In March 2023, Microsoft announced the private preview of Microsoft 365 Copilot. Copilot combines into a single system the power of next-generation AI with the richness of individual user data—calendar, emails, chats, documents, meetings, and more—in Microsoft Graph, plus the Microsoft 365 apps that people use every day. And it does so within Microsoft’s existing commitments to data security and privacy in the enterprise.

If you are one of the many organizations interested in learning more about Microsoft 365 Copilot’s licensing, security, privacy, and compliance, you came to the right place.  

Here’s what we know so far:

  1. Which plans or licenses will include the Copilot functionality?

    Microsoft 365 is foundational to being AI-ready. Previously, Copilot for Microsoft 365 was available only to enterprise clients with Microsoft 365 E3/E5 and Office 365 E3/E5.

    As of 15th January 2024, it is now generally available to commercial small and medium-sized businesses and education. If you are using any of the prerequisite licenses below, you can now purchase Copilot for Microsoft 365 for a fee per user per month (price to be announced soon).

    - Business Standard.
    - Business Premium.
    - Microsoft 365 A3 and A5.

    Learn more about Copilot for Microsoft 365 for small to medium-sized businesses, including the next steps, licensing, and technical requirements, here.

  2. Where can I purchase Microsoft 365 Copilot?

    You can purchase Microsoft 365 Copilot on an annual term via Cloud Solution Provider (CSP), Enterprise Agreement (EA), or Direct.

  3. Is the model learning from my data? Is Microsoft learning from my data?

    According to Microsoft, it is a static service inside the client’s environment like a user calling their Exchange Online server.

  4. Which data does Copilot use?

    Copilot combines 1) Large Language Models, 2) the richness of your data—your calendar, emails, chats, documents, meetings, and more—in Microsoft Graph, and 3) the Microsoft 365 apps.

  5. Will it be clear where the model is located from a data region point of view in terms of being compliant with local data and privacy laws?

    It will be compliant with Microsoft’s data residency commitments and various regional commitments. Your data is not leaving your compliance boundaries, and you will maintain control of your data throughout the entire experience. You as a client are always in control of your data, and Microsoft will continue to meet its regional requirements. Data will always follow your organization’s retention and query policies.

  6. Is Microsoft providing lineage information on where the training data was sourced from?

    OpenAI has trained the model on publicly available data over a specified period of time that is not trademarked. Microsoft has adjusted some of the weights to make them a better fit in the enterprise environment. Microsoft 365 Copilot does not use customer data—including prompts—to train or improve Microsoft’s large language models (LLMs). They believe the client’s data is their data. So, the existing Microsoft guarantees that the company has always made for enterprise and commercial data persist and continue, even in this AI era. You can review Microsoft’s privacy policy and service documentation for more information at

  7. How does Copilot respect security permissions to ensure that people get access to just the information that they can see, or that they should have the ability to see?

    The permissions model within your Microsoft 365 tenant will ensure that data will not unintentionally leak between users and groups. Copilot presents only data that each individual can access using the same underlying controls for data access used in other Microsoft 365 services. Copilot is integrated into Microsoft 365 and automatically inherits all your company’s valuable security, compliance, and privacy policies and processes.

  8. What are Microsoft’s commitments to data security and privacy?

    Grounded in users’ business data, Copilot uses cutting-edge AI to help users work across their business data in a secure, compliant, privacy-preserving way, delivering accurate, relevant, contextual results.

    Copilot large language models (LLMs) are not trained on your organization’s tenant data. Your data never leaves its secure partition.

    Copilot automatically inherits your organization’s security, compliance, and privacy policies for Microsoft 365. At an individual user level, Copilot works like an enterprise search today: it can access only the data to which the user already has access, enforced by the same technology that Microsoft has been using for years to secure customer data in Microsoft 365 apps.

    Microsoft 365 Copilot is deeply integrated in the productivity apps millions of people use and rely on every day for work and life: Word, Excel, PowerPoint, Outlook, Teams, and more.

    The individual user—and the admins—is always in control. Users decide what to use, modify, or discard. Microsoft will share more soon about new tools for IT admins so you can plan with confidence to enable Copilot across your organization.

    Building responsibly: Microsoft 365 Copilot is designed for the needs of the enterprise. Microsoft’s efforts are guided by their AI principles and Responsible AI Standard and built on decades of research about grounding and privacy-preserving machine learning.

Did you know 1Staff has its own Copilot aimed at specific Staffing and Recruiting use cases, pay guidelines, job descriptions, interview questions and much more?

Want to know more get in touch.

What features are included in Microsoft 365 Copilot?

  1. Foundational Capabilities.
  2. Web Grounding.
  3. Commercial Data Protection.
  4. Priority Model Access.
  5. Copilot in Outlook, Word, Excel, PowerPoint and OneNote.
  6. Copilot in Teams.
  7. Microsoft Graph Grounding.
  8. Enterprise-Grade Data Protection.
  9. Customization via Copilot Studio.

More from the blog

Should you choose a Best-of-Breed or All-in-One Security Solution?

If we were in the 1990s, a best-of-breed strategy would likely prevail and win this debate (for reasons you can read through in this blog). But in today’s modern workplaces with hybrid workstyles, cloud-based technologies, bring your own device (BYOD), the Internet of Things (IoT), artificial intelligence (AI), machine learning (ML), and a whole bunch of other new tech, it has completely changed the way organizations need to manage, administer, and protect their IT environment.