MC1133507: Microsoft 365 Copilot | New admin policy for harmful content access in Microsoft 365 Copilot
Microsoft 365 Copilot introduces a new admin policy allowing specific users, like legal or compliance teams, to access harmful content in Copilot Chat. This feature, off by default, requires explicit assignment and lets users disable harmful content protection per conversation. Rollout begins Sep...
Introduction
We’re introducing a new policy setting in Microsoft 365 Copilot that gives administrators enhanced control over how users interact with harmful content protection in Copilot Chat. This feature is designed to support specialized roles—such as legal, investigative, or moderation teams—where exposure to sensitive content may be necessary. It enables these users to reason over sensitive content using BizChat while maintaining organizational safeguards.
This feature is available with the Microsoft 365 Copilot add-on license, which enables Copilot in eligible Microsoft 365 plans.
This message is associated with Microsoft 365 Roadmap ID 499809.
When this will happen
General Availability (Worldwide): Rollout will begin in early September 2025 and is expected to complete by early September 2025.
How this affects your organization
This update allows organizations to assign a new policy that enables specific users—such as those in legal or compliance roles—to interact with sensitive content in BizChat. By default, this feature is turned off and will not affect users unless the policy is explicitly assigned.
Admins will see a new policy setting in the Microsoft 365 admin center (shown below), which enables assignment of harmful content access in Copilot Chat.
Admin UX for assigning harmful content access policy in Microsoft 365 Copilot:
For users who are assigned the policy:
- A new option will be available in Copilot Chat that allows them to disable harmful content protection for a specific conversation.
- The default setting is RAI-protected, and users must explicitly turn off protection per conversation.
What you can do to prepare
No action is required unless your organization wants to enable this capability for specific users. Admins can assign the policy to appropriate users based on role requirements. For more information, refer to the Microsoft 365 Copilot documentation (link to be added when available).
Compliance considerations
No compliance considerations identified, review as appropriate for your organization.