Share via

Privacy and protections

  • Article

Commercial data protection

When organizations and employees use generative AI services, it's important to understand how these services handle user and chat data. Because employee chats may contain sensitive data, Copilot is designed to protect this information, as illustrated here:

Diagram of Copilot architecture.

Commercial data protection in Copilot works like this:

  • Copilot uses Microsoft Entra ID (formerly known as Azure Active Directory) for authentication and only allows users to access Copilot with commercial data protection using their work or school account.
  • An Entra ID user's tenant and user information is removed from chat data at the start of a chat session. This information is only used to determine if the user is eligible for commercial data protection. Search queries triggered by prompts from an Entra ID user aren't linked to users or organizations by Bing.
  • Microsoft doesn't retain prompts or responses from Entra ID users when using Copilot. Prompts and responses are maintained for a short caching period for runtime purposes. After the browser is closed, the chat topic is reset, or the session times out, Microsoft discards prompts and responses.
  • Chat data sent to and from Copilot with commercial data protection is encrypted in transit using a Transport Layer Security protocol (TLS 1.2+) and at rest using the Advanced Encryption Standard (AES-128). Microsoft has no 'eyes-on' access to it.
  • Because Microsoft doesn't retain prompts and responses, those prompts and responses can't be used as part of a training set for the underlying large language model.
  • Advertising shown to Entra ID users isn't targeted based on workplace identity or chat history.

These data protections extend to eligible Entra ID user chats in Copilot on copilot.microsoft.com and in Bing, Edge, and Windows. They also extend to Copilot chats in the Copilot, Bing, Edge, Microsoft Start, or Microsoft 365 mobile apps.

Generated search queries

Microsoft Copilot parses a user's prompt and identifies terms where web grounding would improve the quality of the response. Based on these terms, Copilot generates a search query that it sends to the Bing Search service asking for more information.

This generated search query is different from the user's original prompt—it consists of a few words informed by the user's prompt. A few terms from uploaded files or content actively viewed in Edge may also be sent to the Bing search service to ground responses if Copilot needs them to understand the user's prompt.

The following information is not included in the generated query sent to the Bing search service:

  • The user's entire prompt, unless the prompt is very short (for example, "local weather")
  • Entire files uploaded into Copilot
  • Entire web pages or PDFs summarized by Copilot in Edge
  • Any identifying information based on the user's Entra ID (for example: username, domain, or tenant ID)

Generated queries are not shared with any third parties, including partners or advertisers. They're also not used to improve ranking parameters in the Bing search service for users inside or outside your organization.

After Microsoft Copilot receives additional information from the Bing search service, this information is used to compose the response returned to the user. The table below provides examples of a user's prompt and the generated search queries sent to Bing. It also explains how Copilot formulates a response.

User prompt Generated search queries How Copilot provides a response
We’re considering a possible acquisition of Fabrikam. Summarize financial information about the company, including their business strategy. Fabrikam strategy

Fabrikam financials		 Copilot will return a response which includes publicly available information relevant to these two search queries.
Along with the prompt, the user uploads a document about clean energy strategy.

Summarize this document and tell me if Fabrikam has publicly announced a similar approach.		 Fabrikam clean energy policy announcements If the document has Microsoft 365 DLP controls, no query terms are generated based on the content of the document.

Otherwise, Copilot reasons over this document and identifies “clean energy policy” as a major theme. “Clean energy policy” is added to the generated search query sent to the Bing search service (the document itself is not included). The rest of the generated query is inferred from the prompt itself.

Copilot then takes web search results returned from Bing and identifies any similarities between this public information and the strategy described in the internal document.

After the chat session ends, the document is no longer retained by Copilot.
User has navigated to a public news article on the web about clean energy and uses Copilot in Edge to ask for a summary.

What does this article say about clean energy?		 None To generate a page summary, Copilot can infer all needed information from the text on the page itself. No generated search query is necessary.

