![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Copilot | Microsoft Security Copilot
AI-powered assistant that helps security teams detect, investigate, and respond to threats
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 87%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPI%3C/text%3E%3C/svg%3E)
Hello,
I covered the answers to your questions in detail below. Hope this helps!
1. How our data is protected when using Copilot—both at rest and in transit.
All customer data are encrypted both at rest and in transit.
Refer to: https://learn.microsoft.com/en-us/copilot/microsoft-365/enterprise-data-protection#enterprise-data-protection-for-prompts-and-responses
Encryption in the Microsoft cloud | Microsoft Learn
2. Whether any data (inputs or outputs) is stored or used by Microsoft for model training, diagnostics, or quality improvement.
Prompts, responses and data accessed are not used to train foundational LLMs and it is compliant with compliance regulations like GDPR and EU Data Boundary.
Refer to: Data, Privacy, and Security for Microsoft 365 Copilot | Microsoft Learn
3. Where our data is stored geographically, and how tenant isolation is enforced.
Microsoft 365 isolation controls - Microsoft Service Assurance | Microsoft Learn
4. What contractual and technical safeguards are in place to ensure data privacy, particularly for sensitive or regulated information.
Microsoft 365 Copilot abides by broad compliance offerings and certifications, including GDPR, ISO 27001, HIPAA, and the ISO 42001 standard for AI management systems.
5. How we can control, monitor, and audit Copilot usage within our organization.
We have several options to do these.
- Auditing: Audit logs for Copilot and AI applications | Microsoft Learn
- Reporting: Microsoft 365 Copilot reports for IT admins | Microsoft Learn
- Data Protection: Microsoft 365 Copilot data protection architecture | Microsoft Learn
- DSPM for AI: Learn how Microsoft Purview Data Security Posture Management for AI provides data security and compliance protections for Copilots and other generative AI apps | Microsoft Learn
- All Purview Capabilities for M365 Copilot: Use Microsoft Purview to manage data security & compliance for Microsoft 365 Copilot & Microsoft 365 Copilot Chat | Microsoft Learn
6. If there is any official documentation, whitepapers, or security summaries available—especially those relevant to enterprise or regulated environments—we would appreciate it if you could share them.
A few more references apart from the above:
Copilot Control System for Enterprise-Ready AI | Microsoft
Enterprise data protection in Microsoft 365 Copilot and Microsoft 365 Copilot Chat | Microsoft Learn
Security for Microsoft 365 Copilot | Microsoft Learn
If you found the information above helpful, please Click Yes. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.