{"id":25581,"date":"2026-07-10T11:32:10","date_gmt":"2026-07-10T09:32:10","guid":{"rendered":"https:\/\/kcpdynamics.com\/dlp-in-copilot\/"},"modified":"2026-07-10T11:32:10","modified_gmt":"2026-07-10T09:32:10","slug":"dlp-in-copilot","status":"publish","type":"post","link":"https:\/\/kcpdynamics.com\/en\/dlp-in-copilot\/","title":{"rendered":"DLP in Copilot: Secure Configuration in Microsoft 365"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"25581\" class=\"elementor elementor-25581 elementor-bc-flex-widget\" data-elementor-settings=\"{&quot;ha_cmc_init_switcher&quot;:&quot;no&quot;}\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1d6ba3b3 e-flex e-con-boxed e-con e-parent\" data-id=\"1d6ba3b3\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-64f73ea1 elementor-widget elementor-widget-text-editor\" data-id=\"64f73ea1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>An employee asks Copilot to summarize &#8220;all documents related to the pending acquisition.&#8221; Copilot responds with excerpts from contracts, financial terms, and customer data pulled from fifteen different files in SharePoint. No document was shared. No email was sent. But the confidential information is already visible, copyable, and ready to leave the secure environment. That is the real risk of deploying Copilot without <strong>DLP in Copilot<\/strong> properly configured.<\/p><p>This article explains what types of data are safe to handle with Copilot, which ones you must actively protect, what licenses you need for each protection layer, and how to configure data loss prevention policies in Microsoft Purview step by step so that AI works in your favor without becoming a data leakage vector.<\/p><aside class=\"nseo-cta\" style=\"background: #eff6ff;border: 1px solid #2563eb;border-radius: 8px;padding: 20px 24px;margin: 2rem 0;text-align: center\"><a href=\"https:\/\/kcpdynamics.com\/serie-de-webinars-2026\/sesion-02-copilot-studio\/\"><strong>Copilot Studio in action: automate processes in your industry without sacrificing security. See how.<\/strong><\/a><\/aside>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2eab9c52 dce_masking-none elementor-widget elementor-widget-image\" data-id=\"2eab9c52\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/kcpdynamics.com\/wp-content\/uploads\/dlp-en-copilot.jpg\" title=\"\" alt=\"Digital shield protecting documents and data flows with security layers in dark blue, red, and yellow.\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5325e3ba elementor-widget elementor-widget-heading\" data-id=\"5325e3ba\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Why Traditional DLP Is Not Enough for Copilot<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3d2529d8 elementor-widget elementor-widget-text-editor\" data-id=\"3d2529d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Classic DLP policies monitor three actions: sharing documents externally, sending emails with sensitive content, and downloading files to unauthorized devices. <strong>Copilot breaks that model entirely.<\/strong><\/p><p>Traditional DLP scans content at rest in SharePoint and OneDrive, intercepts outbound emails with sensitive content, and blocks unauthorized transfers to USB or cloud storage. But Copilot does not share, download, or send: it <em>synthesizes<\/em>. A Copilot response can contain fragments of sensitive data from multiple sources, none of which would have triggered traditional DLP because no document was shared or downloaded.<\/p><p>The Copilot response can contain aggregated confidential information that the user can copy, paste, screenshot, or discuss in a Teams meeting with external participants. Traditional DLP never sees that interaction unless you have configured specific policies for DLP in Copilot through Microsoft Purview.<\/p><p>This is the starting point that every CTO or security manager must internalize before activating Copilot in production: <strong>the data exposure surface changes radically with generative AI<\/strong>, and existing privacy policies do not cover that new perimeter.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-98789fd5 elementor-widget elementor-widget-heading\" data-id=\"98789fd5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What Licenses You Need for Each DLP in Copilot Layer<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7fa22643 elementor-widget elementor-widget-text-editor\" data-id=\"7fa22643\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<figure class=\"nseo-video-embed\"><iframe src=\"https:\/\/www.youtube.com\/embed\/-VfHwq_9ROQ\" title=\"YouTube video\" style=\"aspect-ratio: 16 \/ 9;width: 100%;height: auto;max-width: 100%\" loading=\"lazy\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/figure><p>Before designing any policy, you need to know what you have contracted. <strong>Access to DLP in Copilot capabilities depends directly on your licensing level.