web

You’re offline. This is a read only version of the page.

Skip to main content

Power Platform Community

Cancel

Search

Announcements

Welcome to the Power Platform Communities

You're Invited to Keeping It Real with the Power Platform

News and Announcements icon

Community site session details

Session Id :

Power Platform Community / Forums / Copilot Studio / Identifying PII/PCI da...

Copilot Studio

Suggested Answer

Identifying PII/PCI data in Microsoft 365 Outlook Emails by leveraging Microsoft Purview.

edit

Subscribe (1)

Share

Report

Report

Posted on by AD-01081101-0

62

Hi Team,

We have a requirement of identifying PII/PCI data in Microsoft 365 Outlook emails.

Most of the email bodies will be having (i.e text, tables and images).

Just want to check is there any approach to identify PII/PCI data in Microsoft 365 Outlook emails.

These emails will be used as a knowledge source in Copilot Studio agent and will be exposed to open AI LLM.

Any suggestions will be appreciated.

Regards.

Avinash.

Categories:

Bot extensibility

I have the same question (0)

All responses Img

All responses (2)

Answers Img

Answers (0)

Sort by

Suggested answer

11manish 1,922 on at

Like (1)

Report
Copy link

Link copied!

Yes, there are robust approaches to identify PII/PCI data in Microsoft 365 Outlook emails.

The recommended method is to use Microsoft Purview for built-in sensitive information detection and DLP policies, combined with Azure AI services (Vision + Language) for handling images and advanced text analysis.

The best practice is to detect and classify sensitive data, then redact or mask it before storing or exposing the content to Copilot Studio or any LLM. Copilot should only consume sanitized data, ensuring compliance and preventing sensitive data leakage.

Was this reply helpful? Yes No
Suggested answer

Valantis 4,803 on at

Like (1)

Report
Copy link

Link copied!

Hi @AD-01081101-0,

There are two separate problems here: identifying PII/PCI in the emails, and preventing that data from being exposed through the agent. Let me address both.

For identifying PII/PCI in Outlook emails, Microsoft Purview DLP is the right tool. It uses built-in Sensitive Information Types (SITs) that cover credit card numbers, SSNs, passport numbers, IBAN and many other PCI/PII patterns out of the box.

You can also define custom SITs for your organization-specific patterns. Purview scans Exchange Online email bodies including tables. Images with embedded text are a known limitation Purview does not OCR images inside email bodies, so PII in images won't be detected by DLP.

For preventing that data from reaching the agent and the LLM, there are two confirmed mechanisms:

1. Sensitivity labels: Apply labels to emails containing sensitive data. Microsoft docs confirm that when a sensitivity label restricts access, Copilot Studio agents built on that knowledge source will not use that content to generate responses. This is the cleanest enforcement layer.

2. DLP policy scoped to Microsoft 365 Copilot: Create a DLP policy targeting the Copilot location with your SITs as the condition. When sensitive content is detected in a prompt or knowledge retrieval, Copilot blocks the response. This is now generally available.

One important limitation for your specific scenario: Purview's DLP for Copilot currently applies most cleanly when the knowledge source is SharePoint. Emails as a knowledge source in Copilot Studio custom agents have more limited Purview enforcement coverage compared to SharePoint — this is worth validating in your specific tenant setup before going to production.

Ref: https://learn.microsoft.com/en-us/purview/ai-copilot-studio

Ref: https://learn.microsoft.com/en-us/purview/dlp-microsoft365-copilot-location-learn-about

Best regards,

Valantis

✅ If this helped solve your issue, please Accept as Solution so others can find it quickly.

❤️ If it didn’t fully solve it but was still useful, please click “Yes” on “Was this reply helpful?” or leave a Like :).

🏷️ For follow-ups @Valantis.

📝 https://valantisond365.com/

💼 LinkedIn

▶️ YouTube

Was this reply helpful? Yes No

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Join the conversation

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

You're Invited to Keeping It Real with the Power Platform

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Subscribe to this forum!

Stay up to date on forum activity by subscribing.

Select categories

Autonomous agents

Bot administration

Bot analytics

Bot extensibility

Building Copilot Studio chatbots in Microsoft Teams

Calling actions from Copilot Studio

Copilot Studio pre-built agents/templates

Copilot Studio skills development

General topics

Model context protocol

Publish & channel management

Topic creation & management

Leaderboard > Copilot Studio

#1

#2

#3

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ❤️ MCP" lab

Block PII/PCI in Copilot Studio agent user prompt

Product updates

Microsoft Power Platform Community release plans

© Microsoft

Manage Cookies
Privacy & cookies
Terms of use
Trademarks

Your Privacy Choices Consumer Health Privacy

Messages

Profile
Messages
My activity
Sign out