Microsoft July 14, 2026 7 min read

Microsoft Copilot and Your AI Policy: What to Include, What to Watch

Microsoft 365 Copilot is embedded across Word, Outlook, Excel, and Teams. Here's how to classify it in your AI policy.

How Copilot's Data Boundary Actually Works

Microsoft 365 Copilot operates inside your Microsoft 365 tenant. When a user asks Copilot a question in Word or Teams, it queries your organization's data — emails, documents, chats, calendar entries — using Microsoft Graph. That data does not leave your tenant to train Microsoft's foundation models. Microsoft's published data protection commitments confirm that Copilot prompts and responses are not used to train the underlying large language models.

What this means practically: Copilot's risk profile is different from a consumer AI tool like ChatGPT. The threat isn't data exfiltration to an external model — it's internal oversharing. Copilot will return results from any file the user has permission to read, including files shared broadly across the org that nobody intended to be easily discoverable. A user who asks "summarize all recent HR complaints" may get a coherent answer if your HR SharePoint folder has loose access controls.

Your policy needs to make this distinction explicit. Copilot is an approved tool in most cases, but that doesn't mean it's an unrestricted one. Define it as "approved with access controls required" — and reference the sensitivity label and permissions audit requirements in the same policy section. For broader context on how approved tools can still create internal risk, see our guide on what shadow AI means for your organization.

Admin-Level Governance Controls Your IT Team Should Configure Before Rollout

Microsoft provides a set of admin controls for Copilot in the Microsoft 365 admin center that most organizations haven't fully configured. Your policy should require IT to enable and document these before Copilot is made available to any user group.

Your AI acceptable use policy should not try to replicate the technical configuration — that belongs in your IT runbook. But the policy should name these controls as required prerequisites for Copilot deployment, so that legal and HR have a clear hook if IT skips them. See our AI acceptable use policy template guide for how to structure that kind of policy-to-IT handoff.

Sensitivity Labels and What Copilot Does with Them

Microsoft Purview sensitivity labels are the most direct tool you have for controlling what Copilot can and can't do with specific content. If a document is labeled "Confidential" or "Highly Confidential," Copilot will respect those labels — but only if you configure label-based protections correctly.

Specifically: sensitivity labels can be configured to apply encryption that prevents Copilot from reading the underlying content. A document encrypted with a "Highly Confidential" label using customer-managed keys, for example, will not be summarized by Copilot unless the user has explicit decryption rights. This is a meaningful protection — but it only works if your labeling is consistent and your labels actually apply encryption rather than just visual markings.

The practical problem most organizations face is that a large share of sensitive documents are unlabeled. Copilot treats an unlabeled document with no access restrictions as fair game. Your policy should require a labeling audit before Copilot is deployed broadly, and it should define which data categories require a "Confidential" or higher label. Here's a quick reference for how data types should map to Copilot access controls:

Data Type Recommended Sensitivity Label Copilot Access Outcome
Internal memos, project docs General / Internal Accessible to licensed users with file permissions
HR records, performance reviews Confidential – HR Only Restricted to HR-scoped permissions; encryption recommended
Legal documents, M&A materials Highly Confidential Encryption applied; Copilot blocked unless user has decrypt rights
PHI / PII subject to HIPAA or GDPR Highly Confidential – Regulated Encryption applied; audit logging required; legal review before Copilot use
Financial forecasts, board materials Highly Confidential Encryption applied; access scoped to named individuals

If your organization doesn't have a labeling taxonomy yet, start with four tiers: Public, Internal, Confidential, and Highly Confidential. That's enough to make Copilot controls meaningful without creating a labeling burden employees will ignore.

Meeting Transcription, Copilot in Teams, and What Your Policy Needs to Say

Copilot in Teams meetings can generate real-time summaries, action items, and follow-up drafts — but most of these features require transcription to be enabled. Transcription creates a stored record of the meeting. That record is subject to eDiscovery, can be accessed by admins, and in some jurisdictions triggers employee notification requirements.

In the EU, recording or transcribing employee meetings without explicit notice may conflict with GDPR Article 13 transparency requirements and, in some member states, specific works council or co-determination rules. In the US, several states (including California, under Cal. Penal Code § 632) require all-party consent for recorded communications in certain contexts. Your policy needs to require that meeting hosts notify all participants before enabling Copilot transcription — and it should prohibit transcription of meetings where external parties haven't consented.

Policy principle: If you wouldn't be comfortable showing the transcript to every person in the room, don't enable Copilot transcription for that meeting. The transcript doesn't disappear when the meeting ends — it's stored, searchable, and discoverable.