<\/strong> This is the reference table we recommend reviewing with your partner before approving the project:<\/p><table style=\"width:100%;border-collapse:collapse;margin:1.5rem 0\">\n  <thead>\n    <tr>\n      <th style=\"border:1px solid #2563eb;padding:10px 14px;text-align:left\">Protection Layer<\/th>\n      <th style=\"border:1px solid #2563eb;padding:10px 14px;text-align:left\">Minimum Required License<\/th>\n      <th style=\"border:1px solid #2563eb;padding:10px 14px;text-align:left\">Notes<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Restriction by sensitivity label (files and emails)<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Microsoft 365 E3 + Microsoft 365 Copilot license<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Requires sensitivity labels published in Purview<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Prompt blocking with SITs (sensitive information types)<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Microsoft 365 E5 or E3 + Purview add-on + Copilot license<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Included for all M365 Copilot users since Ignite 2025<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Blocking external web searches with sensitive data<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Microsoft 365 E5 or E3 + Purview add-on + Copilot license<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Same DLP policy, different action<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">SharePoint Advanced Management (oversharing)<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Included in the Microsoft 365 Copilot license<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Does not require E5 separately<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Audit, eDiscovery, and prompt retention<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Microsoft 365 E5 or Purview add-on<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Mandatory for LGPD, Habeas Data compliance and regulated audits<\/td>\n    <\/tr>\n  <\/tbody>\n<\/table><p>If your organization operates with E3 licenses without the Purview add-on, <strong>the prompt blocking layer will not be available<\/strong>. This is the most frequent licensing gap we find in initial tenant audits in LATAM. Validating it before designing the security architecture saves you weeks of rework.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dba3944e elementor-widget elementor-widget-heading\" data-id=\"dba3944e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What Information Is Safe to Share with Copilot<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0b84f377 elementor-widget elementor-widget-text-editor\" data-id=\"0b84f377\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Copilot can only summarize or reference content that the user is authorized to access. That is a baseline guarantee, but it is not sufficient for environments with confidential information.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9de3d58a elementor-widget elementor-widget-heading\" data-id=\"9de3d58a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Data You Can Handle with Copilot Without Additional Restrictions<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a8a5646 elementor-widget elementor-widget-text-editor\" data-id=\"4a8a5646\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n  <li>Internal working documents without a confidentiality label (drafts, general presentations, team wikis).<\/li>\n  <li>Everyday emails and calendars without regulated data.<\/li>\n  <li>Ongoing project information accessible to the entire team involved.<\/li>\n  <li>Aggregated and anonymized data for productivity analysis.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9c786384 elementor-widget elementor-widget-heading\" data-id=\"9c786384\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Data That Requires Active DLP in Copilot Policies<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2575cbef elementor-widget elementor-widget-text-editor\" data-id=\"2575cbef\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n  <li><strong>Regulated financial information:<\/strong> account numbers, agreement terms, audit data, material non-public information (MNPI).<\/li>\n  <li><strong>Health data:<\/strong> clinical records, health insurance numbers, any data covered by HIPAA or local LATAM regulations.<\/li>\n  <li><strong>Intellectual property:<\/strong> source code, formulas, trade secrets, unpublished product plans.<\/li>\n  <li><strong>Personally identifiable information (PII):<\/strong> passport numbers, national ID numbers, credit cards, physical addresses.<\/li>\n  <li><strong>M&amp;A information:<\/strong> due diligence documents, valuations, non-disclosure agreements.<\/li>\n<\/ul><aside class=\"nseo-callout nseo-callout--importante\" style=\"background: #eff6ff;border-left: 4px solid #2563eb;padding: 12px 16px;margin: 1rem 0\">\n  <strong>Important:<\/strong> Prompts, responses, and data accessed through Microsoft Graph are not used to train the foundational language models, including those used by Microsoft 365 Copilot. But that does not eliminate the risk of a user seeing, copying, or sharing a response that contains sensitive data from another user.