Microsoft says a bug in the Microsoft 365 Copilot βwork tabβ chat has been summarizing confidential emails from usersβ Sent Items and Drafts since late January, bypassing sensitivity labels and configured data loss prevention controls. Microsoft identified the issue as a code error, began rolling out a fix in early February, and is monitoring the deployment while contacting affected users without providing a full remediation timeline. #Microsoft365Copilot #CopilotChat
Keypoints
- The bug (tracked as CW1226324) was first detected on January 21 and affects the Copilot βwork tabβ chat feature.
- Copilot Chat has been reading and summarizing emails stored in Sent Items and Drafts folders.
- Messages carrying confidentiality labels meant to restrict automated access were incorrectly processed, bypassing DLP policies.
- Microsoft attributed the issue to a code error and began deploying a fix in early February while monitoring the rollout.
- The company has not disclosed the full scope or a final remediation timeline and is contacting a subset of affected users.