After the chat session ends, any information from the web page is no longer retained by Copilot.

Chat history and reporting

When commercial data protection is enabled, Copilot doesn't support the chat history feature. It doesn't retain chat prompts or responses.

It also offers no usage reporting or auditing capabilities to organizations. Copilot users may, however, be subject to other types of monitoring available to IT admins in their organization. For example, they may be subject to internal logging, device or network logs, or other methods of monitoring on their organization's network or devices.

Copilot is managed in accordance with our responsible AI principles, which means we take steps to mitigate misuse or harmful behavior and content.

Organizational data

Copilot is a generative AI service grounded in data from the public web in the Bing search index only. It doesn't have access to organizational resources or content within Microsoft 365, such as documents in OneDrive, emails, or other data in the Microsoft 365 Graph.

Copilot for Microsoft 365 is required if your organization wants an AI chat experience grounded in work data inside your tenant boundary.

Copilot can access organizational content in the chat only when users actively provide it. Users can allow Copilot to access their organizational content in one of three ways:

  1. Users explicitly type or paste this information directly into the chat.
  2. Users upload a file by selecting the paperclip icon in the chat box. They can also drag and drop a file into the chat box. The file upload feature is currently in preview. Learn more about uploading files here.
  3. Users type a prompt into Copilot in Edge after enabling the 'Allow access to any webpage or PDF' setting, and an intranet page is open in the browser. In this scenario, Copilot may use this content to help answer questions.

Additionally, in the Microsoft 365 mobile app, users can click on suggested Copilot prompts surfaced across the OneDrive, Capture, and Create tabs. In this scenario, the associated file and its content will be used by Copilot as part of the response.

In all cases, when commercial data is enabled, Copilot doesn't retain any of this data after the chat session is over. Nor does it use the organizational data to train the underlying model.

Microsoft as the data controller

Copilot is a connected service where Microsoft is the data controller. Users' prompts leave your organization's Microsoft 365 tenant boundary to reach the Copilot service. When commercial data protection is enabled, Microsoft doesn't retain this data beyond a short caching period for runtime purposes. After the browser is closed, the chat topic is reset, or the session times out, Microsoft discards all prompts and responses.

To provide chat responses, Copilot uses global data centers for processing and may process data in the United States. Optional, Bing-backed connected experiences don't fall under Microsoft's EU Data Boundary (EUDB) commitment. Learn more: Continuing Data Transfers that apply to all EU Data Boundary services. They also don't fall under the terms of the Data Protection Addendum (DPA) which requires company data to remain inside geographic or tenant boundaries.

As a reminder, Copilot has no access to organizational data inside your tenant boundary, and chat conversations aren't saved or used to train the underlying models.

Organizations with strict requirements that data must remain inside tenant or geographic boundaries should instead consider Copilot for Microsoft 365 or Azure Open AI to provide generative AI services. Copilot with commercial data protection is intended as a more secure alternative for organizations than using consumer-oriented generative AI services.

For more information, see Microsoft 365 Data Residency and the Microsoft Privacy Statement.

Authentication and authorization

Commercial data protection is only available by signing in with the same Entra ID used to access Microsoft 365 services such as SharePoint or Outlook.

GDPR

The May 21, 2018, blog post from Microsoft outlines our commitment to GDPR compliance and how Microsoft helps businesses and other organizations meet their own GDPR obligations. You can find more details in the Microsoft Trust Center FAQ.

Copilot aligns with GDPR principles. Customers who wish to submit a right to be forgotten request to remove information from the Bing search index can do so here: Bing - Request Form to Block Search Results in Europe

Advertising

Copilot occasionally shows advertisements as part of chat responses. An ad that appears in a chat response is triggered by any queries generated by the user's prompt, not their workplace identity.

Advertising to Entra ID users isn't targeted, meaning no information from the user's workplace identity is used to determine the ad that appears. Entra ID users won't be retargeted by ads they previously interacted with in Copilot.