\n<\/aside>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a3806ee elementor-widget elementor-widget-heading\" data-id=\"4a3806ee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How DLP in Copilot Works: The Three Protection Layers<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5436404 elementor-widget elementor-widget-text-editor\" data-id=\"b5436404\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Microsoft Purview protects interactions with Copilot at three distinct levels. <strong>You need policies at each layer<\/strong> to have real coverage.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1c0913f4 elementor-widget elementor-widget-heading\" data-id=\"1c0913f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Layer 1: File and Email Restriction by Sensitivity Label<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03ddf004 elementor-widget elementor-widget-text-editor\" data-id=\"03ddf004\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In November 2024, Microsoft introduced the ability to create a DLP policy to restrict Microsoft 365 Copilot and Copilot Chat from processing sensitive files and emails using sensitivity labels. When a file open in Word, Excel, or PowerPoint has a label for which a DLP policy has been configured to prevent processing by Copilot, the AI features in those applications are disabled. The file may still appear in metadata search results, but <strong>its content is not read or summarized<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-00be9024 elementor-widget elementor-widget-heading\" data-id=\"00be9024\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Layer 2: Prompt Blocking with Sensitive Information Types (SIT)<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-730029d6 elementor-widget elementor-widget-text-editor\" data-id=\"730029d6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This functionality evaluates the text entered by the user in real time, before processing occurs. With DLP in Copilot for prompts, the input text is scanned for built-in SITs\u2014such as social security numbers or credit cards\u2014or custom SITs defined by your organization. If a SIT is detected, Copilot restricts the processing of the prompt: <strong>no AI response is generated<\/strong> and users receive a clear notification that their request cannot be completed due to company policies.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c740b155 elementor-widget elementor-widget-heading\" data-id=\"c740b155\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Layer 3: Blocking External Web Searches with Sensitive Data<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03678c2d elementor-widget elementor-widget-text-editor\" data-id=\"03678c2d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Microsoft Purview DLP can prevent Copilot from sending sensitive information to external web services. When a prompt contains SITs\u2014such as credit card numbers, passports, or custom SITs\u2014Copilot automatically blocks the use of external web search as a grounding source for that prompt. Instead, <strong>it continues generating responses using only the permitted Microsoft 365 internal data sources<\/strong>.<\/p><aside class=\"nseo-callout nseo-callout--data\" style=\"background: #eff6ff;border-left: 4px solid #2563eb;padding: 12px 16px;margin: 1rem 0\">\n  <strong>Key fact:<\/strong> At Ignite 2025, Microsoft announced the general availability of Microsoft Purview DLP for Microsoft 365 Copilot. This capability is included for all Microsoft 365 Copilot and Copilot Chat users at no additional license cost.\n<\/aside>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-db4fd120 elementor-widget elementor-widget-heading\" data-id=\"db4fd120\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">DLP in Copilot and the Zero Trust Framework: How They Complement Each Other<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9191efb8 elementor-widget elementor-widget-text-editor\" data-id=\"9191efb8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>DLP in Copilot policies are most effective when they are part of a Zero Trust architecture. The Zero Trust principle\u2014never trust, always verify\u2014also applies to AI models: <strong>no user or system, including AI, should have implicit access to sensitive data<\/strong> simply by being inside the corporate perimeter.<\/p><p>In practice, this means combining three complementary control layers:<\/p><ul>\n  <li><strong>Conditional Access:<\/strong> defines the conditions under which a user can access Microsoft 365 Copilot: managed device, geographic location, sign-in risk level. If the user does not meet the conditions, Copilot is simply not available for that session, regardless of DLP policies.<\/li>\n  <li><strong>Privileged Identity Management (PIM):<\/strong> limits the exposure time of administrative roles that can modify Copilot DLP policies. An administrator with permanent access to those policies represents a greater risk than one with just-in-time access.