Skip to main content
Back to Copilot Essentials: Work Smarter in 365
Lesson 7 of 11

Keep Your Work Safe and Secure

~25 min readLast reviewed May 2026
This lesson counts toward:Run Smarter: AI for Operations LeadersGrow Faster: AI for Small TeamsWork Less, Accomplish More

Privacy and Security in Microsoft 365 Copilot

When the AI Knows Too Much: A Story About Access

In early 2024, a mid-sized financial services firm in Chicago rolled out Microsoft 365 Copilot to its 400-person workforce. The IT team was thrilled. Productivity was up. Meetings were being summarized automatically. Emails were drafting themselves in seconds. Then, three weeks in, a junior account manager used Copilot to pull together a briefing document for a new client pitch. She asked Copilot to summarize everything the company knew about a particular industry sector. The response included internal salary benchmarks from HR, confidential deal terms from a partnership negotiation, and a draft memo from the legal team marked 'privileged.' She hadn't gone looking for any of it. Copilot just found it, because she technically had access to the SharePoint folders where it lived.

No data breach occurred. No hacker was involved. The information never left the company's Microsoft 365 tenant. But the incident exposed something the firm hadn't fully considered before deployment: Copilot doesn't decide what's sensitive. It surfaces what's accessible. The distinction matters enormously. The firm had spent years building informal permission habits, shared drives with broad access, folders inherited from old projects, documents that 'everyone could technically see' but that nobody actually looked at. Copilot changed that overnight. Suddenly, a tool that could read and synthesize thousands of documents in seconds made all those informal habits visible, and consequential.

The firm paused their rollout for six weeks. They audited SharePoint permissions across every department. They created sensitivity labels for HR documents, legal files, and executive communications. They ran training sessions, not on how to use Copilot, but on what Copilot could see and why that mattered. When they restarted, adoption was smoother and the incidents stopped. The lesson their CISO shared at an internal all-hands was blunt: 'We didn't have a Copilot problem. We had a data hygiene problem that Copilot made impossible to ignore.' That sentence is the foundation of everything this lesson covers.

The Core Principle of Copilot Privacy

Microsoft 365 Copilot operates entirely within your organization's existing Microsoft 365 permissions. It can only access files, emails, chats, and documents that the user already has permission to view. Copilot does not bypass security controls, and your data is never used to train Microsoft's AI models. But, and this is critical, if your organization's permissions are too broad, Copilot will surface information that people technically can access but probably shouldn't be reading in practice.

What Copilot Can See. And Why That's Both Powerful and Sensitive

Think of Microsoft 365 Copilot like a brilliant new employee who has been given a badge that opens every door their predecessor ever opened. They're not sneaking around. They're not doing anything wrong. But if the previous occupant of that role had accumulated access to the finance shared drive, the HR onboarding folder, and the executive team's project site, all because someone said 'yes' to three separate access requests over five years, then this new employee can walk into all of those rooms. Copilot is that employee, except it can read every document in every room in about four seconds and synthesize them into a coherent summary. The badge is your Microsoft 365 login. The rooms are your SharePoint sites, OneDrive files, Teams chats, Outlook emails, and any Microsoft 365 app your organization uses.

Microsoft built Copilot on what it calls the Microsoft Graph, a massive, real-time map of all the content and connections inside your organization's Microsoft 365 environment. When you ask Copilot a question in Teams or Word or Outlook, it queries the Graph to find relevant information. The Graph respects your permissions: it only returns results from content you're allowed to see. This is called 'permission-scoped retrieval,' and it's genuinely good security design. The problem isn't the technology. The problem is that most organizations have messy, over-permissioned environments built up over years of convenience-first decisions. A SharePoint site created for a 2019 product launch might still have 200 people with edit access. A shared inbox might be readable by an entire department. Copilot doesn't create these gaps, it reveals them.

This is why Microsoft's own guidance for Copilot deployment consistently starts with a permissions audit, not a prompt training session. Before your team learns to ask Copilot good questions, your organization needs to know what Copilot is allowed to answer. For non-technical managers and team leads, this has a direct implication: if you're responsible for a SharePoint site, a Teams channel, or a shared folder, you are now effectively a data steward. The files you allow people to access aren't just files anymore, they're potential Copilot responses. That's not a reason to panic. It's a reason to be intentional.

HR Manager asking Copilot to prepare for a performance review cycle

Prompt

I'm an HR Business Partner preparing for our Q2 performance review cycle. Can you summarize what we know about the performance history, compensation changes, and any documented concerns for the marketing department over the last 18 months? Pull from any relevant documents, emails, or Teams conversations you can find.

