Privacy and data security in Microsoft Copilot for Security
When you use Microsoft Copilot for Security, Customer Data and system-generated logs are stored and processed as part of the service.
Data sharing is turned on by default. Global Administrators and Security Administrators are assigned a Copilot owner role in Copilot for Security. Copilot owners can change data sharing settings for Customer Data during the first run experience and at any time thereafter. For more information on roles, see Copilot for Security roles.
This article compares Copilot for Security's Customer Data to system-generated logs, describes data sharing options, and summarizes how data is protected.
Customer Data and system-generated logs
As defined in the Microsoft Product Terms, Customer Data means all data, including all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, the Customer through use of the Online Service. Customer Data doesn't include Professional Services Data or information used to configure resources in the Online Services such as technical settings and resource names.
Microsoft online services create system-generated logs as part of the regular operation of the services. System-generated logs continuously record system activity over time to allow Microsoft to monitor whether systems are operating as expected. "Logging" (the storage and processing of logs) is essential to identify, detect, respond to, and prevent operational problems, policy violations, and fraudulent activity. Logging is also essential to optimize system, network, and application performance, as well as to help with security investigations and resilience activities and to comply with laws and regulations.
The following table compares Copilot for Security's Customer Data to system-generated logs.
| Customer Data | System-generated logs |
|---|---|
| - Prompts that users submit to Copilot for Security. - Information retrieved to generate responses. - Responses. - Content of pinned items. - Customer feedback on responses. - File uploads. |
- Account information (tenant ID, account ID, licensing, and others). - Usage data. - Performance information. - Internal system behavior information. |
Customer Data sharing preferences
Data sharing is turned on by default. Copilot owners can change data sharing settings for Customer Data during the first run experience, and at any time thereafter.
Enabling or disabling these Customer Data sharing preferences described in the following table won't affect Microsoft's rights or responsibilities under the Microsoft Products and Services Data Protection Addendum.
The following data sharing options are available:
| Setting | Description |
|---|---|
| Allow Microsoft to capture data from Copilot for Security to validate product performance using human review | Such validations include but aren't limited to: - Ability of Copilot for Security to successfully provide responses to user requests and understand capability gaps that need to be addressed based on user prompts. - Understand the types of tasks customers are using Copilot for Security for. - Produce metrics surrounding the usability and quality of responses. - Validate Copilot for Security capabilities involving other Microsoft products purchased and integrated by a customer. - Improve responses from plugins accessing other Microsoft products. NOTE: If turned on, data is stored in the US as per data handling policies. For more information, see Set up location for prompt evaluation and opt-in (or out of) data sharing. |
| Allow Microsoft to capture and human review data from Copilot for Security to build and validate Microsoft's security AI model | Such validations include but aren't limited to: - Captured data is used to develop security specific models built on top of Azure OpenAI foundational model, which would power more intelligent and personalized capabilities for Copilot for Security and other Microsoft products that it integrates with. NOTE: Data isn't shared with OpenAI or used to train the Azure OpenAI foundational model. |
| Allow Copilot for Security to access data from your Microsoft 365 services | When turned on, Copilot for Security can retrieve your data from a Microsoft 365 service on your behalf if you're a customer of both Copilot for Security and the Microsoft 365 service, and you allow Copilot for Security access to your Microsoft 365 services. |
Customer Data storage location
Customer Data is stored at rest in the home "Geo" of the tenant, if a customer hasn't opted in to data sharing. For example, a customer tenant whose home is in Germany will have their Customer Data stored in "Europe" as the designated Geo for Germany.
When data sharing is opted in, Customer Data such as prompts and responses are shared with Microsoft to enhance product performance, improve accuracy, and address response latency. In this case, Customer Data such as prompts can be stored outside of the tenant Geo.
For more information, see Data residency in Azure.
Location for prompt evaluation
With any Microsoft Copilot product, prompts refer to the text-based, natural language input you provide in the prompt bar that instructs Copilot for Security to generate a response. Prompts are the primary input Copilot needs to generate answers that help you in your security-related tasks. Prompts are evaluated using GPU resources in Azure datacenters protected with Azure security and privacy controls.
