Control 2.2: Sensitivity Labels and Copilot Content Classification
Control ID: 2.2 Pillar: Security & Protection Regulatory Reference: GLBA 501(b), SOX 404 Last Verified: 2026-02-17 Governance Levels: Baseline / Recommended / Regulated
Objective
Implement a comprehensive sensitivity label taxonomy and auto-labeling strategy that governs how Microsoft 365 Copilot interacts with classified content. Sensitivity labels serve as the primary mechanism for controlling which documents Copilot can access, how Copilot-generated content is classified, and how label-based protections cascade to new content surfaces such as Copilot Pages. This control supports compliance with GLBA data safeguard requirements and helps meet SOX internal control obligations for information classification.
Why This Matters for FSI
- GLBA 501(b) requires financial institutions to develop, implement, and maintain a comprehensive information security program — sensitivity labels are a foundational technical control for classifying and protecting customer information across all M365 workloads, including Copilot
- SOX Section 404 mandates that management assess the effectiveness of internal controls over financial reporting — sensitivity labels create auditable, persistent classification markers that demonstrate information handling controls
- SEC Reg S-P (Rule 248.30) requires safeguarding customer records — label-based encryption and access restrictions help prevent unauthorized access to customer information via Copilot summarization
- FFIEC IT Examination Handbook expects data classification programs that identify and protect sensitive information — labels provide the classification layer that enables downstream DLP, access control, and retention policies
- OCC Guidance 2011-12 expects risk management practices that include data governance — labels enable consistent data handling across human and AI-assisted workflows
Control Description
Microsoft Purview sensitivity labels provide persistent, metadata-based classification that travels with content across M365. When Copilot accesses labeled content, the label influences:
- Whether Copilot can access the content at all (label-based DLP blocking)
- What protections are applied to Copilot-generated output (label inheritance)
- How Copilot Pages inherit labels from source content
- What default label is applied to newly created content
Label Taxonomy Structure: Label Groups
Microsoft Purview is migrating from the parent/child label hierarchy to label groups (GA January 2026, MC1111778). Label groups provide a new organizational container that replaces the parent label concept. The migration is not immediate deletion — parent labels are being migrated to the label groups model through a managed transition process.
- Migration path: Microsoft Purview > Information Protection > Labels > Migrate sensitivity label scheme
- What changes: The organizational container for grouped labels moves from "parent labels" to "label groups" — the labels themselves and their protections remain intact
- Copilot impact: Label groups affect how DLP policies reference label hierarchies and how Copilot evaluates label-based access decisions. Verify that label-based DLP policies (see Control 2.1, Type 1) continue to function correctly after migration by testing with representative labeled content
- Terminology: Use "label groups" when referring to the container; the individual labels remain "sensitivity labels"
| Label Group | Label | Description | Copilot Behavior | Protection |
|---|---|---|---|---|
| Public | Public | Information approved for external distribution | Full access | None |
| Internal | Internal — General | Standard business information | Full access | Header/footer marking |
| Internal | Internal — Employee Only | HR, compensation, internal memos | Full access | Header/footer + no external sharing |
| Confidential | Confidential — Standard | Client data, business strategies | Full access with DLP monitoring | Encryption (authorized users) |
| Confidential | Confidential — MNPI | Material non-public information | Restricted — DLP alerts on access | Encryption + information barriers |
| Highly Confidential | Highly Confidential — Regulatory | Examination correspondence, SAR-related | Blocked from Copilot processing | Encryption + DKE + no forwarding |
| Highly Confidential | Highly Confidential — Board/Executive | Board materials, M&A documents | Blocked from Copilot processing | Encryption + DKE + scoped access |
Governance tier recommendations for label groups migration: - Baseline: Plan migration timeline; inventory existing parent labels before migrating; document which DLP policies reference parent/sub-label conditions - Recommended: Migrate to label groups; test all Copilot DLP policies against the new label group structure before completing migration; update any DLP policy conditions that reference old parent label names - Regulated: Complete migration with documented validation that all DLP policies function correctly with label groups before moving to production; maintain pre-migration label taxonomy documentation for audit trail
Label Inheritance in Copilot
When Copilot generates content based on multiple source documents, label inheritance follows the most restrictive label principle:
Source Document A (Confidential) ─┐
├─→ Copilot Output → Confidential (highest label wins)
Source Document B (Internal) ─┘
Source Document A (Highly Confidential) ─┐
├─→ Copilot BLOCKED (HC source detected)
Source Document B (Confidential) ─┘
Copilot Studio Agent Label Inheritance
Copilot Studio agents inherit the highest sensitivity label from their knowledge sources. If an agent's knowledge base includes files labeled "Confidential" and "Public," the agent inherits the "Confidential" label as its effective classification.
