अंग्रेज़ी में पढ़ें संपादित करें

इसके माध्यम से साझा किया गया

Microsoft 365 Copilot architecture and how it works

  • आलेख
  • निम्न पर लागू होता है:
    ✅ Microsoft 365 Copilot

When you create a Microsoft 365 subscription, a tenant is automatically created for your organization. Your tenant sits inside the Microsoft 365 service boundary, where Microsoft 365 Copilot can access your organization's data.

This data includes information that the user can access, including their activities, and the content they create & interact with in Microsoft 365 apps.

Diagram that shows the Microsoft 365 tenant architecture with Microsoft 365 Copilot and user data.

Copilot is a shared service, just like many other services in Microsoft 365. When using Copilot in your tenant:

  • Your customer data stays within the Microsoft 365 service boundary.
  • Your data is secured based on existing security, compliance, and privacy policies already deployed by your organization.

This article describes how Microsoft 365 Copilot works, including the data flow in a user prompt, how Copilot access data, and how Copilot honors Conditional Access and multifactor authentication (MFA).

This article applies to:

  • Microsoft 365 Copilot

User prompts and Copilot responses

When users open a Microsoft 365 app, like Word or PowerPoint, they can use Copilot to get real-time data.

The following diagram provides a visual representation of how a Copilot prompt works.

Diagram that shows the relationship between users, devices, apps, and Microsoft 365 Copilot.

Let's take a look:

  1. In a Microsoft 365 app, a user enters a prompt in Copilot.

  2. Copilot preprocesses the input prompt using grounding and accesses Microsoft Graph in the user's tenant.

    • Grounding improves the specificity of your prompt, and helps you get answers that are relevant and actionable to your specific task. The prompt can include text from input files or other content Copilot discovers.

    • The data Copilot uses to generate responses is encrypted in transit.

  3. Copilot sends the grounded prompt to the LLM. The LLM uses the prompt to generate a response that is contextually relevant to the user's task.

  4. Copilot returns the response to the app and the user.

User access and data privacy

Copilot only accesses data that an individual user is authorized to access, based on, for example, existing Microsoft 365 role-based access controls. Copilot doesn't access data that the user doesn't have permission to access.

The following diagram provides a visual representation of how Copilot and user access work together.

Diagram that shows Microsoft 365 Copilot only accesses the data the user has permissions to access.

Let's take a look:

  • On devices, users open an app and enter a prompt in Copilot.

  • Copilot uses Microsoft Graph to access user data that's in the user's unique context. This user data includes emails, chats, and documents that the user has permission to access.

    There are Microsoft 365 services that help control access and security to your organization's data. These services include Restricted SharePoint Search (RSS), SharePoint Advanced Management (SAM), and Microsoft Purview. To learn more, see Microsoft 365 E3 and E5 feature comparison list for Microsoft 365 Copilot.

  • Copilot can't access data that the user doesn't have permission to access. In the diagram, the grayed-out data represents data that Copilot can't access.

  • When a user enters a prompt and Copilot responds, this interaction is stored in the user's Copilot chat history. Users can review and reuse their previous prompts. They can also delete their chat history.

To learn more, see Data stored about user interactions with Microsoft 365 Copilot

Copilot honors Conditional Access and MFA

Copilot honors Conditional Access policies and multifactor authentication (MFA).

Diagram that shows Conditional Access and MFA can control access to Microsoft 365 Copilot.

This means:

Related content