PolicyBot in Microsoft PowerPoint

PolicyBot is the InPolicy reviewer for Microsoft 365 PowerPoint decks. Share any .pptx with policybot@inpolicy.ai as an Editor (or Reviewer — see permission levels), and within about a minute it will:

• Leave a summary comment on the first slide listing each policy that was flagged, and a closing paragraph telling you how to verify PolicyBot’s access has been removed.
• Add a comment on each shape that contains text that may violate a policy, with clickable references back to the policy detail page. The comment thumb lands directly on the relevant text box.
• For any policy that suggests a rewrite, render the proposed change inline in the comment body as Suggested replacement: "…".
• Remove the deck from its OneDrive Shared with me view when it’s done.

If you’ve used PolicyBot for Google Slides, this is the same flow with one visible difference: there is no tracked-changes equivalent in PowerPoint. When a policy calls for a rewrite or redaction, PolicyBot renders the proposed change inline at the top of the comment body — Suggested replacement: "…" — rather than producing an accept/reject revision. Copy and paste the replacement into the slide if you want to apply it.

Comments appear progressively as PolicyBot processes the deck, the same way they do for Google Docs/Slides — you’ll see the doc-top summary land first, then individual violation comments roll in over the next 30–60 seconds. You can leave the deck open in PowerPoint while this happens; PolicyBot joins the editing session via PowerPoint for the Web rather than rewriting the file, so it doesn’t conflict with your edits.

Sharing a .pptx with PolicyBot

The recommended path is to have your Microsoft 365 admin invite PolicyBot as a tenant guest once. After that, sharing works the same as sharing with any internal colleague.

Option A: Invite PolicyBot as a tenant guest (recommended)

A one-time admin action that gives PolicyBot a proper, auditable identity in your tenant. Subsequent shares require no admin involvement.

1. In Entra admin center → Users → New guest user.
2. Email: policybot@inpolicy.ai. Display name: PolicyBot. Send the invitation.
3. PolicyBot accepts within a few minutes.

Option B: Ad-hoc external share

If your tenant policy doesn’t allow guest invitations, ad-hoc external sharing works too, provided your tenant allows sharing with inpolicy.ai-domain users (most do by default).

Day-to-day sharing

Once setup is done (either path above), every user follows the same flow:

1. Open the .pptx in PowerPoint for the web or the PowerPoint desktop app.
2. Click Share in the top-right.
3. Add policybot@inpolicy.ai with Can edit (or Can review — see below).
4. Click Send.

That’s it — PolicyBot picks up the share and posts its summary within about a minute.

Permission levels: Can edit vs Can review

PolicyBot needs at least Can review permission to add comments to your deck.

• Can edit (recommended): always works.
• Can review (when available): the Microsoft equivalent of Google’s “Commenter” — PolicyBot can add comments but cannot edit the slides themselves. Available on newer M365 tenants.
• Can view: PolicyBot will not be able to write comments back and the share will surface as an error.

If you’re not sure which is enabled on your tenant, Can edit is the safe default. PolicyBot only adds comments — it never modifies the slides themselves, so accepting or ignoring its suggestions stays in your hands.

What the summary comment tells you

Every reviewed deck gets a summary comment from PolicyBot anchored to the first slide. The exact text depends on what we found when we looked you up:

What we found	What the summary says
No InPolicy account for your company	PolicyBot didn’t find an account on your email’s domain and sends you to inpolicy.ai to sign up (the first user at every company is free).
Company has an account but you don’t	PolicyBot tells you the admin email to contact for access.
Your account exists but has no policies	PolicyBot tells you to reach out to help@inpolicy.ai to get a role on a Policy Area.
Reviewed, no violations found	PolicyBot confirms it ran against the policies you have access to and nothing crossed the confidence threshold.
Reviewed, violations found	PolicyBot lists each finding with policy name, severity, AI confidence, and a link to the policy, with a comment on each affected slide.

In every case, the summary ends with PolicyBot’s closing paragraph asking you to verify removal via Share → Manage Access. PolicyBot removes the deck from its own Shared with me view automatically; the manual verification is a defense-in-depth step.

Reading the per-violation comments

Each comment is anchored to the slide that contains the flagged text. The body ends with the actual rule and the metadata so you can size up the finding without leaving the deck:

WARNING: This passage discloses an internal product roadmap to an external recipient.

— “No internal product roadmaps may be shared with external parties without explicit VP approval.” High severity · 87% confidence · https://app.inpolicy.ai/policies/conf-roadmap-1

When a policy calls for a rewrite or redaction, PolicyBot includes the proposed replacement inline at the top of the comment body:

Suggested replacement: “[REDACTED]”

Personal email addresses must be redacted before external sharing.

— “PII must not be disclosed in customer-facing communications.” Critical severity · 92% confidence · https://app.inpolicy.ai/policies/pii-1

PowerPoint has no “Accept” / “Reject” affordance for comment-attached suggestions, so applying a fix is a manual copy-paste from the comment into the slide.

The fields:

• Quoted rule — the exact policy text that flagged the passage.
• Severity — Minor, Low, Medium, High, or Critical. Set per policy by your admin or Policy Lead.
• Confidence — how sure PolicyBot’s model is, from 0–100%. Each policy has a configurable threshold; below it, PolicyBot stays silent.
• Policy link — the URL to the policy detail page in InPolicy. Inside PowerPoint comments the link renders as plain text; copy-paste it into your browser to open.

Removing PolicyBot’s access manually

PolicyBot removes the file from its own Shared with me view when it finishes a review. As a defense-in-depth measure, you can also verify or manually revoke access:

1. Open the deck in PowerPoint for the web.
2. Click Share (top-right) → Manage Access.
3. Find policybot@inpolicy.ai in the people list.
4. Click the dropdown next to PolicyBot and select Remove direct access.

Re-sharing the file (with Can edit or Can review) busts our review cache, so the next review picks up your latest changes even if the deck hasn’t otherwise changed.

Re-sharing won’t duplicate prior comments. Before posting, PolicyBot checks the deck for its own existing comments and skips any whose slide and policy match a comment that’s still in place. Because PowerPoint comments are slide-level (not anchored to text), the dedupe key is (slide, policy) — two violations of the same policy on the same slide count as one for dedupe purposes.

Note

On PowerPoint specifically, resolving a PolicyBot comment doesn’t clear it from this check — only deleting it does. If you resolve a comment and then re-share the deck, PolicyBot treats the violation as already-flagged and won’t re-raise it. To make PolicyBot re-flag a still-relevant issue on the next review, delete the prior comment rather than resolving it. (On Google Docs/Slides and Word, resolving is enough — this is a PowerPoint-only limitation we’re tracking.)

Privacy

PolicyBot only sees the decks you explicitly share with it. It uses the same policy-evaluation infrastructure as the rest of InPolicy and does not store your deck contents past the review window. See Privacy & data handling for the full data-handling policy.