<\/li>\n  <li><strong>DLP in Copilot policies:<\/strong> act as the last line of defense within the authorized session, blocking the processing of sensitive content even if the user has legitimate access to the system.<\/li>\n<\/ul><p>In LATAM environments operating under LGPD or Habeas Data, <strong>the combination of Conditional Access and DLP in Copilot is already an implicit requirement<\/strong> in many data security audits. Documenting both layers in the governance plan significantly accelerates certification processes.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d6735c2 elementor-widget elementor-widget-heading\" data-id=\"5d6735c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Real Cases: Oversharing and DLP in Copilot in LATAM<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-600cd16c elementor-widget elementor-widget-text-editor\" data-id=\"600cd16c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Field data is more eloquent than any architecture diagram. In Copilot deployment projects we accompany from KCP Dynamics, these are the most frequent patterns:<\/p><p><strong>Case 1 \u2014 Financial sector, Colombia:<\/strong> in the initial tenant audit of a mid-sized bank, 38% of M&amp;A due diligence documents had no sensitivity label applied. Copilot could summarize them without restriction for any user with access to the SharePoint library. Remediation required three weeks of labeling assisted by Purview auto-classification and the activation of DLP in Copilot with label-based blocking. Result: zero unauthorized access incidents to M&amp;A information in the following six months.<\/p><p><strong>Case 2 \u2014 Healthcare sector, Mexico:<\/strong> a private hospital activated Copilot without reviewing SharePoint permissions. In the first week, three administrative users were able to obtain summaries of patient clinical records through natural language prompts, without directly accessing the records. <strong>Traditional DLP detected no incident<\/strong> because there was no file download or sending. Activating DLP in Copilot with custom SITs for local health data cut off access in less than four hours after configuration.<\/p><p>These two cases illustrate why oversharing and the absence of DLP in Copilot are risks that materialize in days, not months, once AI is active in production.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7878d298 elementor-widget elementor-widget-heading\" data-id=\"7878d298\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Step-by-Step Guide: Configuring DLP in Copilot with Microsoft Purview<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-90f8ef6b elementor-widget elementor-widget-text-editor\" data-id=\"90f8ef6b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Before creating the first policy, you need to complete a critical prerequisite: <strong>inventorying and labeling your sensitive content<\/strong>. The model is label-first: without labels applied, sensitivity-based policies have nothing to act on.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-50b19c3a elementor-widget elementor-widget-heading\" data-id=\"50b19c3a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Step 1: Audit and Label Content<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c2ac610e elementor-widget elementor-widget-text-editor\" data-id=\"c2ac610e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ol>\n  <li>Inventory sensitive information and map it to sensitivity labels (e.g., Confidential, Highly Confidential). Record the percentage of high-risk documents already labeled.<\/li>\n  <li>Create or refine sensitivity labels and, where possible, configure auto-labeling rules for Office files and PDFs. Auto-labeling currently only applies to Office files and PDFs.<\/li>\n<\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5c982ccc elementor-widget elementor-widget-heading\" data-id=\"5c982ccc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Step 2: Create the DLP Policy for Copilot in Microsoft Purview<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c7224e49 elementor-widget elementor-widget-text-editor\" data-id=\"c7224e49\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ol>\n  <li>Sign in to the Microsoft Purview portal. Go to <em>Data Loss Prevention &gt; Policies<\/em> and select <em>+ Create policy<\/em>. Choose the <em>Custom &gt; Custom policy<\/em> template. On the <em>Locations<\/em> page, enable the <strong>Microsoft 365 Copilot and Copilot Chat<\/strong> location.<\/li>\n  <li>Add a rule with the condition <em>Content contains &gt; Sensitive information types<\/em> and choose the SITs you want to detect.<\/li>\n  <li>Set the action: <strong>Prevent Copilot from processing content &gt; Prompt processing<\/strong> (full block) or <strong>Perform web searches<\/strong> (only to block external grounding).<\/li>\n  <li>Save and activate the policy.