Data, Privacy, and Security considerations of extending Copilot for Microsoft 365
When you extend Copilot's repertoire of skills with a plugin, queries based on your prompts, conversation history, and Microsoft 365 data can be shared with the plugin to generate a response or complete a command. When you extend Copilot with a Microsoft Graph connector, your external data is ingested into Microsoft Graph and remains in your tenant. This article will outline data privacy and security considerations for developing different Copilot extensibility solutions, both in-house and as a commercial developer.
Graph connectors
Copilot for Microsoft 365 presents only data that each individual can access using the same underlying controls for data access used in other Microsoft 365 services. Microsoft Graph honors the user identity-based access boundary so that the Copilot grounding process only accesses content that the current user is authorized to access. This is also true of external data within Microsoft Graph ingested from a Graph connector.
When you connect your external data to Copilot with a Microsoft Graph connector, your data flows into Microsoft Graph. You can manage permissions to view external items by associating an access control list (ACL) with a Microsoft Entra user and group ID or an external group.
Prompts, responses, and data accessed through Microsoft Graph aren't used to train foundation LLMs, including those used by Microsoft 365 Copilot.
Plugins
Similar to traditional Teams apps and Power Platform connectors, plugins for Microsoft Copilot are individually governed by their terms of use and privacy policies. As a plugin developer, you are responsible for securing your customer's data within the bounds of your service and providing information on your policies regarding users' personal information. Admins and users can then view your privacy policy and terms of use in the app store before choosing to add or use your plugin as a Copilot data source.
When you plug in your app to Copilot as a plugin, your external data stays within your app; it does not flow into Microsoft Graph or is used to train Microsoft Copilot LLMs. Copilot does, however, generate a search query to send to your plugin on the user's behalf based on their prompt and conversation history with Copilot, and data the user has access to in Microsoft 365.
Message extension plugins use the same authentication process for Teams message extensions.
Power Platform plugins use the same authentication process for custom connectors.
Considerations for line-of-business developers
Copilot for Microsoft 365 only shares data with and searches in plugins or connectors that are enabled for Copilot by a Microsoft 365 admin. As a line-of-business developer of Copilot extensibility solutions, ensure you and your admin are familiar with:
- Microsoft Copilot for Microsoft 365 requirements
- Data, Privacy, and Security for Microsoft Copilot for Microsoft 365 admin documentation
- Zero Trust for Microsoft Copilot for Microsoft 365 deployment plan for applying Zero Trust principles to Microsoft Copilot
- Microsoft Admin Center procedures:
Considerations for independent software vendors
Message extension plugins are packaged and distributed in the same way as Microsoft Teams apps that are integrated to run across the Microsoft 365 ecosystem. Microsoft Graph connectors can also be packaged and distributed in the same way as Teams apps.
Power Platform plugins are certified and distributed in the same way as Power Platform connectors, by first publishing your connector to the Power Platform Connectors open source repository, and then submitting its information to Microsoft.
Submission of your app package to the Microsoft Partner Center Microsoft 365 and Copilot program requires meeting certification policies for acceptance to Microsoft 365 in-product stores. Microsoft Commercial Marketplace certification policies and Teams Store validation guidelines regarding privacy, security, and responsible AI include:
Submission to the Microsoft 365 and Copilot program is currently limited to verified publishers. This provides end-users and organizational admins assurance that the publisher of an app has been verified as authentic by Microsoft.
See also
Publish plugins and connectors for Microsoft Copilot for Microsoft 365
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for