Your policy should also address Copilot Meeting Recap, which surfaces meeting summaries to users who weren't present. This is useful for catching up — and a potential confidentiality problem if the meeting discussed personnel matters, legal strategy, or unreleased financial information. Define which meeting categories are off-limits for Copilot recap sharing, and require hosts to disable recap sharing for sensitive sessions.

Compliance Mode and Data Residency: What You Can and Can't Control

Microsoft offers data residency commitments through its Microsoft Cloud for Sovereignty and Multi-Geo capabilities, and through the EU Data Boundary program for European customers. For most SMBs, the relevant question is simpler: where are your Microsoft 365 tenant's data centers located, and does Copilot processing stay in that geography?

Microsoft's published commitments state that for tenants in the EU Data Boundary, Copilot prompts and responses are processed within the EU. For US-based tenants on standard licensing, processing occurs in US-based data centers. If your organization is subject to GDPR, you should verify your tenant's data boundary configuration and document it — regulators increasingly expect organizations to demonstrate, not just assert, that personal data stays within approved geographies.

For organizations in regulated industries, Microsoft Purview's Communication Compliance and Audit (Premium) features allow you to log Copilot interactions for compliance review. FINRA-regulated firms, for example, need to consider whether Copilot-generated content in client-facing contexts triggers recordkeeping obligations under FINRA Rule 4511. HIPAA-covered entities should confirm whether their Microsoft agreement includes a Business Associate Agreement (BAA) covering Copilot — Microsoft does include Copilot in its standard BAA for M365, but you should verify this against your specific agreement and document the confirmation.

Your policy doesn't need to restate Microsoft's terms — it needs to tell your employees and managers what they're responsible for. That means specifying: which data categories can be processed through Copilot, which roles are approved to use Copilot in client-facing or regulated workflows, and what documentation is required before enabling Copilot features in a new business unit. Check our Microsoft 365 Copilot workplace risk profile for a quick-reference summary of the tool's risk classifications by data type.

How to Write the Copilot Section of Your AI Policy

Don't bury Copilot in a generic "AI tools" section. It deserves its own named section because it's embedded in your core productivity suite and because employees are likely already using it whether or not you've addressed it in policy.

A Copilot-specific policy section should cover at minimum:

If you need a starting point for the full policy structure, you can generate a tailored policy kit that includes Copilot-specific language alongside your other approved and restricted tools.

About Shadow AI Policy: We build AI acceptable use policy tools for HR and operations teams at 50–500 person companies. We publish guides on shadow AI, acceptable use policies, and AI governance, updated as regulations and AI tools change.

Common questions

Does Microsoft 365 Copilot use our company data to train its AI models?

No — Microsoft's published data protection commitments state that Copilot prompts, responses, and the data it accesses in your tenant are not used to train the foundation models that power Copilot. Your data stays within your Microsoft 365 tenant. That said, Microsoft does use interaction data for limited service improvement purposes, so review your tenant's privacy settings and the Microsoft Product Terms if this distinction matters for your compliance documentation.

What happens if an employee uses Copilot to access a document they weren't supposed to see?

Copilot respects existing Microsoft 365 permissions — it won't surface a file the user doesn't have access to. The problem is that many organizations have overly broad permissions, so users can legitimately access files they'd never have found manually. If that happens, it's a permissions governance problem, not a Copilot breach. Audit your SharePoint site permissions before rollout, and use Restricted SharePoint Search as an interim control while you tighten access.

Do we need a separate policy for Copilot, or can we add it to our general AI acceptable use policy?

Add a named Copilot section to your general AI acceptable use policy rather than creating a separate document — most employees won't read two policies. The Copilot section should cover approved use cases, data classification requirements, meeting transcription rules, and output review obligations. A general AI policy that doesn't name Copilot specifically leaves employees guessing about whether the rules apply to the AI tool built into their daily software.

Are Copilot meeting transcripts subject to eDiscovery?

Yes. If your organization has Microsoft Purview configured with Audit (Standard) or Audit (Premium), Copilot interactions — including meeting transcripts generated with Copilot enabled — are searchable and producible in litigation or regulatory investigations. This is a reason to define in policy which meetings should have transcription disabled, particularly those involving legal strategy, personnel matters, or pre-decisional financial discussions. Make sure your legal hold procedures account for Copilot-generated content.

Generate your AI policy in 10 minutes

Tailored to your industry and the AI tools your team uses. Free preview, $79 one-time or $149/mo with monthly updates.

Generate my policy kit →