<\/li>\n<\/ol><aside class=\"nseo-callout nseo-callout--consejo\" style=\"background: #eff6ff;border-left: 4px solid #2563eb;padding: 12px 16px;margin: 1rem 0\">\n  <strong>Tip:<\/strong> Microsoft&#8217;s default DLP policy for Copilot is initially set to simulation mode, meaning it only logs the event. If you want to block prompt processing, you must change the policy status to enforcement mode. <strong>Always start in simulation mode for at least two weeks<\/strong> to calibrate the impact before activating the block.\n<\/aside>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-70d5a24b elementor-widget elementor-widget-heading\" data-id=\"70d5a24b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Step 3: Know the Key Technical Limitations<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8fd09a29 elementor-widget elementor-widget-text-editor\" data-id=\"8fd09a29\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n  <li>SITs created through document fingerprinting cannot be used in these policies. Only standard pattern-based SITs and trainable SITs are supported.<\/li>\n  <li>Policy changes <strong>take up to four hours to propagate<\/strong>. In environments with more than 5,000 users, plan maintenance windows that respect that latency.<\/li>\n  <li>Files uploaded directly in a prompt are not scanned: DLP only evaluates the text written in the prompt.<\/li>\n  <li>You cannot use the conditions &#8220;content contains sensitive information types&#8221; and &#8220;content contains sensitivity labels&#8221; in the same rule. Create a separate rule for each condition within the same policy.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-06884c53 elementor-widget elementor-widget-heading\" data-id=\"06884c53\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Roles Required to Manage DLP in Copilot<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-95788ced dce_masking-none elementor-widget elementor-widget-image\" data-id=\"95788ced\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/kcpdynamics.com\/wp-content\/uploads\/dlp-en-copilot-roles-necesarios-para-gestionar-dlp-en-copilot.jpg\" title=\"\" alt=\"Hierarchical role structure with administrators, policy managers, and end users in differentiated layers.\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-14d4e267 elementor-widget elementor-widget-text-editor\" data-id=\"14d4e267\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Not just any administrator can create or edit these policies. Accounts with the following roles can create or edit a DLP policy in Copilot for the Microsoft 365 Copilot and Copilot Chat location: <strong>Microsoft Entra AI Admin<\/strong> (manages all aspects of Microsoft 365 Copilot and enterprise AI services) and <strong>Purview Data Security AI Admin<\/strong> (edits DLP policies related to Copilot and views AI content in Data Security Posture Management).<\/p><p>Assign these roles carefully. <strong>The principle of least privilege applies here just as in any other critical system.<\/strong> An administrator with excessive access to Copilot DLP policies can disable protections without leaving a visible trace in standard operational logs.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5de895b8 elementor-widget elementor-widget-heading\" data-id=\"5de895b8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Continuous Monitoring and Auditing<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ff043c69 elementor-widget elementor-widget-text-editor\" data-id=\"ff043c69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Configuring policies is the first step. <strong>Keeping them effective requires continuous monitoring.<\/strong> Purview audit logs include Copilot prompts, responses, and referenced content, as well as interaction data for eDiscovery and compliance investigations.<\/p><p>Use Microsoft Purview DSPM data risk assessments to continuously validate that sensitive data remains protected from Copilot access. Review Microsoft Purview Insider Risk Management and DLP alerts to detect and investigate risky AI use or potential data leakage.<\/p><p>For LATAM environments with regulations such as LGPD (Brazil) or Habeas Data (Colombia), <strong>the traceability of personal data access by AI systems<\/strong> is already a de facto requirement in many audits. Purview logs cover that need if you configure them correctly from the start.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-89e3b96e elementor-widget elementor-widget-heading\" data-id=\"89e3b96e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Oversharing: The Silent Risk That DLP Alone Does Not Cover<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-44304652 elementor-widget elementor-widget-text-editor\" data-id=\"44304652\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>DLP in Copilot policies protect against active data leakage, but there is another risk that operates more silently: <em>oversharing<\/em>. Copilot can access any file the user has permission to access. If permissions in SharePoint are misconfigured\u2014which occurs in most tenants without an active review\u2014Copilot can synthesize information that the user technically can see but should not see in that context.