Understand Cowork guardrails and limitations

  • 6 minutes

When you delegate work to an AI tool like Cowork, it helps to understand how that work is managed and where the boundaries are. This unit covers the security model that applies to Cowork, the known limitations, and what to expect from a Frontier preview feature.

Security and permissions

Cowork operates inside the same security boundaries as the rest of Microsoft 365 Copilot. It doesn't get separate or broader access to your organization's data.

  • Your identity - Cowork acts as you, using your Microsoft Entra ID sign-in and your access scope.
  • Your permissions - Cowork can only access data and services that your Microsoft 365 account is authorized to use. If you can't see a file, neither can Cowork. Sensitivity labels and data loss prevention (DLP) policies apply to all Cowork interactions.
  • Tenant isolation - Your data is isolated to your organization's tenant. Cowork can't access data from other tenants.
  • No model training on your data - Cowork doesn't use your organizational data to train AI models. Your data remains within Microsoft 365 and is subject to your organization's existing data governance policies.

Known limitations

Cowork is a capable tool, but it has boundaries you should be aware of:

  • Ambiguous instructions. Cowork may misinterpret vague or overly broad requests. Provide clear, specific instructions for better results.
  • AI-generated content is a starting point. Documents, emails, and messages that Cowork creates should be treated as drafts. Always review before approving send or share actions.
  • No local file access. Cowork can't access files stored on your local device. It works with files in OneDrive, SharePoint, and other connected cloud services.
  • No file deletion. Cowork can't delete files or folders in OneDrive or SharePoint.
  • Results may be incomplete. Search results depend on what's indexed across your organization. If source data is outdated or not indexed, Cowork may not find it.
  • Complex tasks may not fully complete. Multi-step tasks with many dependencies may not always finish as expected. Review results carefully.
  • Custom skills aren't validated by Microsoft. If you or your organization create custom skills, their quality depends on how they were written. Review their outputs carefully.
  • Plugin skills are third-party. Plugin skills and connectors are provided by third-party publishers. Review their outputs carefully, as quality depends on the publisher.
  • Voice input varies by browser. Not all browsers support voice input for Cowork.

Note

Cowork isn't intended for use cases that require guaranteed accuracy without human review, such as legal filings, medical decisions, or financial transactions that bypass approval processes.

What Frontier means for you

Cowork is available today through the Frontier program, the early-access channel for the latest Copilot innovations in Microsoft 365. Understanding what Frontier means helps you set the right expectations:

  • Frontier is a preview. Features are still in development. Their availability and capabilities may change as Microsoft improves the experience.
  • Access requirements. You need a Microsoft 365 Copilot license and enrollment in the Frontier program. Once enrolled, you add Cowork from the Agent Store in Microsoft 365 Copilot.
  • Behavior changes. What works today may behave differently next week. Expect updates and occasional changes.
  • Your feedback matters. Frontier exists so that customer feedback shapes what ships at general availability. You can provide feedback in several ways:
    • Thumbs up or thumbs down on individual responses in the conversation.
    • Inline comments on specific parts of a response.
    • Document feedback when previewing files Cowork created.
    • General feedback from the menu.

Three things to remember

  • Cowork sees what you see - your identity, permissions, and tenant isolation apply at all times.
  • Cowork doesn't take sensitive actions without you - sending, sharing, and scheduling actions wait for your approval.
  • Cowork doesn't train on your data - your organizational data stays within Microsoft 365 and your existing governance policies.