- How it works: Microsoft evaluates all knowledge sources connected to the agent and assigns the highest label found across those sources as the agent's effective label
- Copilot governance impact: Agents with inherited high-sensitivity labels trigger label-based DLP policies (Control 2.1, Type 1) when users interact with them — users interacting with a Confidential-labeled agent may trigger DLP monitoring even if their prompt does not reference sensitive content directly
- Agent deployment review: Before activating a Copilot Studio agent, review the sensitivity labels on all configured knowledge sources. The agent's effective label should be documented as part of the deployment approval process
Governance tier recommendations for agent label inheritance: - Baseline: Audit all Copilot Studio agent knowledge source labels; document the effective inherited label for each deployed agent - Recommended: Enforce label inheritance review as part of the agent deployment approval workflow; agents with inherited Highly Confidential labels require compliance sign-off before activation - Regulated: Mandatory label inheritance assessment with documented compliance approval before agent activation; quarterly re-audit of deployed agents as knowledge sources are added or changed
Copilot Pages Label Behavior
Copilot Pages is a new collaboration surface where Copilot-generated content can be shared and co-edited. Label behavior for Pages:
| Scenario | Label Applied to Page | Notes |
|---|---|---|
| Page created from Microsoft 365 Copilot Chat response | Inherits highest label from grounding sources | Automatic — user cannot downgrade |
| Page shared with additional users | Label protections enforced | Users without label permissions cannot access |
| Page content exported to Word/PPT | Label travels with exported content | Persistent protection maintained |
| No labeled sources used | Tenant default label applied | Configurable — recommend "Internal" minimum |
Auto-Labeling Configuration
Auto-labeling applies sensitivity labels automatically based on content inspection. Auto-labeling now supports nested AND/OR/NOT conditions (GA December 2025), enabling more precise classification rules that combine multiple SIT detections with contextual exclusions.
For FSI classification, the nested condition logic enables rules such as: "Apply Confidential IF (contains SSN AND contains account number) OR (contains MNPI keyword) NOT (from public disclosure folder)." This eliminates the previous limitation of single-condition auto-labeling rules that could not express complex financial data classification requirements.
| Auto-Label Trigger | Target Label | SIT/Condition | Scope |
|---|---|---|---|
| SSN detected (high confidence) | Confidential — Standard | U.S. Social Security Number | All workloads |
| 5+ SSNs detected | Highly Confidential — Regulatory | U.S. SSN (instance count >= 5) | SharePoint, OneDrive |
| ABA routing + account number combo | Confidential — Standard | ABA Routing AND Bank Account (nested AND) | Exchange, SharePoint |
| MNPI keyword match | Confidential — MNPI | Custom MNPI keyword dictionary | All workloads |
| SAR/CTR keywords | Highly Confidential — Regulatory | Custom BSA/AML dictionary | Exchange, SharePoint |
| Contains CUSIP/ISIN AND context keyword, NOT in public disclosure folder | Confidential — MNPI | Nested AND/OR/NOT condition | SharePoint, OneDrive |
Configuring nested auto-labeling conditions: In Microsoft Purview > Information Protection > Auto-labeling > Create auto-labeling policy, the condition builder now supports grouped conditions with AND/OR logic and NOT exclusions. Nest conditions by creating condition groups and selecting the AND/OR/NOT operator between groups. This is an enhancement to the existing auto-labeling workflow — not a separate feature.