You can choose to select where the prompts are evaluated from any of the following locations:
- Australia (ANZ)
- Europe (EU)
- United Kingdom (UK)
- United States (US)
You can opt in to having prompts evaluated anywhere in the world to mitigate potential disruptions in case your primary location experiences high activity.
Microsoft recommends having prompts evaluated anywhere with available GPU capacity, which enables the Copilot system to determine the optimal location based on load, latency, and responsiveness.
Note
Data (sessions) will always be stored within your tenant home Geo unless you opt in to Customer Data sharing. For more information, see Customer Data storage location.
Set up location for prompt evaluation and opt in (or out of) data sharing
During initial setup, Copilot owners are prompted to set data sharing and prompt evaluation options. For more information, see Get started with Copilot for Security. Copilot owners can change these settings during the first run experience, or at any time thereafter.
Authorized role
You need to be a Copilot owner to change the data sharing options. For more information on roles, see Understand authentication.
Set up data sharing
During initial setup, a Copilot owner is provided with the following data sharing options:
| Setting | Description |
|---|---|
| Allow Microsoft to capture data from Copilot for Security to validate product performance using human review | Such validations include but aren't limited to: - Ability of Copilot for Security to successfully provide responses to user requests and understand capability gaps that need to be addressed based on user prompts. - Understand the types of tasks customers are using Copilot for Security for. - Produce metrics surrounding the usability and quality of responses. - Validate Copilot for Security capabilities involving other Microsoft products that a customer has purchased and integrated. - Improve responses from plugins accessing other Microsoft products. NOTE: If turned on, data will also be stored in the US as per data handling policies. For more information, see Data, privacy, and security for Azure OpenAI Service. |
| Allow Microsoft to capture and human review data from Copilot for Security to build and validate Microsoft's security AI model | Such validations include but aren't limited to: - Captured data is used to develop security specific models built on top of Azure OpenAI foundational model, which would power more intelligent and personalized capabilities for Copilot for Security and other Microsoft products that it integrates with. NOTE: Data isn't shared with OpenAI or used to train the Azure OpenAI foundational model. |
- When you opt in to data sharing, your Customer Data is shared with Microsoft from that point forward.
- When you opt out of data sharing, no further Customer Data is shared. Customer Data that was shared previously is retained for not more than 180 days.
Updating data sharing
In Copilot for Security, go to Settings > Owner settings.
Update your data sharing selection.
How Microsoft protects your data
Microsoft uses comprehensive controls to protect your data. All Copilot for Security data is handled according to Microsoft's commitments to privacy, security, compliance, and responsible AI practices. Access to the systems that house your data is governed by Microsoft's certified processes.
Copilot for Security runs queries as the user, so it never has elevated privileges beyond what the user has.
If you opt in to share Customer Data, your data is:
- Not shared with OpenAI
- Not used for sales
- Not shared with third parties
- Not used to train Azure OpenAI foundational models
Copilot for Security meets all Azure production data compliance standards.
All data stored in Azure is automatically encrypted at rest and uses AES-256 encryption. For more information, see Data encryption and Encryption at rest.
Microsoft security products data handling
Microsoft Security products purchased by you may share data, including Customer Data, as described in the product documentation. Customer Data shared with Copilot for Security is governed by the Product Terms, Data Protection Addendum, and documentation applicable to Copilot for Security. For Microsoft 365 services, the Global Admin needs to enable Copilot for Security in the sharing preference option detailed in Set up data sharing and users will need to enable a plugin for those Microsoft 365 Services. For other Microsoft services, such plugins are enabled by default for users. Users can turn off plugins at any time. For more information, see Manage plugins.
Feedback from Copilot for Security users
Microsoft collects feedback on the response produced by Microsoft Copilot for Security from users of the product. A Copilot owner can turn off feedback collection for their tenant by contacting Microsoft Support through a support ticket. For more information, see Contact support.