<\/p><p>To address oversharing in a Microsoft 365 Copilot deployment, Microsoft published the Oversharing Blueprint, which uses Microsoft Purview and SharePoint Advanced Management, included in the Microsoft 365 Copilot license. The enhanced data risk assessment capability enables bulk remediation: <strong>administrators can remediate or disable overshared links at scale<\/strong>, proactively reducing data exposure before Copilot amplifies it.<\/p><p>In real projects we accompany from KCP Dynamics, oversharing is the number one problem that appears in the first weeks of Copilot use in production. The solution is not to deactivate Copilot: <strong>it is to clean up permissions before activating it<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0407c58d elementor-widget elementor-widget-heading\" data-id=\"0407c58d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What to Do When DLP Detects a Real Leak<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b9acedb8 elementor-widget elementor-widget-text-editor\" data-id=\"b9acedb8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Prevention is the goal, but you need a response plan for when alerts are triggered. <strong>A detected incident without a defined response flow is almost as dangerous as an undetected one.<\/strong> This is the minimum protocol we recommend:<\/p><ol>\n  <li><strong>Alert and triage (first 30 minutes):<\/strong> Purview Activity Explorer generates the alert. The Purview Data Security AI Admin validates whether the event is a false positive or a real incident. If real, escalate to the CISO or data security officer.<\/li>\n  <li><strong>Containment (first 2 hours):<\/strong> if the prompt contained regulated data that reached a visible response, identify the user, review the interaction history in audit logs, and if necessary, temporarily suspend that user&#8217;s access to Copilot via Conditional Access.<\/li>\n  <li><strong>Investigation and documentation (first 24 hours):<\/strong> use Purview eDiscovery to retrieve the prompt, the response, and the referenced files. Document the incident according to applicable regulatory requirements (LGPD requires notification to the ANPD within a maximum of 72 hours in the event of a personal data breach).<\/li>\n  <li><strong>Policy remediation:<\/strong> if the incident revealed a gap in DLP in Copilot policies, adjust the SITs or labels involved and re-run simulation mode for 48 hours before reactivating the block.<\/li>\n<\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b241c0b elementor-widget elementor-widget-heading\" data-id=\"2b241c0b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Governance Checklist Before Activating Copilot in Production<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-27a9b5dd elementor-widget elementor-widget-text-editor\" data-id=\"27a9b5dd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>If you are preparing the deployment or reviewing the current state of your tenant, this is the minimum sequence we recommend from KCP Dynamics:<\/p><table style=\"width:100%;border-collapse:collapse;margin:1.5rem 0\">\n  <thead>\n    <tr>\n      <th style=\"border:1px solid #2563eb;padding:10px 14px;text-align:left\">Step<\/th>\n      <th style=\"border:1px solid #2563eb;padding:10px 14px;text-align:left\">Tool<\/th>\n      <th style=\"border:1px solid #2563eb;padding:10px 14px;text-align:left\">Responsible<\/th>\n      <th style=\"border:1px solid #2563eb;padding:10px 14px;text-align:left\">Success Criterion<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">1. Sensitive data inventory<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Purview Content Explorer<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Compliance Admin<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">&gt;80% of high-risk documents identified<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">2. Sensitivity labeling<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Microsoft Purview + auto-labeling<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Compliance Admin<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Labels published and auto-labeling active<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">3. DLP policy for files and emails<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Microsoft Purview DLP<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Purview Data Security AI Admin<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Policy active in Copilot location<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">4. DLP policy for prompts (SITs)<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Microsoft Purview DLP<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Purview Data Security AI Admin<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">SITs configured and rule active<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">5. Simulation mode (2 weeks)<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Activity Explorer<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Compliance Admin<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">False