Forum Discussion
Microsoft Copilot for Microsoft 365 and web content
We have customers asking for clarity on the following excerpt from, Data, Privacy, and Security for Microsoft Copilot for Microsoft 365 | Microsoft Learn,
"Only the search query, which is abstracted from the user's prompt and grounding data, goes to the Bing Search API outside the boundary. Queries sent to the Bing Search API by Copilot for Microsoft 365 are disassociated from the user ID or tenant ID. Web search queries might not contain all the words from a user's prompt. They're generally based off a few terms used to find relevant information on the web. However, they may still include some confidential data, depending on what the user included in the prompt."
Particularly on what confidential data might the web query contain, only data from the user prompt, or might it also contain data surfaced from Graph during the grounding process?
Any information or pointers gladly accepted.
Thanks.
7 Replies
Thanks for the responses so far.
Perhaps, I need to be more clear in my question.
Will any confidential data, other than that included in the user's prompt, be sent externally as part of a web query, particularly data surfaced from Graph?
Thanks.- My understanding of this is that behind the scenes it is using web search or the former Bing Chat Enterprise which does not have access to the Microsoft Graph data so should just be the prompt information.
Again. thanks for the responses up to now.
The responses appear to be interpretation or opinion, rather than any reference to MS documentation. Unfortunately, the customers we work with won't accept, "in my opinion" or " I believe", these customers work in black and white.
The statement we are having problems with is, " The search query is based on the user’s prompt, Copilot interaction history, and relevant data the user has access to in Microsoft 365.", which would imply corporate data may be sent as part of a web search.
Is there anyone, preferably from MS, who could provide documentation or a definitive answer to exactly what data may be sent as part of a web query?
Thanks.
Hi EN-NCC,
the provided excerpt outlines how Microsoft Copilot handles data during web search queries.
When generating a query, Copilot uses terms from the user's prompt but ensures the abstraction of any personally identifiable information, such as user ID or tenant ID.
The term "confidential data" refers to sensitive information that users may include in their prompts.
When Microsoft Copilot does a web search for you, it uses words from your request but doesn't include any personal info like your ID. However, if you share sensitive stuff in your request, that might be in the search. But, Copilot is built to keep things private and secure.Hi EN-NCC,
In my understanding, if a user’s search query contains something like ‘… My [company name] has [x] employees and revenues of [y] dollars per year…’, this information could potentially become public. This can be likened to viewing confidential data on a large tablet while commuting on public transport. Confidential information is everyone responsibility.
Only my interpretation.
Kind regards,
