default Policy Status: Locate the Microsoft-deployed default DLP policy in simulation mode; review match statistics; document whether enforcement has been enabled
  3. SIT Coverage: Verify that FSI-relevant SITs (SSN, ABA routing, account numbers, credit card numbers) are included in the SIT-based prompt blocking policy
  4. Label-Based Blocking: Upload a test document labeled "Highly Confidential" to SharePoint, then attempt to reference it via Copilot — confirm Copilot is blocked from processing
  5. SIT Prompt Blocking: Submit a test prompt containing a test SSN pattern (000-00-0000) directly to Copilot — confirm the SIT-based policy triggers (audit event or block) based on governance level
  6. Edge DLP Coverage: Verify that DLP policies extend to Copilot interactions accessed via Microsoft Edge browser
  7. Alert Routing: Verify that DLP match alerts for Copilot interactions are routed to the designated compliance team mailbox or SIEM
  8. Audit Log Entries: Confirm DLP match events appear in the Unified Audit Log with the "DlpRuleMatch" operation and Copilot workload identifier
  9. DSPM Dashboard: Verify that the current Data Security Posture Management (DSPM) experience shows Copilot DLP policy match data for applicable policy types and that dashboards are accessible to compliance reviewers; if previously using DSPM for AI (classic), confirm transition planning to the current DSPM experience
  10. Policy Tip Display: Confirm that users see policy tips when medium-confidence SIT matches occur during Copilot interactions
  11. Custom SIT Accuracy: Validate that custom FSI SITs (CUSIP, ISIN, CRD) correctly match intended patterns and do not produce excessive false positives (target <5% false positive rate)
  12. Periodic Review Evidence: Confirm that DLP policy review cadence is documented (quarterly at minimum) and that review records are retained

Additional Resources