AI Response

Here's a summary based on documents and communications available to you: **Marketing Department. Performance & Compensation Summary (Last 18 months)** **Performance Trends:** Based on the Q3 and Q4 2023 review files stored in the HR SharePoint site, three team members in the content team received 'Meets Expectations' ratings, while two senior managers received 'Exceeds Expectations.' One performance improvement plan (PIP) was initiated in November 2023 for a mid-level designer role, documentation is in the restricted HR folder. **Compensation Changes:** The 2024 salary adjustment spreadsheet (uploaded January 2024) shows the marketing department received an average merit increase of 3.2%, with two off-cycle adjustments approved in September 2023 for retention purposes. Specific figures are in the compensation tab of that file. **Documented Concerns:** A Teams thread from February 2024 between you and the Marketing Director references ongoing concerns about the content team's capacity. There is also an email chain from HR leadership in December 2023 discussing restructuring options. I can pull the key points from that if helpful. **Note:** Some documents in the HR restricted folder are labeled as 'Confidential. HR Only.' I've flagged those references but have not included their full content here, as your current permissions provide read-only access to the summary level. Would you like me to draft a briefing document for the review kickoff meeting using this information?

A Healthcare Example: Sensitivity Labels Save the Day

A regional hospital network in the Pacific Northwest began piloting Copilot for Microsoft 365 with its administrative leadership team in late 2023, specifically the operations directors, finance managers, and department heads who spend their days in Excel, Outlook, and Teams rather than clinical systems. Patient records were never in scope; those live in a separate EHR system entirely outside Microsoft 365. But the hospital's Microsoft 365 environment still contained genuinely sensitive material: union negotiation documents, credentialing files for physicians, incident reports from risk management, and budget proposals that hadn't been shared with the board yet. The privacy concern wasn't about HIPAA, it was about internal confidentiality.

Before enabling Copilot, their Microsoft 365 administrator worked with department heads to apply Microsoft Purview sensitivity labels to high-risk document categories. Labels like 'Confidential. HR Only,' 'Legal Privileged,' and 'Executive Review Only' were applied to roughly 3,000 documents across SharePoint. These labels don't just tag a document visually, they can enforce access restrictions, prevent sharing outside the organization, and signal to Copilot how to handle the content. When the pilot launched, Copilot could see labeled documents if a user had permission to access them, but the labels helped administrators audit usage and tighten permissions where needed. The result: a clean pilot with no unintended disclosures, and a replicable model that other departments adopted over the following quarter.

Copilot vs. Other AI Tools: What Makes It Different for Privacy

FeatureMicrosoft 365 CopilotChatGPT Plus (personal)Google Gemini for WorkspaceClaude Pro (personal)
Where your data goesStays inside your Microsoft 365 tenantSent to OpenAI servers; not used for training with paid planSent to Google servers; admin controls varySent to Anthropic servers; not used for training with paid plan
Can access your work filesYes. SharePoint, OneDrive, Teams, OutlookOnly if you paste content in manuallyYes. Google Drive, Gmail, Docs (with Gemini for Workspace)Only if you paste content in manually
Respects your org's permissionsYes, fully permission-scopedNot applicable, no org integrationYes, with Workspace admin controlsNot applicable, no org integration
Used to train AI modelsNo. Microsoft contractually commits to thisNo, with paid ChatGPT Plus planNo, with paid Workspace planNo, with paid Claude Pro plan
Admin controls availableYes, extensive via Microsoft 365 admin centerNo, individual tool onlyYes, via Google Workspace adminNo, individual tool only
Sensitivity label supportYes. Microsoft Purview integrationNoPartial, via Google DLPNo
Audit logs for complianceYes, full activity loggingNoYes, via Workspace adminNo
Privacy and security feature comparison across major AI tools used by professionals. Enterprise tools like Copilot and Gemini for Workspace offer organizational controls that personal AI tools cannot match.

A Sales Team's Lesson About Shared Inboxes

A B2B software company in Austin gave their 12-person enterprise sales team access to Copilot in early 2024. The sales team loved it immediately. Copilot could summarize long email threads, draft follow-up proposals, and pull together account histories in minutes. But within two weeks, a senior account executive noticed something odd. When she asked Copilot to help her prep for a call with a prospect, it surfaced internal notes from a colleague's account, a different salesperson's deal that was in a shared sales inbox the whole team had access to for coverage purposes. She could see pricing concessions her colleague had offered, the prospect's objections, and a discount structure that hadn't been formally approved yet.

This wasn't a security breach by any technical definition. The shared inbox existed precisely so the team could cover for each other. But nobody had thought through what it meant for an AI to synthesize that inbox on demand. The sales manager's fix was straightforward: they moved sensitive deal-specific communications out of the shared inbox and into individual Outlook accounts, reserving the shared inbox for logistics and scheduling only. They also created a private Teams channel for deal strategy discussions, with membership limited to the account owner and sales leadership. Two changes, made in an afternoon, with no IT ticket required. The insight, that AI makes informal access formal, is one that sales teams across industries are learning right now.

A Quick Audit You Can Do Before Monday

Open SharePoint and look at the three sites or folders your team uses most. Click 'Settings' then 'Site permissions' or 'Manage access.' Ask yourself: does everyone listed here still work here? Do they still need this access? If a site was created for a project that ended more than 12 months ago, flag it for review. You don't need IT to do this initial check, you just need five minutes and the willingness to look. What you find will tell you a lot about what Copilot can currently see on your behalf.

