Data, Privacy, and Security considerations of extending Copilot for Microsoft 365

When you extend Copilot's repertoire of skills with a plugin, queries based on your prompts, conversation history, and Microsoft 365 data can be shared with the plugin to generate a response or complete a command. When you extend Copilot with a Microsoft Graph connector, your external data is ingested into Microsoft Graph and remains in your tenant. This article will outline data privacy and security considerations for developing different Copilot extensibility solutions, both in-house and as a commercial developer.

Graph connectors

Copilot for Microsoft 365 presents only data that each individual can access using the same underlying controls for data access used in other Microsoft 365 services. Microsoft Graph honors the user identity-based access boundary so that the Copilot grounding process only accesses content that the current user is authorized to access. This is also true of external data within Microsoft Graph ingested from a Graph connector.

When you connect your external data to Copilot with a Microsoft Graph connector, your data flows into Microsoft Graph. You can manage permissions to view external items by associating an access control list (ACL) with a Microsoft Entra user and group ID or an external group.

Prompts, responses, and data accessed through Microsoft Graph aren't used to train foundation LLMs, including those used by Microsoft 365 Copilot.

Plugins

Similar to traditional Teams apps and Power Platform connectors, plugins for Microsoft Copilot are individually governed by their terms of use and privacy policies. As a plugin developer, you are responsible for securing your customer's data within the bounds of your service and providing information on your policies regarding users' personal information. Admins and users can then view your privacy policy and terms of use in the app store before choosing to add or use your plugin as a Copilot data source.

When you plug in your app to Copilot as a plugin, your external data stays within your app; it does not flow into Microsoft Graph or is used to train Microsoft Copilot LLMs. Copilot does, however, generate a search query to send to your plugin on the user's behalf based on their prompt and conversation history with Copilot, and data the user has access to in Microsoft 365.

Message extension plugins use the same authentication process for Teams message extensions.

Power Platform plugins use the same authentication process for custom connectors.

Considerations for line-of-business developers

Copilot for Microsoft 365 only shares data with and searches in plugins or connectors that are enabled for Copilot by a Microsoft 365 admin. As a line-of-business developer of Copilot extensibility solutions, ensure you and your admin are familiar with:

• Microsoft Copilot for Microsoft 365 requirements
• Data, Privacy, and Security for Microsoft Copilot for Microsoft 365 admin documentation
• Zero Trust for Microsoft Copilot for Microsoft 365 deployment plan for applying Zero Trust principles to Microsoft Copilot
• Microsoft Admin Center procedures:
  • Managing plugins for Copilot
  • Managing Microsoft Graph connectors.

Considerations for independent software vendors

Message extension plugins are packaged and distributed in the same way as Microsoft Teams apps that are integrated to run across the Microsoft 365 ecosystem. Microsoft Graph connectors can also be packaged and distributed in the same way as Teams apps.

Power Platform plugins are certified and distributed in the same way as Power Platform connectors, by first publishing your connector to the Power Platform Connectors open source repository, and then submitting its information to Microsoft.

Submission of your app package to the Microsoft Partner Center Microsoft 365 and Copilot program requires meeting certification policies for acceptance to Microsoft 365 in-product stores. Microsoft Commercial Marketplace certification policies and Teams Store validation guidelines regarding privacy, security, and responsible AI include:

Commercial marketplace certification policy	Teams store guidelines
100.5 Offer information	Privacy policy, Terms of use
100.6 Personal information	Sensitive content
100.11 Security
1140.3 Security	Security
1140.3.1 Financial transactions	Financial information
1140.3.2 Bots and message extensions	Bots
1140.3.3 External domains	External domains
1140.4.1 General	Responsible AI checks
1140.9 Teams apps extensible as plugins for Microsoft Copilot for Microsoft 365	Teams apps extensible as plugins for Microsoft Copilot

Submission to the Microsoft 365 and Copilot program is currently limited to verified publishers. This provides end-users and organizational admins assurance that the publisher of an app has been verified as authentic by Microsoft.

See also

Publish plugins and connectors for Microsoft Copilot for Microsoft 365

Microsoft commitment to responsible AI