Sensitivity Labels and Copilot: Enforcement Guide 2026

Microsoft Copilot Sensitivity Labels Enforcement Guide (2026)

Microsoft Copilot sensitivity label enforcement is the discipline of using Microsoft Purview sensitivity labels to control which content Microsoft 365 Copilot can ground on, which prompts trigger DLP, and which responses get redacted. Done correctly, Copilot becomes safe for regulated industries. Done incorrectly, Copilot creates compliance findings within 30 days.

EPC Group has delivered Microsoft Copilot sensitivity label engagements for Fortune 500 healthcare, financial services, government, defense contractors, and pharma since the M365 Copilot GA wave.

TL;DR — 5-Layer Sensitivity Label Enforcement

Layer	Purpose
1. Taxonomy	5-tier label hierarchy (Public → Restricted)
2. Auto-labeling	Coverage push to 80%+ on regulated content
3. Container labels	Site-level inheritance
4. Microsoft Copilot grounding scope	Restricted-tier blocks grounding
5. DLP enforcement	Block external sharing + Copilot prompts/responses

Layer 1: Sensitivity Label Taxonomy

EPC Group standard 5-tier:

1. Public — public information, no restrictions
2. General — internal but not sensitive, broad sharing OK
3. Confidential — internal sensitive, encryption optional
4. Highly Confidential — limited distribution, encryption required
5. Restricted — regulated content, Copilot grounding BLOCKED

Industry-specific Restricted sub-labels:

• Restricted-PHI (healthcare)
• Restricted-MNPI (financial pre-public)
• Restricted-PCI (card data)
• Restricted-CUI (government CUI)
• Restricted-Clinical (pharma clinical trials)
• Restricted-IND-NDA (pharma regulatory submissions)
• Restricted-ITAR (defense ITAR-controlled)

Layer 2: Auto-Labeling Coverage Push

Microsoft Purview auto-labeling rules:

Industry	Pattern Triggers
Healthcare	MRN, name+DOB, ICD-10, CPT, prescription, lab patterns
Financial	SSN, credit card BIN, MNPI keywords + ticker proximity
Government	CUI banner markings, ITAR keywords, classification banners
Pharma	Clinical patient identifiers, IND/NDA submission content
Universal	Passwords, API keys, secrets, internal credentials

Coverage progression:

• 30 days: 40-50%
• 60 days: 60-70%
• 90 days: 80%+
• Continuous: 90-95%

Layer 3: Container Labels at Site Level

SharePoint sites get sensitivity label container labels:

Site Type	Default Container Label
Public intranet (Communication Site)	General
Department collaboration	Confidential
Project / customer engagement	Confidential or Highly Confidential
HR / Legal / Finance	Highly Confidential
Regulated content (PHI, MNPI, CUI)	Restricted (industry-specific sub-label)

Container labels drive:

• External sharing posture (per tier)
• Conditional Access enforcement
• Default file label inheritance
• Microsoft 365 Copilot grounding scope
• DLP policy application

Layer 4: Microsoft Copilot Grounding Scope

Microsoft Copilot grounding behavior by sensitivity label:

Label Tier	Grounding Behavior
Public	Available for grounding
General	Available for grounding
Confidential	Available for grounding (logged in Microsoft Purview Audit)
Highly Confidential	Available for grounding (logged + risk-scored in Microsoft Purview AI Hub)
Restricted	BLOCKED from grounding regardless of user permission

The Restricted-tier block is the critical compliance gate. Documents labeled Restricted-PHI, Restricted-MNPI, Restricted-CUI never appear in Copilot grounding.

Layer 5: DLP Enforcement

Microsoft Purview DLP for sensitivity-labeled content:

• Block external sharing of Restricted-tier
• Block Restricted-tier from cross-tenant Microsoft Teams chat
• Block Restricted-tier from Microsoft 365 Copilot prompts (defense in depth)
• Redact PII patterns appearing in Copilot responses
• Microsoft Purview Endpoint DLP for clipboard / USB / cloud-upload prevention

Microsoft Copilot Studio Agent Sensitivity

For Microsoft Copilot Studio custom agents:

• Agent grounding scope inherits sensitivity-label restrictions
• Agent inventory tracks sensitivity-tier exposure per agent
• Microsoft Purview AI Hub monitors agent prompt/response per sensitivity tier
• Microsoft Sentinel custom rules for agent-level anomalies

Microsoft Sentinel Integration

// Restricted-tier grounding attempts
CopilotEvents
| where SensitivityLabel startswith "Restricted"
| where ResponseStatus == "Blocked"
| summarize attempts = count() by UserPrincipalName, bin(TimeGenerated, 1h)
| where attempts > 10

// Cross-sensitivity grounding (Information Barrier indicator)
CopilotEvents
| where GroundingScope has "cross-barrier"
| where SensitivityLabel in ("Confidential", "Highly Confidential", "Restricted")

Microsoft Compliance Manager Mapping

Sensitivity label enforcement maps to:

• HIPAA Security Rule (technical safeguards)
• FINRA Rule 3110 (supervision via Microsoft Purview AI Hub)
• SEC Rule 17a-4 (record retention for Restricted-tier)
• FedRAMP NIST SP 800-53 (AC-3 access enforcement)
• CMMC Level 2 (NIST 800-171 control implementation)
• EU AI Act (Article 50 transparency obligations)

Pricing

EPC Group fixed-fee Microsoft Copilot sensitivity label enforcement:

• Mid-market: $150K-$300K (4-6 months)
• Enterprise: $300K-$700K (6-9 months)
• Fortune 500: $700K-$1.5M (9-12 months)

Includes taxonomy design, auto-labeling rule deployment, coverage push to 80%+, container label rollout, DLP policy library, Microsoft Sentinel custom analytics rules.

Frequently Asked Questions

What's the most critical sensitivity label for Copilot?

The Restricted tier (industry-specific sub-labels). Without Restricted-tier blocking Copilot grounding on regulated content, every other governance layer is incomplete.

How long does sensitivity label rollout take?

EPC Group standard:

• Phase 1: Taxonomy design (4 weeks)
• Phase 2: Auto-labeling rule deployment (4 weeks)
• Phase 3: Coverage push to 80%+ (90 days)
• Phase 4: Container labels at site level (4-6 weeks)
• Phase 5: DLP policy library (4-6 weeks)
• Continuous: Quarterly tuning + new pattern integration

Total: 5-7 months for mature posture.

What about regulated industries?

Healthcare (HIPAA), financial services (FINRA, SEC), government (FedRAMP, CMMC), and pharma (GxP) require sensitivity label enforcement at 80%+ on regulated content before any tenant-wide Microsoft 365 Copilot license activation.

Who delivers EPC Group sensitivity label engagements?

EPC Group senior architects with Microsoft Information Protection / Microsoft Purview experience since 2017. Errin O'Connor is a 4-time Microsoft Press author. Senior architects bring CIPP, CISSP, Microsoft Information Protection Specialist credentials.

Next Steps

Schedule a 30-minute Microsoft Copilot sensitivity label discovery call at /schedule or call (888) 381-9725. Senior architects (not sales) take discovery calls.

Related reading: Microsoft Purview Data Governance Enterprise Guide, Microsoft Purview for Copilot Implementation, Microsoft Copilot Data Loss Prevention Enterprise Guide, Microsoft 365 Copilot Security & Data Protection Enterprise Guide, and Microsoft Copilot Governance Framework for Regulated Industries.