What This Means for How You Work With Copilot Right Now

Understanding Copilot's privacy architecture isn't about becoming a security expert. It's about developing a new instinct: before you ask Copilot to find, summarize, or compile information, ask yourself whether the answer might pull from sources that contain sensitive material. This is especially relevant when you're asking broad questions, 'summarize everything we know about this client,' 'what's our team's history with this vendor,' 'pull together the key decisions from the last six months.' These are powerful prompts. They're also prompts that can surface documents you didn't know existed or information that was meant for a smaller audience.

The practical adjustment isn't to stop asking broad questions, it's to be deliberate about where you ask them and what you do with the answers. If you're using Copilot in a Teams channel, it can see the content of that channel and any files shared there. If you're using Copilot in Outlook, it has access to your email. If you're using Copilot in a Word document, it can reference files in your OneDrive and the SharePoint sites you have access to. Each context has a different scope. Knowing that scope helps you predict what Copilot might find, and helps you decide whether to share the output with others or keep it in a working draft.

For managers specifically, there's an additional layer to consider. If you have access to performance data, compensation information, or confidential project files because of your role, Copilot can use those sources when responding to your prompts. That's appropriate when you're working alone on an HR matter or a budget analyzis. It becomes a problem if you share that Copilot-generated output with team members who don't have the same access level, or if you paste it into a Teams channel or shared document. The data governance responsibility doesn't disappear just because an AI assembled the information. You're still accountable for what you share and with whom.

Map What Copilot Can See in Your Work Environment

Goal: Build a clear, personal picture of what Microsoft 365 Copilot can access on your behalf, identify at least one area of over-permission or unintended access, and develop the habit of thinking about data scope before using Copilot for research or synthesis tasks.

1. Open your Microsoft 365 account and navigate to SharePoint. In the search bar, type your own name and look at which sites and folders appear as places where you have access, this gives you a rough map of your current permissions footprint. 2. Make a list of the five SharePoint sites or shared drives you access most frequently. Write down the name of each site and roughly what type of content lives there (e.g., 'Marketing Campaigns site, creative briefs, brand assets, campaign reports'). 3. For each site on your list, click 'Settings' and then 'Site permissions' or 'Manage access.' Note how many people currently have access to that site. 4. Identify any site where the number of people with access seems higher than you would expect, or where you see names of people who have left the team or changed roles. 5. Open Microsoft Teams and look at your three most active channels. Note whether sensitive topics, personnel issues, financial data, client confidentials, are regularly discussed in channels that have broad membership. 6. Check your Outlook: do you have access to any shared inboxes or shared calendars? Write down which ones and who else has access to the same mailbox. 7. Now write two sentences answering this question: 'If Copilot had to summarize everything in my Microsoft 365 environment right now, what is the most sensitive thing it might surface, and who else could theoretically see it?' 8. Based on your answers, identify one specific permission or access setting you want to flag for review, either to tighten your own access or to recommend a change to a site you manage. 9. Save your notes as a Word document titled 'My Copilot Access Audit, [Your Name], [Date]' and store it in your personal OneDrive as a reference point for future privacy decisions.

Key Principles From Part 1

  1. Copilot works within your existing Microsoft 365 permissions, it doesn't bypass security, but it makes all existing access immediately and powerfully actionable in ways that weren't possible before.
  2. Your organization's data never leaves your Microsoft 365 tenant when you use Copilot, and Microsoft does not use your content to train its AI models, this is a contractual commitment, not just a policy statement.
  3. The most common Copilot privacy risk is not a technical vulnerability, it's overly broad permissions that have accumulated over time through convenience-first decisions, now made visible by a tool that can synthesize thousands of documents instantly.
  4. Microsoft Purview sensitivity labels are the primary tool for flagging and protecting high-sensitivity content within Microsoft 365, applying them before Copilot deployment is a best practice, not an afterthought.
  5. Compared to personal AI tools like ChatGPT Plus or Claude Pro, enterprise tools like Microsoft 365 Copilot offer significantly more organizational control, including admin oversight, audit logs, and permission-scoped retrieval, but require active management to work safely.
  6. Every professional using Copilot carries a data stewardship responsibility: the AI can surface information, but the human decides what to share, with whom, and in what context.
  7. Simple, non-technical actions, auditing SharePoint permissions, reviewing shared inbox usage, moving sensitive discussions to appropriately restricted channels, can dramatically reduce unintended information exposure before any IT involvement is needed.

When Good Intentions Create Real Risks

In early 2024, a mid-sized UK law firm rolled out Microsoft 365 Copilot to its 200-person team. The goal was straightforward: help fee earners draft documents faster, summarize case notes, and prepare client communications. Within six weeks, a partner noticed something alarming. When she asked Copilot to summarize 'everything relevant to the Henderson acquisition,' the AI surfaced internal memos, salary data for two associates, and a confidential settlement figure from a completely different client matter, all because those files had been saved in a loosely organized shared folder that the partner technically had access to. Nobody had done anything malicious. The data hadn't been breached. But sensitive information had been assembled and presented in a way that nobody intended.

