![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 54%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Microsoft Copilot | Microsoft 365 Copilot | Development
Building and customizing solutions using Microsoft 365 Copilot APIs and tools
For Microsoft 365 Copilot, user prompts and the grounded data used for reasoning are handled within Microsoft Graph and its semantic index, with enterprise-grade security and encryption.
From the documented data flow:
- Prompts from Microsoft 365 apps are sent to Copilot.
- Copilot accesses Microsoft Graph and the semantic index to retrieve relevant data.
- The prompt plus grounded data is sent to the Large Language Model (LLM) in a Microsoft-controlled Azure environment.
- Responses are returned to the app, with customer data encrypted in transit (HTTPS) and at rest.
This means:
- The “snippets” Copilot uses for search and reasoning are derived from content already stored and indexed in Microsoft Graph (for example, mailboxes, SharePoint/OneDrive files, and other supported content types) via the semantic index.
- The semantic index itself is a Microsoft Graph–based index over supported content types (such as Word, PowerPoint, PDF, web pages, OneNote, and connector data), not a separate tenant database outside the Microsoft 365 data boundary.
- Customer data used in this process remains within Microsoft’s enterprise security and compliance boundary and is encrypted at rest.
For Copilot+ PCs and local features (such as Recall and semantic indexing on the device):
- Snapshots and semantic indexing data are stored locally on the device (or Cloud PC storage for AI-enabled Windows 365 devices), not in Microsoft Graph.
- These local snapshots and indexes are not shared with Microsoft or third parties and are not used to train AI models.
Regarding screenshots and AI summaries:
- For Copilot Actions in Edge, screenshots of pages Copilot works on are stored with the conversation history for up to 30 days and are not used for training.
- For Recall on Copilot+ PCs, snapshots stay local on the device and are not sent to Microsoft or shared between users.
- For image generation in Copilot, generated or uploaded images are retained for up to 18 months and may be used to improve safety and functionality, with an option to opt out of training use.
So, in summary:
- The core “snippets” used for Microsoft 365 Copilot reasoning come from content indexed in Microsoft Graph’s semantic index (tenant-scoped), not from a separate “snippet store.”
- Edge Actions screenshots and Recall snapshots are stored separately from Microsoft Graph: Edge stores them with conversation history in the cloud for a limited time; Recall stores them locally on the device.
References:
- Semantic indexing for Microsoft 365 Copilot
- Artificial Intelligence overview
- Copilot Actions in Edge
- Privacy and control over your Recall experience
- Search indexing in Windows
- Using Image Generation in Microsoft Copilot
- Frequently asked questions about AI-generated alt text
- Privacy and Responsible AI in Copilot Notebook Study Guide