Share via

What telemetry and data boundaries apply to Microsoft 365 Copilot Researcher and Analyst agents for tenant-level privacy control?

SIVAGANESH M 40 Reputation points
2025-06-27T05:31:45.1333333+00:00

Hello Team,

With the general availability of Researcher and Analyst agents in Microsoft 365 Copilot (announced June 2, 2025), our organization is reviewing their adoption from a privacy and data governance perspective.

We would like to better understand the telemetry and data flow architecture behind these agents, specifically:

Tenant Data Boundaries

Do Researcher and Analyst ever store or share prompts/results outside the Microsoft 365 tenant boundary?

  Are responses cached, and if so, is that cache tenant-isolated and compliant with our Microsoft Purview policies?
  
  **Telemetry Visibility**
  
     What telemetry is collected when users interact with these agents?
     
        Can administrators access usage insights via Microsoft 365 Admin Center, Purview, or any Graph API endpoints?
  1. Cross-Region Processing Controls
    • Is there a way to restrict processing of Copilot agent interactions to specific data residency regions (e.g., within the EU or US)?
    Do Researcher and Analyst inherit the Microsoft 365 data location settings configured for our tenant?
  2. Differentiation from Copilot Chat or Studio Agents
    • How do the data boundaries and logging for Researcher/Analyst compare with Copilot Chat or custom agents created via Copilot Studio?

We’ve reviewed Microsoft documentation and the June blog announcement, but would appreciate clarification or official guidance from the product team or community on how these Copilot agents align with enterprise privacy and compliance controls.

Thanks in advance!!

Microsoft Copilot Microsoft Security Copilot
0 comments
Accepted answer
  1. Ayoshna Saha 115 Reputation points
    2025-06-28T05:36:28.1166667+00:00

    Hello SIVAGANESH

    Microsoft 365 Copilot’s Researcher and Analyst agents operate with strong tenant-level privacy and compliance safeguards. Here are the key telemetry and data boundary controls:

    Tenant Data Boundary

    • Data Isolation: Prompts, grounding data (e.g., from Microsoft Graph), and responses are processed entirely within the Microsoft 365 service boundary.

    Tenant-level Segregation: Data is logically isolated per tenant to prevent cross-organization access.

    Telemetry and Storage

    • Prompts & Responses: Logged within the user’s mailbox and accessible via Microsoft Purview for audit and compliance purposes.

    Retention Policies: Admins can manage Copilot interaction data using Microsoft Purview retention policies.

    Model Training

    • No Training on Your Data: Microsoft does not use customer data or interactions with Copilot to train foundation models.

    Optional Web Grounding

    • Bing Integration: If enabled, only minimal, anonymized search queries are sent to Bing. These do not include tenant, user, or device identifiers.

    Admin Controls

    • Logging & Audit: Admins can monitor usage via audit logs and compliance center.

    Feature Configuration: Bing grounding and retention settings are configurable at the tenant level.

    References:

    Copilot Privacy and Protections – Microsoft Docs

    Copilot Data Flow Overview – SharePoint Europe

    Let me know if you'd like additional details on configuring Copilot settings for compliance or specific admin tools available.

    Thank You

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.