A bug in Microsoft's AI assistant for businesses has caused headaches for IT managers — including in Norway, where Microsoft 365 Copilot is widely used. The bug caused Copilot Chat to process and summarize emails that were explicitly marked as confidential, directly contradicting the data security policies companies had set up.
What went wrong?
The bug, tracked under reference ID CW1226324, was discovered on January 21, 2026, according to information made public by Bleeping Computer and The Register, among others. The cause is described by Microsoft as an unspecified “code issue” that allowed Copilot's chat function in the work tab to process emails from the Sent and Drafts folders in Outlook — even though these were protected with sensitivity labels and associated DLP (Data Loss Prevention) rules.
DLP policies are a central tool for businesses handling sensitive information. They are specifically designed to prevent such information from being exposed to systems or users who should not have access. The fact that Copilot could cross this boundary is therefore not just a technical anomaly — it is a potential compliance challenge for affected organizations.
The behavior violated Microsoft's own guidelines for how Copilot should handle protected content
Microsoft: No unauthorized access
A Microsoft spokesperson emphasizes to various media outlets that the bug did not grant anyone access to information they were not already authorized to see. In other words: Copilot summarized emails from the user's own folders — not others'. The company further states that access controls and data protection otherwise remained intact throughout the entire period.
Nevertheless, Microsoft acknowledges that this was not in line with the intended behavior: Copilot is designed to exclude protected content from AI processing.
Fix rolled out globally
Microsoft began rolling out a fix in early February 2026, and the company informed media outlets in mid-month that a global configuration update had been completed for enterprise customers. The company's own status updates characterized the incident as an “advisory,” a term that usually implies limited scope or impact.
Microsoft has not specified how many organizations and users were actually affected. The company only states that the scope may change after further review.
Relevant for Norwegian businesses
Microsoft 365 Copilot was made available to paying enterprise customers in applications such as Word, Excel, PowerPoint, Outlook, and OneNote in September 2025. The service is currently widespread in Norwegian business and public sectors, making this type of bug directly relevant for IT and compliance managers in the country.
For businesses operating under strict regulatory requirements — such as GDPR, financial regulations, or the Health Personnel Act — even a temporary failure in data security policies can have consequences. Although Microsoft states that no external parties gained insight, affected organizations should consider documenting the incident as part of their internal control.
Microsoft's own documentation for sensitivity labels also contains an important clarification: even if content with such labels is excluded from Copilot in specific Office apps, the content may still become available to Copilot in other scenarios. This suggests that the protective effect of the labels varies between different parts of the platform — which should give IT managers reason to review their own Copilot configurations.
What should you do now?
Microsoft states that the fix is global and already in place for enterprise customers. If your organization uses Microsoft 365 Copilot with DLP policies and sensitivity labels, it is recommended to:
- Confirm with Microsoft or your IT provider that the configuration update has been received
- Review log data from January–February 2026 for any Copilot activities related to confidential email
- Consider internal reporting if the business is subject to strict data protection or reporting requirements
The case is being followed by Bleeping Computer, The Register, and Cybernews, among others.