![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 8%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Microsoft Copilot | Microsoft 365 Copilot | Development
Building and customizing solutions using Microsoft 365 Copilot APIs and tools
• Data location / tenant boundary Microsoft 365 Copilot operates within the existing Microsoft 365/Office 365 trust boundary. Customer data, including Copilot prompts and responses, is stored within the Microsoft Cloud trust boundary and is logically isolated per tenant using Microsoft Entra authorization and role-based access control.
For Microsoft 365 Copilot specifically, Copilot presents only data that each individual is already authorized to access, using the same underlying access controls as other Microsoft 365 services. Semantic Index and grounding honor user identity–based access boundaries.
In some scenarios (for example, features powered by Bing or third‑party plug-ins), customer data can be transmitted outside the Microsoft Cloud trust boundary, but core Microsoft 365 Copilot runs within the Microsoft cloud.
• Use of data for training models Prompts and responses in Microsoft 365 Copilot are not used to train the foundation models used by Copilot.
For Dynamics 365 and Power Platform Copilot features, prompts and outputs:
- Are not available to other customers.
- Are not used to train or improve any third‑party products or services (such as OpenAI models).
- Are not used to train or improve Microsoft AI models unless the tenant admin explicitly opts in to optional data sharing.
• Compliance posture (HIPAA-like, SOC, etc.) Microsoft 365 Copilot and Dynamics 365/Power Platform Copilot are built on Microsoft’s existing enterprise security, privacy, and compliance framework. Copilot inherits Microsoft 365 and Dynamics 365/Power Platform security, privacy, and compliance controls, including:
- Logical isolation of customer content per tenant.
- Multi-layered encryption at rest and in transit (BitLocker, per-file encryption, TLS, IPsec, etc.).
- Support for Microsoft Purview Information Protection (sensitivity labels, rights management) with Copilot honoring usage rights.
- Microsoft’s commitments to broadly applicable privacy laws (such as GDPR) and privacy standards (such as ISO/IEC 27018).
These services are designed to align with the same compliance boundary as the underlying Microsoft 365 services; detailed mappings to specific frameworks (HIPAA, SOC, etc.) are provided in Microsoft’s compliance documentation outside this context.
• Does Copilot send data externally? Within Microsoft 365 and Dynamics 365/Power Platform, Copilot operates inside the Microsoft Cloud trust boundary. Data transfers between Dynamics 365, Power Platform, and Azure OpenAI occur over the Microsoft backbone network and are encrypted in transit.
The documentation notes that in some scenarios, such as features powered by Bing and third‑party copilot plug-ins, customer data might be transmitted outside the Microsoft Cloud trust boundary. For core Microsoft 365 Copilot experiences, data remains within the Microsoft cloud and is governed by existing Microsoft 365 data protection controls.
• Permissions behavior (can Copilot see more than the user?) Copilot does not elevate permissions. It can only access and surface content that the current user is already authorized to access:
- Microsoft 365 Copilot uses the same permissions model as Microsoft 365. It presents only data each individual can access, and the Semantic Index honors user identity–based access boundaries.
- For encrypted content protected by Microsoft Purview Information Protection, Copilot honors the usage rights granted to the user. If the user does not have rights to open or use the content, Copilot cannot use it.
- For Dynamics 365 and Power Platform, data is provided to Copilot based on the access level of the current user. If a user has access to encrypted data and provides it to Copilot, Copilot can access it; otherwise, it cannot.
Authentication and authorization mechanisms segregate requests to shared models among tenants, and Copilot utilizes only data that the requesting user can access.
References: