Forum Discussion
Copilot chat: Does (dis)like expose data?
We have some questions/concerns from customers about the (dis)like functionality in Copilot Chat.
The main question is: "What happens with the data/chat when using this functionality? And can we turn it of?".
Let's break it down in some sub questions:
1.) What happens when you use this? Does it train the model? Adjust it responses to the user?
2.) MS will use it as feedback. In what way? Do they read the chat and/or content from to analyze the issue?
3.) Is it possible to disable this functionality for all users in the tenant? (Copilot Studio allows this for a custom agent).
4.) Is the behavior different for License and non-licensed users? (work vs web)
This is mainly a security concern, because some customers don't allow data to leave the tenant or don't want to have risk for accidental data leaks.
3 Replies
hi Yarrick Good questions , this comes up quite a bit, especially from a security/compliance angle. Here’s how it works today (at a high level):
1) What happens when you click like/dislike? Does it train the model?
No-your organization’s data is not used to train the foundation models.When you use like/dislike in Copilot Chat:
- It captures a feedback signal (helpful / not helpful)
- It may include the prompt + response context to understand what went wrong/right
But this is used to improve the service, not to retrain the model on your tenant’s data or personalize responses to a specific user.
2) How does Microsoft use this feedback? Do humans read it?
Feedback is used for:- Identifying quality issues (bad responses, hallucinations, tone, etc.)
- Improving product behavior and safety systems
In some cases:
- Limited, controlled human review may happen for debugging/improvement
- This is done under Microsoft’s compliance and privacy controls
So yes, the content can be reviewed, but it’s not open-ended access, it’s governed and audited.
3) Can we disable like/dislike for the tenant?
- For Copilot Chat (M365 / web) → there is no standard tenant-level switch today to completely remove the like/dislike UI
- For custom solutions (Copilot Studio agents) → you can control or disable feedback mechanisms
Workaround:
- Some orgs handle this via user guidance / policy, rather than technical enforcement
4) Licensed (work) vs non-licensed (web) , is there a difference?
Yes, this is important:- Work (M365 Copilot / enterprise)
- Covered by enterprise data protection
- Data stays within the service boundary
- Not used for model training
- Web / consumer Copilot
- Feedback may be used more broadly to improve services
- Different data handling terms apply
So from a security standpoint, enterprise Copilot is the safer, governed environment.
Security takeaway:
- Feedback does not train models on your tenant data
- It may include prompt/response content for service improvement
- There’s no full disable option (yet) in M365 Copilot Chat
- For strict environments, recommend:
- User awareness (“don’t include sensitive data in feedback”)
- Use of enterprise Copilot over public web Copilot
- Consider custom Copilot Studio solutions if tighter control is required
Bottom line:
The like/dislike feature is a feedback mechanism, not a data exfiltration channel, but it can send snippets of conversation to Microsoft for quality improvement, so it’s something to account for in strict compliance environments.Hi Yarrick ,
Here's my POV!
For 1 & 2. When a user clicks on dislike/like button, it is captured as feedback telemetry which does not directly train the foundation model. It is used by Microsoft to improve response quality over time and identify problematic responses. When the feedback is submitted, it can include Conversation context (some metadata like Conversation ID).
3. In custom agents built via Microsoft Copilot Studio, you can go to Copilot Studio, select the agent where you wish to turn the user feedback off. Go to Settings -> Generative AI -> User feedback section. Turn the toggle button off next to "Collect user reactions to agent messages". This can be one of the approach to ensure compliance.
4. For Licensed users, the feedback is handled under enterprise-grade protections while for unlicensed, the data may be used for service improvement.
Note: You can monitor and reduce the risk of sensitive data exposure by using Data Loss Prevention (DLP) policies in Microsoft Purview. However, DLP does not disable the functionality at a tenant level completely. It works as a governance and protection layer.
Hi Yarrick,
Here is my POV.
1 & 2. When a user clicks on dislike/like button, it is captured as feedback telemetry which does not directly train the foundation model. It is used by Microsoft to improve response quality over time and identify problematic responses. When the user feedback is submitted, it can include Conversation metadata like Conversation ID.
3. In custom agents built via Microsoft Copilot Studio, you can go to Copilot Studio, select the agent where you wish to turn the user feedback off. Go to Settings -> Generative AI -> User feedback section. Turn the toggle button off next to "Collect user reactions to agent messages".
This can be one of the approach to ensure compliance.
4. For Licensed users, the feedback is handled under enterprise-grade protections while for unlicensed, the data may be used for service improvement.
Note: You can monitor and reduce the risk of sensitive data exposure by using Data Loss Prevention (DLP) policies in Microsoft Purview. However, DLP does not disable the functionality at a tenant level completely. It works as a governance and protection layer.
