Microsoft Copilot - Enterprise Data Protection

Summary

This article outlines the key enterprise data protection features of Microsoft Copilot, emphasizing privacy, security, and compliance with industry standards. It also explains how web queries are handled to protect user data during Copilot interactions.

Body

KB Sections:

Overview of Enterprise Data Protection

Microsoft 365 Copilot follows the same data protection standards and privacy commitments as other Microsoft 365 services. These commitments are part of Microsoft’s Data Protection Addendum (DPA) and ensure customer data is protected at all times. Microsoft acts as a data processor, following strict controls to secure prompts and responses generated by Copilot.

For more detailed information, visit Enterprise Data Protection in Microsoft 365 Copilot.

Key Data Protection Features

  • Encryption & Security Controls:
    Data is encrypted at rest and in transit, with robust physical security and data isolation between tenants.

  • Privacy Compliance:
    Copilot supports compliance frameworks like GDPR and ISO/IEC 27018. Microsoft ensures that user data is only processed as instructed and never used to train AI models.

  • Permissions & Retention Policies:
    Copilot respects identity models, sensitivity labels, retention policies, and access controls from your organization’s Microsoft 365 setup. It logs interactions for auditing to align with organizational policies.

  • Protection from AI Risks:
    Microsoft protects against AI-based risks like prompt injections and ensures copyright detection to safeguard content used in responses.

  • Foundation Model Usage:
    Microsoft ensures that user data and prompts are not used to train large language models (LLMs), providing further privacy assurance.

Web Queries and Data Privacy

When Copilot performs web searches, it leverages Bing to provide accurate, up-to-date responses.

  • Secure Queries:
    Queries are processed with user and tenant identifiers removed, ensuring that they are not used for ads or shared with advertisers.

  • Separate Data Handling:
    Bing searches follow Microsoft’s Services Agreement and operate under independent privacy terms from Microsoft 365. Queries are transmitted securely and are not used for AI training.

Details

Details

Article ID: 1393
Created
Wed 10/30/24 11:56 AM
Modified
Wed 10/30/24 11:56 AM
Article Summary
The Article Summary field allows you to specify a custom synopsis for use when this article is being displayed in a list and the full body is not being shown. This field is the same as the Article Summary.
This article outlines the key enterprise data protection features of Microsoft Copilot, emphasizing privacy, security, and compliance with industry standards. It also explains how web queries are handled to protect user data during Copilot interactions.