Frequently Asked Questions about Microsoft 365 Copilot


In March 2023, Microsoft announced the private preview of Microsoft 365 Copilot. Copilot combines into a single system the power of next-generation AI with the richness of individual user data—calendar, emails, chats, documents, meetings, and more—in Microsoft Graph, plus the Microsoft 365 apps that people use every day. And it does so within Microsoft’s existing commitments to data security and privacy in the enterprise.

If you are one of the many organisations interested in learning more about Microsoft 365 Copilot’s licensing, security, privacy, and compliance, you came to the right place.  

Here’s what we know so far:

  1. Which plans or licenses will include the Copilot functionality?

    Microsoft 365 is foundational to being AI-ready. Previously, Copilot for Microsoft 365 was available only to enterprise clients with Microsoft 365 E3/E5 and Office 365 E3/E5.

    As of 15th January 2024, it is now generally available to commercial small and medium-sized businesses and education. If you are using any of the prerequisite licenses below, you can now purchase Copilot for Microsoft 365 for a fee per user per month (price to be announced soon).

    - Business Standard.
    - Business Premium.
    - Microsoft 365 A3 and A5.

    Learn more about Copilot for Microsoft 365 for small to medium-sized businesses, including the next steps, licensing, and technical requirements, here.

  2. Where can I purchase Microsoft 365 Copilot?

    You can purchase Microsoft 365 Copilot on an annual term via Cloud Solution Provider (CSP), Enterprise Agreement (EA), or Direct.

  3. Is Microsoft 365 Copilot available to Not-for-Profits?

    Yes, it is. Not-for-profits can access Microsoft 365 Copilot using the commercial offer and add it to their existing qualifying not-for-profit base license such as Microsoft 365 Business Premium. The commercial offer is currently priced at AUD 44.90* per user/month (annual commit) and is available for purchase through Cloud Solution Provider (CSP) partners such as Professional Advantage.

    *Price subject to change without prior notice. Please check with PA for the latest pricing.

  4. Is the model learning from my data? Is Microsoft learning from my data?

    According to Microsoft, it is a static service inside the client’s environment like a user calling their Exchange Online server.

  5. Which data does Copilot use?

    Copilot combines 1) Large Language Models, 2) the richness of your data—your calendar, emails, chats, documents, meetings, and more—in Microsoft Graph, and 3) the Microsoft 365 apps.

  6. Will it be clear where the model is located from a data region point of view in terms of being compliant with local data and privacy laws?

    It will be compliant with Microsoft’s data residency commitments and various regional commitments. Your data is not leaving your compliance boundaries, and you will maintain control of your data throughout the entire experience. You as a client are always in control of your data, and Microsoft will continue to meet its regional requirements. Data will always follow your organisation’s retention and query policies.

  7. Is Microsoft providing lineage information on where the training data was sourced from?

    OpenAI has trained the model on publicly available data over a specified period of time that is not trademarked. Microsoft has adjusted some of the weights to make them a better fit in the enterprise environment. Microsoft 365 Copilot does not use customer data—including prompts—to train or improve Microsoft’s large language models (LLMs). They believe the client’s data is their data. So, the existing Microsoft guarantees that the company has always made for enterprise and commercial data persist and continue, even in this AI era. You can review Microsoft’s privacy policy and service documentation for more information at

  8. How does Copilot respect security permissions to ensure that people get access to just the information that they can see, or that they should have the ability to see?

    The permissions model within your Microsoft 365 tenant will ensure that data will not unintentionally leak between users and groups. Copilot presents only data that each individual can access using the same underlying controls for data access used in other Microsoft 365 services. Copilot is integrated into Microsoft 365 and automatically inherits all your company’s valuable security, compliance, and privacy policies and processes.

  9. What are Microsoft’s commitments to data security and privacy?

    Grounded in users’ business data, Copilot uses cutting-edge AI to help users work across their business data in a secure, compliant, privacy-preserving way, delivering accurate, relevant, contextual results.

    Copilot large language models (LLMs) are not trained on your organisation’s tenant data. Your data never leaves its secure partition.

    Copilot automatically inherits your organisation’s security, compliance, and privacy policies for Microsoft 365. At an individual user level, Copilot works like an enterprise search today: it can access only the data to which the user already has access, enforced by the same technology that Microsoft has been using for years to secure customer data in Microsoft 365 apps.

    Microsoft 365 Copilot is deeply integrated in the productivity apps millions of people use and rely on every day for work and life: Word, Excel, PowerPoint, Outlook, Teams, and more.

    The individual user—and the admins—is always in control. Users decide what to use, modify, or discard. Microsoft will share more soon about new tools for IT admins so you can plan with confidence to enable Copilot across your organisation.

    Building responsibly: Microsoft 365 Copilot is designed for the needs of the enterprise. Microsoft’s efforts are guided by their AI principles and Responsible AI Standard and built on decades of research about grounding and privacy-preserving machine learning.

  10. What features are included in Microsoft 365 Copilot?

    It includes:

    • Foundational Capabilities.
    • Web Grounding.
    • Commercial Data Protection.
    • Priority Model Access.
    • Copilot in Outlook, Word, Excel, PowerPoint and OneNote.
    • Copilot in Teams.
    • Microsoft Graph Grounding.
    • Enterprise-Grade Data Protection.
    • Customisation via Copilot Studio.

Please check back to this blog in the next few weeks as we will update it whenever new announcements are made by Microsoft.

Got a question for us? Let us know in the comments.

Write a Comment

Talk to us

If you would like to learn more, complete the form below and one of our team will be in contact.

Your information will never be shared or sold to a 3rd party,
please read our privacy policy.