Is Copilot going to leak my data to the rest of the world? (And other burning questions).

While Copilot is very possibly the most exciting and transformative technology to impact life since the internet, it does come with fishhooks. Like security.

Copilot thrives on data, but you most definitely don’t want it to share your business data back to its LLM (large language model). For example, the last thing you want is a competitor asking Copilot what your P&L was for 2023, and Copilot serving up the answer.

To give context, Copilot is the chatbot that interfaces between you and a massive artificial intelligence (AI) program (aka LLM) that can recognise and generate text. The more data in the program, the better it’s ‘trained’ to provide accurate textual responses to the questions or tasks you – and everyone else – give to Copilot. Which is great, until it isn’t.

Currently, there are two versions of Copilot: a free ‘preview’ you get with Windows 11 (Microsoft Copilot) and a paid version available to Microsoft 365 subscribers (Copilot for Microsoft 365). And we’re getting lots of questions about both versions.

When Microsoft Copilot first started popping up as a free tool with Windows, there was no option to set the level of data privacy. What you voluntarily shared with Copilot, you, in effect, could theoretically be sharing with the world. It was definitely a case of ‘user beware.’

But on the positive side, Microsoft Copilot doesn’t have (then or now) access to your organisational data in OneDrive, Outlook, etc. The only data it accesses is from the public internet.

Unlike the first freebie version, the latest Copilot for Windows 11 users now comes with Microsoft’s Commercial Data Loss feature. More on that later.

(What’s a preview, you ask? It’s basically a prototype – so the features aren’t finalised – it’s there for you to try out and provide feedback on. And an FYI here – while the preview is served up by default, if you don’t want to use it, you can remove it from your taskbar. If you want it gone altogether, just lodge a support ticket, and we’ll take care of it for you )

This super-duper version comes as an optional extra for Microsoft 365 users – in other words, you need to pay a monthly subscription fee per user to use Copilot within your Basic, Standard, or Premium M365 version.

Given the power of this version of Copilot to pull information from your other applications and services, including Teams, Outlook, and Word, security is a big deal. However, Copilot for Microsoft 365 is bound by specific security, privacy, and compliance features determined by both your own internal access settings and by Microsoft 365 itself.

Commercial data protection in Microsoft Copilot (the freebie) safeguards both your user and organisational data. For example, unlike a browser, Copilot doesn’t retain your chat history, prompts or responses. It also doesn’t use your chat data to train the LLM. Copilot also uses Microsoft Entra ID (this used to be called Azure Active Directory) for authentication – so your team can only use Copilot with their work accounts.

Copilot’s Commercial Data Loss feature is also included (at no extra cost) as part of your Microsoft 365 Business Standard, Premium, or Basic subscription. So, if you feed company-specific data into your instance of Copilot for Microsoft 365, it doesn’t share it with the LLM.

Given that all Copilots come with the Commercial Data Loss  feature, we can hear you asking: “Why do we need a subscription to Copilot for Microsoft 365 – can’t we just use the Windows 11 one?”

Here’s the answer: Only Copilot for Microsoft 365 provides you with access to all the data within the Microsoft 365 Graph in your tenant – which is critical if you have strict geographic or tenant boundaries for your data. The freebie Copilot also doesn’t give you access to generative AI capabilities from your Microsoft 365 applications like Teams, Outlook, Word, Excel and more, so you’re missing out on significant productivity gains.

And, as mentioned earlier, Copilot for Microsoft 365 comes with enterprise-grade security, privacy and compliance, and you can configure the settings to comply with your service boundary.

Plus – as a bonus – you can create plugins to your data and automation using Copilot Studio.

As always, you’re welcome to contact us if you need to hear this in plain language!