Summary of governance, lifecycle, and compliance capabilities for Loop

This article covers compliance for Loop. For Copilot Pages and Copilot Notebooks, see the dedicated compliance summary.

As a Compliance Manager or IT administrator, it's crucial to stay up-to-date on the latest governance, data lifecycle, and compliance posture for the software solutions being used in your organization. This article details the capabilities available and not available yet for Microsoft Loop.

At a glance

SharePoint Embedded

Loop content storage varies based on creation method. For detailed information about storage locations, see storage. Content stored in SharePoint Embedded containers follows the SharePoint Embedded security and compliance documentation.

The sections below outline governance, lifecycle, and compliance capabilities applicable to all Loop storage types. Where capabilities vary by storage location-OneDrive, SharePoint sites, or SharePoint Embedded containers-specific details are provided.

Foundations

• Admin policies: Use Cloud Policy and SharePoint PowerShell to control creation of Loop components, pages, and workspaces. When creation is disabled, existing content renders as hyperlinks instead of interactive components.
  • Primary policy controls most apps (excluding Teams); secondary policies control Outlook, Teams, and collaborative meeting notes separately.
• GDPR: Data subject requests can be serviced through the Microsoft Purview portal and Purview eDiscovery workflows.
• EUDB: Compliance is supported. See What is the EU Data Boundary?

Data security and devices

• Intune Device Management Support exists for Microsoft 365 app, Teams app, and Loop app, on iOS and Android.

• Conditional Access is supported.

• Information Barriers are enforced for content stored in SharePoint sites or OneDrive.

• Customer Lockbox: Supported.
• Guest app access: Available for Loop workspace containers. Enables third-party export/eDiscovery tools, migration tools, and developer APIs. Use PowerShell to Get and Set guest app permissions.

Data lifecycle

• Loop's My workspace shares a single user-owned SharePoint Embedded container with Copilot Pages and Copilot Notebooks; this container has an application name of Loop in admin tools. Shared Loop workspaces create one SharePoint Embedded container per workspace. These containers don't have individual storage limits; instead, their storage usage counts toward your organization's overall SharePoint storage quota. There's no admin control to set storage limits for individual SharePoint Embedded containers. Loop files in their OneDrive and SharePoint locations follow the quotas of those storage locations. For the full explanation of the shared user-owned container (naming, creation rules, lifecycle), see storage.

• See Managing SharePoint Embedded containers for information and workflows within SharePoint admin center or PowerShell.

  Note

  The Loop My workspace follows the same OneDrive deletion lifecycle, with one manual handoff step at departure (access and notification aren't automatic) and the option to permanently reassign the container to a new owner. For the full process, options, and comparison with OneDrive, see Grant access to containers.

• Multi-Geo: Supported for My workspace and shared Loop workspaces. Content is created in the geo matching the user's or group's preferred data location. Loop content in OneDrive and SharePoint follows the multi-geo capabilities of those services.

  • To move a workspace to a different geo, use the same mechanism as SharePoint Communication sites.

  Important

  Some operations in Loop workspaces (such as sharing or creating new pages) might not function correctly immediately after moving containers across geos. Microsoft is working on a fix.

• End-user Recycle bin for deleted Loop components and pages is available within the Loop workspace, OneDrive, or SharePoint site.

  Important

  There's no end user recycle bin for Loop workspaces. Furthermore, restoring the Loop workspace using admin tooling doesn't update in the Loop app user experience. The user would need to visit a saved page link for a restored workspace in order to see it again. Microsoft Roadmap ID 421615 addresses this.

• Version History Export in Purview or via Graph API is available. Loop workspace content stored in SharePoint Embedded (See storage for more information), version history is configured to save 50 major versions per file by default, configurable via PowerShell per application. Loop files in OneDrive or SharePoint follow the same file versioning settings as other files.

• Audit logs exist for all events. They're retained, can be exported, and can be streamed to third party tools. For more information, see Purview.

eDiscovery

• Purview eDiscovery: Supported for search/collection, review (Premium license required), and export as HTML (Premium license required) or original format. Download and reupload files to OneDrive to view in native format.
• Graph API export: Supported for third-party tools. Use PowerShell to Get and Set guest application permissions.
• Legal Hold: Supported. Content is stored in the Preservation Hold Library.
  • When you add a user as a custodian in Purview eDiscovery, selecting their user-owned SharePoint Embedded container (Loop My workspace) as a data source in the same experience where you select the user's OneDrive and Exchange mailbox is rolling out and expected in early August.
  • Until then, retrieve the user-owned container URL using PowerShell or the SharePoint admin center, then add it as a data source manually. For instructions, see Retrieving the container URL for Purview.

Microsoft 365 retention and deletion

• Retention policies from Microsoft Purview Data Lifecycle Management configured for all SharePoint sites are enforced for all .loop files or alternatively can be configured per Loop workspace.

  • For more information on how to configure specific Loop workspaces, see Purview and SharePoint Embedded.

• Retention labels from Microsoft Purview Data Lifecycle Management and Microsoft Purview Records Management are supported for Loop components by applying published labels in OneDrive or SharePoint, or automatically applying the labels. There's limited support for manually applying retention labels.

  • Retention labels can't be viewed or applied directly from a Loop component. Instead, the user must navigate to the Loop file within the Loop app to view or apply a retention label on a Loop component.
  • Retention labels that mark the content as a record or regulatory record can't be manually applied in either the Loop component or when the content is opened in the Loop app. If content is automatically labeled as a record, locking and unlocking this record isn't yet available.
  • For clarification only, not a limitation: retention labels don't apply to containers like SharePoint sites or Loop workspaces; instead, use retention policies for these containers. To learn more, see retention.

Information protection

• Sensitivity labels: Available for Loop pages and components. Workspace sensitivity labels are configurable per workspace (at container level) via SharePoint Admin Center and PowerShell. See configuring sensitivity labels.
  • Note: There's no admin setting to configure guest sharing of specific Loop workspaces. Use container sensitivity labeling for per-workspace external sharing configuration.
• Data Loss Prevention (DLP): Rules enforced with end-user policy tip support.

Related articles

• Requirements
• Storage
• Permissions
• Admin policies
• UX examples for admin policy states
• Managing SharePoint Embedded containers
• Purview management
• Overview of Loop components in Microsoft 365
• Grant access to containers