Default Label Policy
| Workload | Default Label | Justification Required to Downgrade |
|---|---|---|
| Word, Excel, PowerPoint | Internal — General | Yes |
| Outlook (email) | Internal — General | Yes |
| Teams meetings | Internal — General | No (may block adoption) |
| Copilot Pages | Internal — General | Yes |
| Power BI | Internal — General | Yes |
Copilot Surface Coverage
| M365 Application | Label Inheritance | Auto-Labeling | Default Label | Label-Based Blocking |
|---|---|---|---|---|
| Microsoft 365 Copilot Chat | Yes | N/A | N/A | Yes |
| Word | Yes | Yes | Yes | Yes |
| Excel | Yes | Yes | Yes | Yes |
| PowerPoint | Yes | Yes | Yes | Yes |
| Outlook | Yes | Yes | Yes | Yes |
| Teams | Yes | Limited | Yes | Yes |
| OneNote | Yes | Limited | No | Yes |
| Loop | Yes | Yes | Yes | Yes |
| Copilot Pages | Yes | Yes | Yes | Yes |
| SharePoint (Agents) | Yes | Yes | N/A | Yes |
| Copilot Studio Agents | Yes (inherits highest from knowledge sources) | N/A | N/A | Yes |
Governance Levels
| Level | Requirement | Rationale |
|---|---|---|
| Baseline | Deploy 4-tier label taxonomy using label groups (Public, Internal, Confidential, Highly Confidential); configure default label of "Internal" for Office apps; enable label inheritance for Copilot-generated content; plan label groups migration timeline; audit Copilot Studio agent knowledge source labels | Establishes classification foundation — minimum viable protection for Copilot deployment; migration awareness prevents unexpected DLP behavior changes |
| Recommended | Add sub-labels (MNPI, Regulatory, Board/Executive) within label groups; enable auto-labeling with nested AND/OR/NOT conditions for FSI classification rules; configure label-based DLP to block Copilot from Highly Confidential content; enforce justification for label downgrades; migrate to label groups and test Copilot DLP policies against new structure; require label inheritance review as part of agent deployment approval; enable DSPM for AI label analytics | Comprehensive label strategy with agent governance — suitable for most FSI production environments; nested auto-labeling reduces manual labeling burden for complex financial data patterns |
| Regulated | Mandate labeling (no unlabeled content allowed); deploy auto-labeling with nested conditions for all FSI SIT categories; enable double key encryption (DKE) for Highly Confidential sub-labels; complete label groups migration with full DLP policy validation before production; mandatory agent label inheritance assessment with compliance sign-off; quarterly label accuracy audits; integrate label telemetry with SIEM; label analytics reviewed monthly by compliance | Maximum classification rigor for firms facing frequent regulatory examinations or handling the most sensitive financial data |
Setup & Configuration
Step 1: Create Label Taxonomy Using Label Groups
Portal: Microsoft Purview > Information Protection > Labels > Create a label
- Create label groups: Public, Internal, Confidential, Highly Confidential
- Create labels within each group per the taxonomy table above
- If migrating from parent/child hierarchy: Microsoft Purview > Information Protection > Labels > Migrate sensitivity label scheme
- Configure visual markings (headers, footers, watermarks) for each label
- Configure encryption settings for Confidential and above
Step 2: Configure Label Policies
Portal: Microsoft Purview > Information Protection > Label policies > Publish labels
- Publish all labels to the appropriate user groups
- Set default label to "Internal — General" for Word, Excel, PowerPoint, Outlook
- Enable "Require users to apply a label" (Recommended and Regulated levels)
- Enable "Require justification for removing a label or lowering its classification"
Step 3: Configure Auto-Labeling Policies with Nested Conditions
Portal: Microsoft Purview > Information Protection > Auto-labeling > Create auto-labeling policy
- Create auto-labeling rules per the auto-labeling configuration table above
- For nested conditions: use the condition builder to create condition groups with AND/OR/NOT operators between groups
- Run in simulation mode for 14 days minimum before enforcement
- Review simulation results for false positive rate
- Enable enforcement after validation (target <3% false positive rate)
Step 4: Configure Label-Based Copilot Blocking
- In DLP policy configuration (see Control 2.1, Type 1), add condition: "Content contains sensitivity label"
- Select "Highly Confidential" (all labels in the Highly Confidential label group)
- Action: Block Copilot from processing
- This prevents Copilot from using Highly Confidential content as grounding sources
- After label groups migration: verify the DLP policy condition correctly references labels by their new group structure
Step 5: Review Copilot Studio Agent Label Inheritance
Portal: Microsoft 365 Admin Center > Agents > All agents / Registry
For each deployed Copilot Studio agent: 1. Review all configured knowledge sources and their sensitivity labels 2. Determine the effective inherited label (highest label across all knowledge sources) 3. Document the inherited label in the agent deployment record 4. Confirm that DLP policies covering the inherited label tier are in place before activating the agent
Step 6: Copilot Pages Label Settings
Portal: Microsoft 365 Admin Center > Settings > Copilot > Pages
- Configure label inheritance for Copilot Pages
- Set default label for Pages created without labeled sources
- Configure sharing restrictions aligned with label protections
Key PowerShell Commands
# Connect to Security & Compliance PowerShell
Connect-IPPSSession
# List all sensitivity labels (includes label group membership)
Get-Label | Format-Table Name, DisplayName, Priority, ContentType, ParentId
# List label policies
Get-LabelPolicy | Format-Table Name, Labels, Settings
# View auto-labeling policies
Get-AutoSensitivityLabelPolicy | Format-Table Name, Mode, WhenCreated
# Check label activity for a specific user
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) `
-Operations "SensitivityLabelApplied","SensitivityLabelUpdated" -UserIds "user@firm.com"
Financial Sector Considerations
- Broker-Dealers: The MNPI label within the Confidential label group is critical for firms with investment banking and trading operations. When Copilot encounters MNPI-labeled content, it should be blocked from including that content in responses to users who may be on the public side of the wall. Coordinate MNPI labeling with the firm's restricted list procedures. When migrating to label groups, verify that MNPI label conditions in DLP policies continue to function correctly.
