Skip to main content
  1. Home
  2. Computing
  3. News

Check your Copilot settings after this confidential email bug

Microsoft says Copilot "work tab" chat pulled from Sent Items and Drafts despite labels.

By
Add as a preferred source on Google
Copilot
Unsplash

Microsoft has warned that a Microsoft 365 Copilot issue led Copilot Chat to generate summaries from confidential emails that should have been blocked by sensitivity labels and data loss prevention controls. It detected the problem on January 21, and tied it to the Copilot “work tab” chat experience.

If your workplace relies on labels and DLP to keep sensitive mail from being processed, the immediate question is simple. Did the fix reach your tenant, and does Copilot still pull from the wrong places.

A DLP bypass in the work tab

First spotted by BleepingComputer, Microsoft says an internal code error caused Copilot “work tab” chat to pick up items from Sent Items and Drafts, then summarize them even when a sensitivity label and a DLP policy were configured.

Recommended Videos

Those folders are also where sensitive material tends to live. Drafts can hold negotiations, early numbers, or language you never intended to send. Sent Items can include the final wording that went to a customer, partner, or regulator. A summary that includes restricted text makes it easier for information to travel inside everyday chat.

For admins, the key point is that this isn’t about someone copy pasting an email into Copilot.

What Microsoft still isn’t saying

Microsoft began deploying a fix in early February and says it’s monitoring to confirm the change works. But it hasn’t shared two details security teams will care about, how many tenants were affected, and how far back the behavior went before it was detected on January 21.

Without a clear window, it’s hard to choose between a narrow review and a broader one.

What you should do next

Admins should test whether Copilot “work tab” chat can still summarize labeled emails from those mail folders in your environment. Write down what you observe, and keep it with audit notes in case your security team needs to document impact later. Be thorough.

For everyone else, treat Copilot summaries as something to verify, not something to trust by default, until your IT team confirms the updated behavior. If you handle regulated or contract bound information, flag this now so the controls can be checked instead of assumed.

Paulo Vargas
Paulo Vargas
News Writer
Paulo Vargas is an English major turned reporter turned technical writer, with a career that has always circled back to…
Topics
Macbook Neo stress test shows Apple could’ve made it run cooler with a simple fix
This simple mod makes the MacBook Neo faster.
Apple MacBook Neo with users hands on it

Apple's MacBook Neo arrived as a shock to the industry. It is the new cheap MacBook that is designed to be silent, efficient, and affordable. But a new stress test suggests that it could have been noticeably better with a very simple change.

As per a recent test, the addition of a basic copper plate to the cooling setup can improve both thermals and performance by a meaningful margin. And the frustrating part? It isn't some complex engineering overhaul and is relatively straightforward.

Read more
The Mac Pro is dead at Apple, and I’ll miss the cheese-grater powerhouse
RIP Mac Pro. The Mac Studio is taking the throne, and we're okay with that.
Electronics, Computer, Pc

Apple has officially discontinued the Mac Pro. It’s been removed from Apple’s website, and Apple has confirmed to 9to5Mac that there are no plans to release a future version. The buy page now redirects to Apple’s Mac homepage, where the Mac Pro no longer exists.

Why did Apple kill the Mac Pro?

Read more
March Madness, Revisited: The AI Model Did Well. But Mad Things Still Happen
Stills from NCAA games.

(NOTE: This article is part of an ongoing series documenting an experiment with using AI to fill the NCAA brackets and see how it fares against years of human experience. The original article is as follows.)

A week ago, I wrote about entering an NCAA tournament pool with a more disciplined process than I usually use.

Read more