Request for binding confirmation: EU-only processing for Microsoft 365 Copilot & Copilot Studio (Power Platform)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 24%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Badri, Mohamed
0
Reputation points
Dear Microsoft Team,
We are a Germany-based company operating an EU tenant. We are building generative-AI agents with Microsoft 365 Copilot and Copilot Studio (Power Platform). Our IT/Compliance functions require documented, binding confirmation that—when our tenant and environments are hosted in the EU/EFTA—no Customer Data or personal data (including prompts, retrieved content, model inputs/outputs, embeddings, logs, telemetry, and safety signals) exits Europe.
Please confirm and provide references for the following:
- Scope & Commitments
- EU Data Boundary coverage for Microsoft 365, Power Platform/Copilot Studio, and Azure OpenAI used by these services.
- That Microsoft 365 Copilot is an EU Data Boundary service for EU customers and that storage/processing of interaction content adheres to PDL/Primary Provisioned Geography within the EU.
**Microsoft 365 Copilot**: Confirm where interaction content is **processed and stored at rest**, retention periods, and how we can produce **evidence** (e.g., Data Location reports, audit logs) that processing is EU-only. **Azure OpenAI** underpinning these features: confirm **no training on our data**, EU-region processing when EU resources/endpoints are used, and the exact **log/telemetry retention** and any **opt-outs**. **Configuration controls we must enforce** (please validate these and provide step-by-step guidance): Keep **Tenant + PDL** in EU; host **Power Platform/Dataverse** environments **inside the EU Data Boundary**. Ensure **Azure OpenAI resources** referenced by Copilot Studio or extensions are **EU-hosted**. Confirm current **“data movement across geographies”** controls for Copilot Studio and the exact toggles to **block egress**. Provide a list of **features that may cause egress** (e.g., **Bing-powered** capabilities, external connectors/plugins) and how to **disable or constrain** them to EU-only endpoints. **Exclusions/Exceptions** Identify any preview features, safety systems, or multi-model options (incl. third-party FMs) that **are not** yet in the EU Data Boundary; provide **mitigations**, timelines, or **EU-only mode**. **Contractual artifacts** Links to the exact sections in **Product Terms** and **DPA** covering EU Data Boundary for Microsoft 365, Power Platform, and Azure OpenAI, plus the current **subprocessor list**. Provide (or point us to) a **signed EU Data Boundary confirmation letter** suitable for audit evidence. **Jurisdiction & Encryption** Describe how Microsoft mitigates extra-territorial requests (e.g., **CLOUD Act**), including **challenge policies**, transparency, and availability of **Customer Key / Double Key Encryption / CMK** for the relevant workloads. **Auditability** How can we continuously **attest** (reports, settings, logs) that **all generative-AI processing for our tenant remains inside EU/EFTA**?
Our current posture (for context):
Tenant geography: EU/EFTA; PDL: [DE/EU].
Power Platform/Dataverse: EU Data Boundary.
Data sources: SharePoint/OneDrive (EU); connectors restricted.
Goal: Zero egress for all Copilot/Copilot Studio scenarios.
Please respond with confirmations, official links, and any implementation runbooks we should follow. If there are gaps, kindly provide timelines and recommended compensating controls.
Best regards,Dear Microsoft Team,
We are a Germany-based company operating an EU tenant. We are building generative-AI agents with Microsoft 365 Copilot and Copilot Studio (Power Platform). Our IT/Compliance functions require documented, binding confirmation that—when our tenant and environments are hosted in the EU/EFTA—no Customer Data or personal data (including prompts, retrieved content, model inputs/outputs, embeddings, logs, telemetry, and safety signals) exits Europe.
Please confirm and provide references for the following:
Scope & Commitments
EU Data Boundary coverage for Microsoft 365, Power Platform/Copilot Studio, and Azure OpenAI used by these services.
That **Microsoft 365 Copilot** is an **EU Data Boundary service** for EU customers and that storage/processing of interaction content adheres to **PDL/Primary Provisioned Geography** within the EU.
**Feature-level data flows (EU-only path)**
**Copilot Studio – Generative Answers/Actions**: When our **Power Platform environment is in the EU Data Boundary**, confirm the service uses an **Azure OpenAI endpoint within the same boundary**. Provide a **data-flow diagram** showing model invocation, content moderation/safety filtering, logging/retention, and any subprocessors—**all in EU**.
**Microsoft 365 Copilot**: Confirm where interaction content is **processed and stored at rest**, retention periods, and how we can produce **evidence** (e.g., Data Location reports, audit logs) that processing is EU-only.
**Azure OpenAI** underpinning these features: confirm **no training on our data**, EU-region processing when EU resources/endpoints are used, and the exact **log/telemetry retention** and any **opt-outs**.
**Configuration controls we must enforce** (please validate these and provide step-by-step guidance):
Keep **Tenant + PDL** in EU; host **Power Platform/Dataverse** environments **inside the EU Data Boundary**.
Ensure **Azure OpenAI resources** referenced by Copilot Studio or extensions are **EU-hosted**.
Confirm current **“data movement across geographies”** controls for Copilot Studio and the exact toggles to **block egress**.
Provide a list of **features that may cause egress** (e.g., **Bing-powered** capabilities, external connectors/plugins) and how to **disable or constrain** them to EU-only endpoints.
**Exclusions/Exceptions**
Identify any preview features, safety systems, or multi-model options (incl. third-party FMs) that **are not** yet in the EU Data Boundary; provide **mitigations**, timelines, or **EU-only mode**.
**Contractual artifacts**
Links to the exact sections in **Product Terms** and **DPA** covering EU Data Boundary for Microsoft 365, Power Platform, and Azure OpenAI, plus the current **subprocessor list**.
Provide (or point us to) a **signed EU Data Boundary confirmation letter** suitable for audit evidence.
**Jurisdiction & Encryption**
Describe how Microsoft mitigates extra-territorial requests (e.g., **CLOUD Act**), including **challenge policies**, transparency, and availability of **Customer Key / Double Key Encryption / CMK** for the relevant workloads.
**Auditability**
How can we continuously **attest** (reports, settings, logs) that **all generative-AI processing for our tenant remains inside EU/EFTA**?
Our current posture (for context):
Tenant geography: EU/EFTA; PDL: [DE/EU].
Power Platform/Dataverse: EU Data Boundary.
Data sources: SharePoint/OneDrive (EU); connectors restricted.
Goal: Zero egress for all Copilot/Copilot Studio scenarios.
Please respond with confirmations, official links, and any implementation runbooks we should follow. If there are gaps, kindly provide timelines and recommended compensating controls.
Best regards,
Mohamed Badri
Microsoft Copilot | Other
Sign in to answer