The firm's IT lead called it a 'permissions sprawl' problem. Over years of normal work, documents had accumulated in shared drives with overly broad access settings. Nobody had thought twice about it because humans searching manually would never stumble across salary data while researching an acquisition. Copilot, however, doesn't stumble, it searches everything it can reach, instantly, and presents the most relevant results. The AI was working exactly as designed. The vulnerability was in the organization's data hygiene, not the tool itself. This distinction matters enormously for how you think about Copilot in your own workplace.

The law firm's story illustrates a principle that runs through every Copilot deployment: the AI amplifies whatever data access structure already exists. If your organization has clean, well-permissioned data, Copilot is a powerful and safe assistant. If your organization has years of accumulated shared folders, misrouted emails saved to group drives, and documents sitting in places nobody remembers, Copilot will surface all of it, to anyone who asks the right question. Understanding this isn't about being afraid of the tool. It's about knowing what to look at before and after you start using it seriously.

The Principle Behind the Law Firm Story

Microsoft 365 Copilot strictly respects your organization's existing permissions. It cannot access files a user doesn't already have permission to see. The risk isn't that Copilot bypasses security, it's that many organizations have broader permissions than they realize. Copilot makes those existing gaps visible and actionable in ways that manual browsing never would. Your IT or compliance team can run a Microsoft 365 data access review to identify overshared content before Copilot deployment.

The Oversharing Problem Most Teams Don't Know They Have

A regional hospital network in the United States faced a similar revelation when piloting Copilot for its administrative teams. HR managers were using Copilot to draft internal communications and summarize policy documents, entirely appropriate use cases. But during testing, one HR coordinator asked Copilot to help her 'find information about employee leave policies and any recent exceptions.' The AI returned not only the policy documents she expected but also several email threads from a shared departmental inbox where individual leave cases had been discussed by name. Those emails were accessible to the entire HR team, which was technically correct, but the coordinator hadn't realized how much case-specific detail was sitting in that shared inbox, and she certainly hadn't expected Copilot to connect it all in one response.

This is the oversharing problem. It's not a Copilot bug. It's the natural consequence of years of collaborative work where 'share with the team' became the default and nobody audited it afterward. For HR teams, finance departments, legal teams, and anyone handling personnel data, this is the conversation to have with your IT department before you start using Copilot at scale. The good news: Microsoft provides tools specifically for this. SharePoint Advanced Management and Microsoft Purview can help your organization identify where sensitive content is sitting with broader access than intended.

The hospital network's response was practical and non-technical. They created a simple policy: any document containing individual employee names combined with leave, performance, or compensation information had to be stored in a dedicated HR-only SharePoint site with restricted access. Existing documents were moved over three weeks. No coding required, no new software purchased, just deliberate folder structure and access settings managed through the standard SharePoint interface. After that cleanup, Copilot became a genuine productivity tool for the HR team without the unintended disclosure risk.

HR Manager Drafting a Policy Summary. Copilot in Word

Prompt

Summarize our current remote work policy document and highlight any sections that have been updated in the last 12 months. Then draft a plain-English summary I can send to new employees in their onboarding pack. Keep the tone friendly and clear, avoid jargon, and keep it under 300 words.

AI Response

**Remote Work Policy. Summary for New Employees** Welcome to the team! Here's what you need to know about working remotely at [Company Name]. **Your Eligibility** Most roles are eligible for hybrid or fully remote arrangements after your first 90 days. Your manager will confirm your specific setup during onboarding. **Core Hours** All employees are expected to be available and responsive between 10:00 AM and 3:00 PM in their local time zone, Monday through Friday. Outside those hours, you manage your own schedule. **Equipment and Expenses** The company provides a laptop and necessary software. A one-time £300 home office allowance is available after six months of employment, submit your receipts through the expenses portal. **What's Changed Recently** Two sections were updated in the past 12 months. First, the data security requirements now require that all work on client files must be done through the company VPN, personal cloud storage like Dropbox or Google Drive is not permitted for work documents. Second, the travel-to-office reimbursement policy was clarified: travel is reimbursed only when you're asked to come in by your manager, not for voluntary office visits. **Your Responsibilities** You're responsible for maintaining a workspace that's private enough for confidential calls, keeping your equipment secure, and logging your hours accurately in the HR system. If you have questions about your specific arrangement, your first point of contact is your line manager, followed by HR at hr@[company].com. *This summary reflects the policy as of March 2024. Always refer to the full policy document on the intranet for complete details.*

How a Retail Chain Learned to Think About Prompt Privacy

A 40-store UK retail chain introduced Copilot to its head office team in late 2023. Marketing managers loved it for campaign briefs. Operations used it to summarize supplier emails. The CEO's EA used it to prepare board meeting agendas. But within the first month, the operations director noticed that her team was pasting entire supplier contracts, including pricing terms and exclusivity clauses, directly into Copilot prompts to get summaries. She raised a flag immediately. Not because Copilot would leak the data externally, but because she wanted her team to understand what they were doing and why it mattered to be deliberate about it.