positive rate &lt;5%<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">6. SharePoint permissions review<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">SharePoint Advanced Management<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">SharePoint Admin<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Sites with excessive access remediated<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">7. Conditional Access for Copilot<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Microsoft Entra ID<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Entra AI Admin<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Policy active: managed devices only<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">8. Incident response plan<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Purview + eDiscovery<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">CISO \/ Compliance Admin<\/td>\n      <td style=\"border:1px solid #d1d5db;padding:10px 14px\">Runbook documented and tested<\/td>\n    <\/tr>\n  <\/tbody>\n<\/table><section class=\"nseo-faq\">\n  <h2>Frequently Asked Questions About DLP in Copilot<\/h2>\n  <details>\n    <summary>Does Copilot use my data to train Microsoft&#8217;s AI models?<\/summary>\n    <p>Prompts, responses, and data accessed through Microsoft Graph are not used to train the foundational language models, including those used by Microsoft 365 Copilot. Your organizational data remains within your tenant environment.<\/p>\n  <\/details>\n  <details>\n    <summary>What happens when a user tries to use a prompt with sensitive data blocked by DLP?<\/summary>\n    <p>When a user attempts to send a prompt that contains any of the configured sensitive information types, they receive a message indicating that the request cannot be completed because it contains sensitive information that the organization has blocked for Microsoft 365 Copilot. No AI response is generated.<\/p>\n  <\/details>\n  <details>\n    <summary>Do Copilot DLP policies also apply to agents created in Copilot Studio?<\/summary>\n    <p>This capability extends to Microsoft 365 Copilot and to agents created in Copilot Studio that are published in Microsoft 365 Copilot. Custom agents inherit the same DLP protections configured for DLP in Copilot.<\/p>\n  <\/details>\n  <details>\n    <summary>Can I restrict Copilot from using external emails as a data source?<\/summary>\n    <p>You can prevent Microsoft 365 Copilot and Copilot Chat from using emails sent from external domains as grounding data for responses. When this control is enabled, Copilot excludes external emails received by users from being referenced or summarized during prompt processing. This protection helps organizations reduce the risk of prompt injection and influence from untrusted data.<\/p>\n  <\/details>\n  <details>\n    <summary>How long does it take for changes to Copilot DLP policies to take effect?<\/summary>\n    <p>Policy changes take up to four hours to propagate. Plan maintenance windows and validation tests taking that latency time into account.<\/p>\n  <\/details>\n  <details>\n    <summary>Do I need an E5 license to activate DLP in Copilot?<\/summary>\n    <p>It depends on the layer. Sensitivity label restriction is available from Microsoft 365 E3 with a Copilot license. Prompt blocking with SITs requires E5 or the Purview add-on. SharePoint Advanced Management is included in the Copilot license at no additional cost.<\/p>\n  <\/details>\n<\/section><aside class=\"nseo-cta\" style=\"background: #eff6ff;border: 1px solid #2563eb;border-radius: 8px;padding: 20px 24px;margin: 2rem 0;text-align: center\"><a href=\"https:\/\/kcpdynamics.com\/servicios\/blueprint\/\"><strong>Download the Blueprint: a real Copilot implementation plan with data governance, no surprises.<\/strong><\/a><\/aside>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Configure DLP in Copilot with Microsoft Purview step by step: licenses, protection layers, Zero Trust and governance checklist for M365.<\/p>\n","protected":false},"author":1,"featured_media":25550,"comment_status":"","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":"","rank_math_description":"Configure DLP in Copilot with Microsoft Purview step by step: licenses, protection layers, Zero Trust and governance checklist for M365."},"categories":[1],"tags":[],"class_list":["post-25581","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sin-categorizar"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/posts\/25581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/comments?post=25581"}],"version-history":[{"count":0,"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/posts\/25581\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/media\/25550"}],"wp:attachment":[{"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/media?parent=25581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/categories?post=25581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kcpdynamics.com\/en\/wp-json\/wp\/v2\/tags?post=25581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}