- Registered Investment Advisers: Client portfolio documents and investment recommendations should be labeled at minimum "Confidential — Standard." Auto-labeling rules with nested conditions should detect client account number patterns specific to the firm's account numbering scheme combined with context keywords (AND logic), reducing false positives compared to single-SIT rules.
- Banking (Deposit-Taking): Suspicious Activity Report (SAR) documentation and Bank Secrecy Act (BSA) files must be labeled "Highly Confidential — Regulatory" to prevent any Copilot access. The "tipping off" prohibition under 31 USC 5318(g)(2) makes it critical that SAR-related content is never surfaced by Copilot to unauthorized individuals. Use nested auto-labeling conditions combining SAR/CTR keywords with BSA context to accurately classify these documents without over-labeling.
- Insurance Carriers: Policy documents containing personal health information may need label protections aligned with both GLBA and state insurance data security laws. Consider a label for "PHI-Insurance" within the Confidential label group.
- Copilot Studio Agent Governance: Financial institutions building Copilot Studio agents that query internal data (loan origination systems, client databases, research repositories) must conduct label inheritance assessments before deployment. An agent connected to a research database labeled "Confidential — MNPI" will inherit that label and trigger DLP policies on every interaction — this is correct behavior, but it must be explicitly planned and documented.
- Examination Readiness: Maintain documentation showing label taxonomy design decisions, label groups migration records, deployment dates, auto-labeling accuracy metrics, and periodic review records. Examiners may ask for evidence that the firm's data classification program extends to AI-assisted workflows and that agent deployments include label governance.
- Label Sprawl Prevention: Avoid creating more than 8-10 labels total. Financial firms often want dozens of sub-labels — this creates user confusion and reduces labeling accuracy. Consolidate where possible using label groups and use DLP policies for fine-grained enforcement within label tiers.
Verification Criteria
- Label Taxonomy Deployed: Confirm all required labels (Public, Internal, Confidential, Highly Confidential) are published and visible to users in Office applications
- Label Groups Migration Status: Verify current taxonomy structure — confirm whether migration from parent labels to label groups has been completed or is scheduled
- Default Label Active: Open a new Word document and verify the "Internal — General" label is automatically applied
- Label Inheritance: Use Copilot to summarize a Confidential-labeled document and verify the output inherits the "Confidential" label
- Highly Confidential Blocking: Attempt to reference a Highly Confidential document in a Copilot prompt — verify Copilot does not process the content and a DLP notification is generated
- Agent Label Inheritance: For at least one deployed Copilot Studio agent, verify the effective inherited label matches the highest label across its knowledge sources
- Auto-Labeling Accuracy: Review auto-labeling simulation results and confirm <3% false positive rate for deployed SIT-based rules; verify nested conditions function as designed
- Downgrade Justification: Attempt to change a label from Confidential to Internal — verify the system requires justification and logs the event
- Copilot Pages Label: Create a Copilot Page from content that references a Confidential document — verify the Page inherits the Confidential label
- Visual Markings: Open a Confidential-labeled document and confirm headers/footers/watermarks appear as configured
- Audit Trail: Verify that label application and modification events appear in the Unified Audit Log
- Policy Documentation: Confirm that label taxonomy documentation, label groups migration records, deployment records, and review cadence are maintained and accessible for examination
Additional Resources
- Sensitivity Labels Overview
- Sensitivity Labels in Microsoft Purview
- Migrate Sensitivity Label Scheme (Label Groups)
- Auto-Labeling Policies
- Default Sensitivity Labels
- Double Key Encryption (DKE)
- Related Controls: 2.1 DLP Policies, 2.4 Information Barriers, 2.11 Copilot Pages Security, 1.5 Sensitivity Label Taxonomy Review
- Playbooks: Label Taxonomy Design Playbook, Auto-Labeling Configuration Playbook, Label-Based DLP Playbook