Her concern was specific. The retail chain's Microsoft 365 Copilot was deployed under Microsoft's commercial data protection terms, which means prompts and responses are not used to train AI models and are not shared with Microsoft beyond what's needed to process the request. That's a strong protection. But the contracts being pasted into prompts were now part of chat histories that, depending on the organization's settings, could potentially be visible to IT administrators or retained in audit logs. The question wasn't 'is Copilot stealing our supplier data?', it wasn't. The question was 'do our team members understand where their prompts go and who might see them?' That's a governance question, not a technology question.

What Actually Happens to Your Prompts

ScenarioWhere the Prompt GoesUsed to Train AI?Admin VisibilityData Leaves Microsoft?
Copilot in Microsoft 365 (commercial)Processed within your Microsoft 365 tenantNo, explicitly excludedIT admins can access via audit logs if configuredNo, stays within Microsoft's commercial boundary
Copilot free/consumer version (personal account)Processed by Microsoft AI servicesMay be used for improvement unless opted outNo organizational admin oversightPotentially, check Microsoft's consumer privacy policy
ChatGPT free (OpenAI)Sent to OpenAI serversYes, by default (can opt out in settings)No admin oversightYes, processed by OpenAI outside your org
ChatGPT EnterpriseProcessed by OpenAI with enterprise termsNo, contractually excludedAdmin dashboard availableYes, but under enterprise data agreement
Claude Pro (Anthropic)Sent to Anthropic serversNot used for training by defaultNo admin oversight unless enterprise planYes, processed by Anthropic
Microsoft Copilot for Microsoft 365 with PurviewProcessed within tenant with full audit trailNoFull admin visibility and retention policiesNo, fully within Microsoft compliance boundary
Where your prompts go depends on which tool and which plan you're using. For regulated industries, the difference between consumer and commercial plans is significant.

A Finance Director's Wake-Up Call About Tool Choice

2023

Historical Record

Mark Osei

In early 2023, Mark Osei, a finance director at a mid-sized manufacturing company in the West Midlands, began using the free version of ChatGPT to draft board reports and analyze budget variances by copying in spreadsheet data and revenue figures.

This illustrates the risk of using consumer-grade AI tools with enterprise data without proper data processing agreements or organizational approval.

Mark hadn't broken any laws. OpenAI's consumer terms are publicly available and he'd agreed to them. But he had unknowingly shared financially sensitive company data with a third-party AI service under consumer-grade privacy terms, without his company's knowledge or a formal data processing agreement in place. His company's legal team was not pleased. The episode became the catalyst for a formal AI tool policy, a one-page document specifying which AI tools were approved for which types of content. Microsoft 365 Copilot was approved for all internal work including financial data. Consumer AI tools were restricted to non-sensitive tasks like research and general writing. It was a clear, practical policy that didn't require technical expertise to follow.

Free AI Tools and Sensitive Data Don't Mix Well

Consumer versions of AI tools, including free tiers of ChatGPT, Google Gemini, and others, typically process your prompts under consumer privacy terms, not enterprise data agreements. That means financially sensitive figures, personnel information, client data, and proprietary business content should never be pasted into a free AI tool without checking the privacy settings first. Microsoft 365 Copilot, when deployed through your organization's commercial Microsoft 365 subscription, operates under Microsoft's enterprise data protection commitments. When in doubt, ask your IT or legal team which tools are approved for which types of content.

Putting It Into Practice: Building Your Own Guardrails

You don't need to wait for your IT department to hand you a policy document to start working more safely with Copilot. There are practical habits any professional can adopt immediately. The most useful is what experienced Copilot users call the 'minimum necessary' principle: only include in your prompt what Copilot genuinely needs to give you a useful response. If you're asking Copilot to help you draft a performance review, you don't need to paste in the employee's entire HR file, describe the situation in general terms and use Copilot's output as a structural starting point that you then personalize with your own knowledge. This keeps sensitive specifics out of the prompt while still getting the productivity benefit.

The second practical habit is understanding your organization's Copilot configuration. Microsoft 365 Copilot gives administrators significant control over what the tool can access and how interactions are logged. Some organizations configure Copilot so that chat history is retained for compliance purposes; others disable it. Some restrict Copilot from accessing certain SharePoint sites. Your IT team should be able to tell you in plain terms what your organization's settings are. If they haven't communicated this to your team yet, asking the question is itself a useful contribution, it prompts a conversation that should be happening anyway.

