Restrict Copilot from accessing OneDrive Files.

Copper Contributor

A recent question I was asked about copilot for Microsoft 365 is:

"Can I restrict Copilot from accessing or 'Analysing' certain documents on OneDrive/SharePoint or does it read everything by default?"


I was stomped since I never thought of that. However, my first instinct was to think that it's possible through Microsoft Purview. Turns out the reality is much more complicated, and I still don't have a straight answer.

I Know I can restrict users from having copilot return data from files they don't have access too: 
That is NOT what I'm asking.

My question simply is, Can I have a file within the "Microsoft 365 boundary"; SharePoint or OneDrive, you name it and not let Copilot or semantic indexing read it or even have access to it?

if so, how can it be done?

7 Replies
An area to explore would be applying a sensitivity label to get it excluded from M365 Copilot.

That doesn't work as access to files is based on ACL permissions for the user. Copilot for M365 can use it regardless of sensitivity label.

Although Restricted SharePoint Search (RSS) will be part of the solution of the ask of OP, Onedrive files are (still) excluded and not meeting the ask.

I appreciate Microsoft listening to the community on Copilot M365 feedback, but I feel this is still too big of a gun for the ask. The ask is to provide a way to exclude certain specific content from Copilot (across the Microsoft Graph).

This RSS-gun also and still kills the Enterprise Search capability, and equals earlier given/received advice to turn off (for certain high sensitive SP-sites), the SP-search-indexing off to exclude it from Copilot (and therefore Enterprise search).

Another option would have been to use Double Key Encryption (DKE) or other forms of encryption that Copilot/Microsoft do not control, but it gives you maybe more hassle than you likely want.

Not meeting the full ask of the OP, but these are the current options to exclude info from Copilot M365
1) Take it out the Microsoft Graph/Tenant and store elsewhere (maybe searchable through other implemented solutions) ... not really useful.
2) Turn SP-search-indexing off ... not really useful either.
3) DKE as discussed above ... too much hassle.
4) RSS ... not a complete solution yet

RSS is a start though!
My 2 cents

@Michel Ehlert 

Thank you for you Input!


I must say we already considered the RSS option however it does not cover (as you mentioned) our main concern which is OneDrive. And the cons seems to outweigh the pros on that front anyways.


The DKE. option, brilliantly named by the way, is something we had in mind, we just called it an extra layer of encryption. This option although seems most reasonable raised 2 concerns:


- Is there any encryption solution that would provide end to end encryption-decryption services seamlessly for users ?

 What would that look like in terms of cost, efficiency/speed , integration with microsoft services.

specifically when it comes to preserving the collaboration capabilities of M365.

8t is simply not viable


-Will the encrypted data in OneDrive or elsewhere in the tenant affect copilot. since it is basically gibberish (after encryption) if indexed or ran through the underlying LLMs will it cause any unexpected behavior down the line .

(poorly articulated point but I hope you get my intent)


-taking it out of microsoft : it is the most obvious solution, but would counter what we want, which is to preserve M365 collaboration and cloud storage capabilities for the files to be “obscured for copilot”.


No matter how you put it, the solution should be native to microsoft, either through labeling by introducing in option such as “restrict copilot access” or having a location in each OneDrive and sharepoint site which is restricted to copilot and where users can choose to save files.


Just adding to the discussion since as of now there are no concrete solutions for this and only microsoft would have a way of dealing with this topic.



Odd. Not my area of expertise but working with a security architect we were able to apply label + testing had show Copilot unable to access. May have been more to the puzzle though. Good luck in finding something!

I guess the sensitivity label had a content restriction applied to it?

Even applying the content restriction Encryption will not prevent Copilot from using that data when a user also has EXTRACT permissions.
Also, at least someone will have EXTRACT permissions as part of Full ownership.