Overview
- Microsoft says a code defect, tracked as CW1226324, let Microsoft 365 Copilot Chat process emails labeled confidential.
- Admins were told the issue affected the Copilot “work tab,” pulling from users’ Sent Items and Drafts despite DLP and sensitivity labels.
- A fix began rolling out in early February, and Microsoft is monitoring deployment and contacting some customers to verify remediation.
- Microsoft has not said how many organizations were affected or when full remediation will conclude, and it classified the incident as an advisory.
- A spokesperson said Copilot could surface content the author was already permitted to access, and separate reporting notes the European Parliament restricted built‑in AI features on work devices.