The third habit is treating Copilot's outputs with appropriate professional judgment. When Copilot surfaces information you didn't expect, a document you'd forgotten existed, an email thread from three years ago, a figure from a report you didn't know was in scope, pause before acting on it. Ask yourself whether that information should be part of what you're working on. If you're not sure, check with the document owner or your manager before incorporating it. This isn't about distrusting the tool; it's about maintaining the same professional judgment you'd apply to any research process. Copilot finds things fast. You still decide what to do with them.

Audit Your Own Data Footprint Before Using Copilot at Scale

Goal: Identify your current data exposure before using Copilot broadly, establish clean permissions habits, and create a personal prompt safety reference you can apply immediately.

1. Open SharePoint in your browser and navigate to 'My Files', this shows all files you've created or own. Scroll through and note any files that contain sensitive content: personnel information, financial figures, client data, or confidential strategy documents. 2. For each sensitive file you identify, check the sharing settings by right-clicking the file and selecting 'Manage Access.' Note whether it's shared with specific people, a broad group, or 'Anyone with the link.' 3. For any file that has broader access than you'd be comfortable with if Copilot surfaced it in a colleague's response, change the permissions. Select 'Manage Access,' remove unnecessary sharing, and confirm the change. 4. Open Microsoft Teams and go to any team channels you're a member of. Click 'Files' in each channel and quickly review what's stored there, these files are accessible to all channel members and therefore to Copilot for all those users. 5. Identify one SharePoint folder or Teams channel where you suspect documents may be stored more broadly than intended. Flag this to your manager or IT contact with a specific note: 'I'd like to review access settings on this folder before our team uses Copilot more actively.' 6. Open a Word document or a new Copilot chat and write a short test prompt asking Copilot to 'summarize recent documents related to [a project you're working on].' Review what it surfaces, this gives you a real sense of what Copilot can reach. 7. Based on what you find, write three bullet points describing your own 'minimum necessary' prompt habits: what types of content you'll describe in general terms rather than paste directly, what types of files you'll check permissions on first, and which AI tools you'll use for which categories of work. 8. Share your three bullet points with one colleague and invite them to do the same exercise, comparing notes often surfaces permissions issues neither person spotted alone. 9. Save your bullet points as a personal reference document titled 'My Copilot Privacy Habits', you'll refine this further in Part 3.

Key Lessons from Part 2

  1. Copilot amplifies your existing permissions structure, it doesn't bypass security, but it makes existing data access gaps visible and actionable in ways manual searching never would.
  2. The 'oversharing problem' is common in organizations that have used shared drives and group inboxes for years without auditing access settings. Copilot makes this a practical risk rather than a theoretical one.
  3. Prompts sent through Microsoft 365 Copilot (commercial) are not used to train AI models and stay within your Microsoft tenant boundary, this is a contractual commitment, not just a setting.
  4. Consumer-grade AI tools (free ChatGPT, personal Gemini accounts) operate under different privacy terms, sensitive business data should not be pasted into these tools without checking the terms and your organization's policy.
  5. The 'minimum necessary' principle is your most practical daily habit: include only what Copilot genuinely needs in your prompt, describe sensitive specifics rather than pasting them directly.
  6. Understanding your organization's Copilot configuration, what it can access, how interactions are logged, what's restricted, is a legitimate question to ask your IT team, not a technical burden to carry yourself.
  7. Professional judgment remains your responsibility: when Copilot surfaces unexpected information, you decide whether it belongs in your work before you act on it.

When Good Intentions Aren't Enough: Putting Privacy Controls Into Practice

In early 2024, a mid-sized UK law firm rolled out Microsoft 365 Copilot to its associates. The goal was straightforward: faster document drafting, quicker research summaries, less time on admin. Within three weeks, a junior associate used Copilot to summarize a client matter file, not realizing the file was accessible to everyone in the firm due to a permissions setting that had never been audited. The summary appeared in a Copilot response visible to a colleague working on a competing client. No data left Microsoft's servers. No external breach occurred. But confidential legal strategy crossed an internal boundary it never should have crossed. The firm's IT team hadn't misconfigured Copilot. They'd simply never reviewed who could see what.

This story isn't about Copilot failing. It's about Copilot doing exactly what it was designed to do, surface relevant information efficiently, in an environment where the underlying permissions hadn't been cleaned up first. The AI was a mirror. It reflected back the access problem the firm already had, just faster and more visibly than before. The partners who were frustrated with Copilot after this incident were, in reality, frustrated with years of undisciplined file sharing finally becoming impossible to ignore.

The principle this unlocks is simple but easy to miss: Copilot doesn't create your data risks, it amplifies whatever risks already exist in your Microsoft 365 environment. That's both a warning and an opportunity. If your permissions are clean, your sensitivity labels are applied, and your policies are configured, Copilot becomes a powerful and relatively safe productivity tool. If those foundations are shaky, Copilot will surface the cracks faster than any manual process ever could. The law firm eventually used this incident as the trigger to do a full SharePoint permissions audit, something they'd been putting off for two years.

