Copilot DLP Bypass: What Admins Must Do Now
A critical security flaw is exposing organizations to compliance risk — Copilot can summarize DLP-protected emails. The fix is rolling out but NOT complete. Plus: one-click email summarization is now live in Outlook, GPT-Image-1.5 brings faster generation, and EUR prices quietly dropped 7.4%.
📋 TL;DR — What You Need to Know
- 🚨 Critical: Copilot can summarize DLP-protected emails — fix rolling out but incomplete
- 📧 New: One-click email summarization now live in Outlook (no extra cost)
- 🖼️ Coming: GPT-Image-1.5 brings 4× faster, higher-quality image generation
- 💶 Pricing: EUR prices quietly dropped 7.4% as of Feb 1
- ⚠️ Outage: Copilot disruption on Feb 18 has fully recovered
🔴 Copilot DLP Bypass Vulnerability (CW1226324)
A critical security flaw is exposing organizations to compliance risk. Microsoft 365 Copilot can currently summarize emails protected by confidentiality sensitivity labels, completely bypassing your Data Loss Prevention policies.
The Issue
The "Work Tab" Chat feature pulls content from Sent Items and Drafts without properly checking sensitivity labels. If you're in healthcare, finance, government, or any regulated sector — this is a big deal.
| Timeline | Status |
|---|---|
| First reported | February 4, 2026 |
| Current status | ⚠️ Fix rolling out (NOT complete) |
| NHS incident logged | INC46740412 |
- Monitor Admin Center for CW1226324 updates
- Consider pausing Copilot access for sensitive workflows until fully remediated
- Review which users have Copilot licenses in regulated departments
- Document your response for compliance records
🟠 February Copilot Chat Roadmap Delivers
Microsoft published two key improvements this month:
1. One-Click Email Summarization in Outlook
Click "Summarize" on any email to instantly get key points. Follow-up prompts like "What are the action items?" work seamlessly.
2. GPT-Image-1.5 Preview
Faster, better image generation coming to Copilot Chat:
- Up to 4× faster generation
- Improved text rendering on images
- Better facial likeness preservation
- Feature parity with free ChatGPT experience
💶 EUR Price Adjustment
Microsoft quietly lowered EUR prices by 7.4% effective February 1, 2026. Good news for European customers — though the Copilot feature price increase is still on track for July 2026.
⚡ Quick Hits
| Item | Status |
|---|---|
| Copilot outage (Feb 18) | ✅ Recovered |
| Claude Opus 4.6 | Now has M365 enterprise integration — watch the AI assistant competitive space |
✅ Admin Action Items
- 🔴 URGENT: Review CW1226324 status in Admin Center — assess Copilot access for sensitive departments
- 🟢 Communicate: One-click email summarization to users (free feature, drives adoption)
- 📊 Update: Budget projections: EUR pricing down, July Copilot increase still coming
- 📝 Document: Any Feb 18 outage impact for SLA tracking
🔥 The Bottom Line
The Copilot DLP bypass is the headline this week — if you manage sensitive data, don't wait on this one. Monitor CW1226324 and consider temporary restrictions for regulated workflows until Microsoft confirms full remediation.
On the positive side, one-click email summarization is a quick win for user adoption, and the EUR price drop is a nice surprise for European clients.
Questions? Need help assessing your environment?
Fireside Cloud Solutions can help you evaluate your Copilot security posture, review DLP configurations, and plan for compliance. We're here to help.
Contact Fireside Cloud Solutions →