Field note
Microsoft 365 Copilot sensitivity labels
Copilot-generated files can inherit the highest source sensitivity label. That helps only when the labels, permissions and exceptions are already sound.
Microsoft's 1 July 2026 Copilot release notes say generated files now inherit the highest sensitivity label detected in the source data. If Copilot cannot apply a label, the user receives a notification before the file is shared or stored.
This closes one obvious gap: a sensitive source should not produce an unlabelled output. It does not repair a weak labelling scheme, stale source permissions or users who can extract data they should not be able to reuse.
Understand what inheritance does
Microsoft Purview sensitivity labels carry a priority. Where label inheritance is supported by Copilot and agents, Microsoft says the highest-priority label is selected. That is normally the most restrictive label in a well-designed scheme.
If a label applies encryption, Copilot and agents check the user's usage rights. Microsoft says the user needs the EXTRACT right, as well as access to view the item, before data from it can be returned.
Those two controls answer different questions:
- Label inheritance: how should the generated file be classified and protected?
- Usage rights: was this user allowed to extract the source content into a new output?
Test both. A correctly labelled file is still the wrong outcome if it contains information the user should never have been able to extract.
Run a source-to-output test matrix
Create test documents containing harmless sample data. Cover at least:
- one unlabelled source;
- one source labelled General;
- one source labelled Confidential;
- two sources with different label priorities;
- an encrypted source where the user has EXTRACT rights;
- an encrypted source where the user can view but cannot extract; and
- a source from another organisation.
For each case, record whether Copilot can use the content, which label appears on the output, whether encryption remains effective and what notification the user sees when a label cannot be applied.
Run the test in every file-creation workflow the business plans to use. A result in Word does not prove the same experience in another app or an agent workflow. Availability can also vary during a Microsoft 365 rollout, so record tenant, licence and test date.
Fix the label estate first
Inheritance amplifies the existing classification. Before relying on it, check:
- labels are published to the right users;
- label names are understandable to staff;
- priority order matches the intended protection;
- encryption rights reflect real job roles;
- SharePoint and OneDrive support for sensitivity labels is enabled;
- downgrade and removal rules are documented; and
- external sharing behaves as expected.
Pay particular attention to “General” or “Confidential” labels that are widely used but do not change access or sharing. A label name is not a permission boundary by itself.
Treat watermarks as a separate control
Microsoft also provides a Cloud Policy setting for adding watermarks to AI-generated or AI-altered video and audio. The image setting is separate and user-controlled through Microsoft account privacy settings. Microsoft documentation also describes AI provenance information in content metadata, with availability varying by media type.
None of these is a substitute for a Purview sensitivity label:
- a sensitivity label protects business information according to policy;
- a visible watermark tells a viewer content was generated or altered with AI; and
- provenance metadata records technical information about creation.
Decide which problem each control solves. Do not tell staff that “the watermark makes it confidential” or that a Confidential label proves the content was human-authored.
Give users an exception route
The release notes say Copilot notifies a user if it cannot apply a label. Define what the user should do next. The safe route is to save nothing externally, capture the error, apply the correct label if authorised and escalate repeated failures to the Microsoft 365 owner.
Do not teach users to copy the output into an unlabelled document to get around the warning. Monitor downgrade, label-removal and external-sharing events during the pilot.
A focused Microsoft 365 security review can check the labels alongside SharePoint permissions, Conditional Access and sharing settings. Copilot inherits the tenant it is given.