What Copilot Can and Cannot Access

Copilot only accesses content that the signed-in user already has permission to see. It cannot access files shared with other users but not with you. However, it CAN access any file in your OneDrive, any SharePoint site you're a member of, any email in your mailbox, and any Teams chat you're part of, including old content you may have forgotten about. This is why reviewing your own sharing settings matters, not just your organization's.

Three Layers of Protection. And Where Each One Lives

A regional hospital network in the US faced a different challenge when deploying Copilot for its administrative staff. HR coordinators wanted to use Copilot in Word to draft employee performance summaries. Legal flagged that some of those documents contained protected health information for staff members who were also patients, a situation common in healthcare. The solution wasn't to block Copilot entirely. The IT and compliance team worked together to apply Microsoft Purview sensitivity labels to all HR files containing dual-status patient-employee data. Those labels restricted Copilot from summarizing or referencing that content, even when the HR coordinator technically had file access.

This example shows the second layer of Copilot's privacy architecture: sensitivity labels. Where permissions control who can open a file, sensitivity labels control what Copilot can do with a file's contents. A document marked 'Highly Confidential' can still be opened by an authorized user, but Copilot will not include its contents in summaries, drafts, or responses. The label travels with the document, even if it's forwarded, copied, or moved. For the hospital, this meant HR could keep using Copilot for routine drafting while sensitive records stayed protected without anyone having to remember which files were which.

The third layer is audit logging. Every Copilot interaction, every prompt, every response, is logged in Microsoft Purview's audit tools. This isn't about surveillance of employees. It's about accountability and incident response. If something does go wrong, compliance teams can trace exactly what was asked, what data was referenced, and what was produced. For the hospital, this logging capability was what finally convinced their legal team to approve the Copilot rollout. They needed to know that if a question ever arose about how a document was created, there would be a record.

HR Manager. Drafting a Performance Summary Safely

Prompt

I need to write a mid-year performance summary for a team member, Marcus Okafor, who is a senior account coordinator. He has exceeded his client retention targets by 18%, received three written commendations from clients, and has been leading onboarding sessions for new hires. He needs development in written communication, his client emails sometimes lack clarity. Draft a professional, balanced performance summary I can use as a starting point.

AI Response

Mid-Year Performance Summary. Marcus Okafor, Senior Account Coordinator Marcus has delivered a strong first half of the year, demonstrating clear impact in client retention and team development. His client retention rate exceeded the target by 18%, a result that reflects both his relationship-building skills and his consistent follow-through on client commitments. This achievement has been recognized directly by clients, with three formal written commendations received during this period, a meaningful indicator of the trust he has built. Beyond his individual targets, Marcus has taken on a visible leadership role by leading onboarding sessions for new hires. This contribution extends his impact beyond his core responsibilities and speaks to his investment in the team's success. For the second half of the year, one development priority stands out: written communication. Client-facing emails would benefit from greater clarity and conciseness. Focused attention here, whether through peer feedback, structured templates, or a short writing course, would strengthen an already strong performance profile. Overall, Marcus is performing at a high level and is well-positioned for continued growth. This summary is recommended as a starting point for your conversation with him, adjust tone and specific details as needed before finalizing.

The Sales Team That Almost Shared Too Much

A B2B software company in Australia was using Copilot in Teams to generate meeting summaries after sales calls. One account executive noticed that when she asked Copilot to 'summarize everything we know about this prospect,' the response pulled in notes from a deal that a colleague had been working on with the same parent company, notes that included pricing concessions and negotiation strategy that were never meant to be shared across the sales team. The files were in a shared SharePoint sales channel. Everyone on the team had access. Copilot did nothing wrong. But the AE now knew her colleague's bottom-line number before a joint pitch meeting.

The sales director's response was practical. She worked with IT to create a dedicated private channel for each major deal, with access limited to the deal team. Sensitive negotiation documents were moved there and labeled accordingly. Within a week, the problem was structurally solved, not by restricting Copilot, but by fixing the access architecture that had been sloppy for years. The AE who surfaced the issue got a thank-you note. The real lesson: Copilot prompts are excellent at revealing where your information governance is looser than you thought.

Protection LayerWhat It ControlsWho Manages ItWhere You See It
Microsoft 365 PermissionsWho can open and access filesIT Admin or file ownerSharePoint, OneDrive, Teams channels
Sensitivity Labels (Purview)What Copilot can do with file contentsIT Admin / Compliance teamLabel banners on documents and emails
Audit LoggingRecord of all Copilot interactionsCompliance / IT AdminMicrosoft Purview audit portal
Data Residency SettingsWhere your data is physically storedIT Admin at tenant levelMicrosoft 365 Admin Center
Copilot Tenant ToggleWhether Copilot is active at allIT AdminMicrosoft 365 Admin Center
The five layers of privacy and security control in Microsoft 365 Copilot, and who owns each one.

What You Can Actually Do Right Now

A secondary school principal in Canada used this realization productively. After attending a Microsoft training session on Copilot, she spent 30 minutes reviewing her own OneDrive. She found three folders of staff appraisal documents that had been shared with the whole school's Teams environment years earlier, probably by accident during a file migration. She'd never have checked without the Copilot context making the risk feel real. She fixed the permissions herself in under ten minutes. No IT ticket required. This is the personal-level action that complements whatever your IT team is doing at the organizational level.

You don't need admin rights to protect yourself. You can audit your own OneDrive sharing settings today. In OneDrive, click 'My Files,' then look for files with the 'Shared' indicator. For any file shared more broadly than it needs to be, click the share settings and revoke or narrow access. This takes minutes and directly reduces what Copilot could surface from your files in someone else's session, or what it might surface in yours from files others have left open. Think of it as tidying your desk before a colleague sits down at your computer.

The broader habit to build is treating sensitivity as a property of content, not just a property of the person receiving it. When you create a document, ask: who genuinely needs access to this, and for how long? When you save meeting notes in Teams, consider whether they belong in a general channel or a private one. These aren't Copilot-specific habits, they're good information hygiene that Copilot makes more urgent. Professionals who build these habits now will be far better positioned as AI tools become more embedded in daily work.

Your Personal Copilot Privacy Checklist

Before your next Copilot session: (1) Check that any sensitive documents you're working with are shared only with people who need them. (2) Avoid typing real client names, employee names, or financial figures into Copilot prompts unless your organization has confirmed its data handling policies. (3) If a Copilot response surfaces information you didn't expect, especially about colleagues or clients, flag it to your IT or compliance team rather than ignoring it. One flagged incident prevents ten future ones.
Personal Privacy Audit: Your OneDrive and Teams Files

Goal: Identify and fix any over-shared files in your Microsoft 365 environment that Copilot could inadvertently surface, using only your existing access and free tools.

1. Open OneDrive in your browser (onedrive.com or via Microsoft 365) and click 'My Files' in the left panel. 2. Look for any files or folders showing a 'people' icon or the word 'Shared' next to them, these are files with active sharing links or permissions. 3. Click on one shared file, then click the 'Share' button or 'Manage Access' option to see exactly who has access. 4. For any file shared more broadly than necessary (e.g., 'Anyone with the link' or a large group), click the permission and select 'Stop Sharing' or change it to specific named individuals. 5. Open Microsoft Teams and navigate to any Team or channel you're a member of. Click 'Files' at the top of a channel and review what documents are stored there, note any that contain sensitive information. 6. For sensitive files in Teams channels, consider whether they belong in a private channel instead. If so, flag this to your team lead or IT contact with a specific recommendation. 7. Open a free AI tool (ChatGPT at chat.openai.com or Claude at claude.ai) and type: 'I manage [your role] at a [your industry] organization. Write me a short personal policy, 5 bullet points, for how I should decide what files to share broadly vs. keep restricted in Microsoft 365.' 8. Review the AI-generated policy, edit it to reflect your actual context, and save it as a reference document in your OneDrive. 9. Share your personal policy with one colleague and invite them to do the same audit, peer accountability makes the habit stick.

Key Lessons from This Section

  1. Copilot amplifies your existing data access structure, it doesn't create new risks, but it makes existing ones visible and faster-moving.
  2. Three layers protect your data: permissions (who can access files), sensitivity labels (what Copilot can do with content), and audit logging (what happened and when).
  3. Your data stays within your Microsoft 365 tenant and is not used to train Microsoft's AI models, but internal oversharing is still a real risk.
  4. You don't need IT admin rights to improve your own privacy posture, reviewing and fixing your OneDrive sharing settings is something any professional can do today.
  5. When Copilot surfaces unexpected information, treat it as a signal to fix your permissions, not a reason to distrust the tool.
  6. Building sensitivity-aware habits now, asking who needs access to this, and for how long, prepares you for a future where AI tools are even more deeply integrated into daily workflows.

Takeaways

  • Microsoft 365 Copilot operates entirely within your organization's Microsoft tenant, your prompts and data are not sent to external AI training systems.
  • Copilot can only access what you already have permission to see, which means your permissions structure is your first and most important line of defense.
  • Microsoft Purview sensitivity labels add a second layer of control, preventing Copilot from using the contents of labeled documents even when a user has file access.
  • Every Copilot interaction is logged in Microsoft Purview's audit system, giving compliance teams a full record for incident response and accountability.
  • Non-technical professionals can take meaningful privacy action today by auditing their own OneDrive sharing settings and reviewing files stored in Teams channels.
  • The organizations that get the most from Copilot safely are those that treated the deployment as a trigger to fix long-standing information governance habits, not those who simply switched it on and hoped for the best.

Featured Reading

This lesson requires Pro

Upgrade your plan to unlock this lesson and all other Pro content on the platform.

Upgrade to Pro

You're currently on the Free plan.

Practice this in a lab

AI or Not? Making the Right Call on the Hospital Floor

beginner · 8 min

Prompt a First Draft: Retail Training Document

beginner · 10 min