Microsoft 365 Copilot AMA

1. Where is IT guidance documentation on setting up, managing, governing, and / or disabling the Copilot features? Check out this blog post on getting ready for Copilot. During the EAP, admins will be able to manage Copilot licenses as they typically do. More documentation and details on controls will be provided as they are made available. 2. My IT leadership is very worried about what happens to company data when it is leveraged by Copilot / GPT. Where is the LLM in relation to our tenant? Does our data and/or prompts leave our geographic region? Is our corporate data used to train the AI? We will need more than assurances here. I would like to see technical documentation explaining exactly what is done with our data. Copilot is built on top of and integrated with Microsoft 365. This integration enables you to take advantage of the existing Microsoft security, compliance, and privacy solutions that you’ve already deployed in your organization as well as other controls that may be made available to help you configure the use of Copilot as appropriate for your organization. Customer data is not used to train the LLM models. Check out this article on privacy and security for more info: https://go.microsoft.com/fwlink/p/?linkid=2239751 3. What security controls are available, to make sure 3rd parties / unauthorized users do not have access to our data? What steps can be taken to mitigate the risk of an insider threat, e.g. an employee who can now more easily find trends of information where previously they only had access to Search or Discovery. The scenario one security guy posed to me was, "With Copilot, could they say "find everything you have on Project X-Ray"; and even though the project is kept secret from employees, they could still figure it out? This is assuming that the information is out there and they have access to it, but it's obfuscated. The permissions model within your Microsoft 365 tenant can help ensure that data won't unintentionally leak between users, groups, and tenants. Microsoft 365 Copilot presents only data that each individual can access using the same underlying controls for data access used in other Microsoft 365 services. Check out this blog article for tips on preventing oversharing https://aka.ms/AAlj6ef 4. I know you probably can't answer licensing questions yet, but based on what I've seen in the MS Mechanics videos, I'd assume that Copilot is a premium and won't be broadly available. Will there be any free or "seed" versions of Copilot? More information on licensing/pricing/availability to come. 5. Are there policies / controls to completely disable Copilot? The EAP is a paid preview program for a limited set of users, assigned by the admin. More documentation and details on controls will be provided as they are made available. 6. At the application level, is Copilot an add-in that could be disabled or governed by policy? Or is it integrated into the app as a feature? Copilot will be available as a separate product. More documentation and details on licensing and controls will be provided as they are made available. 7. Is Copilot for web applications only, or will desktop apps have that capability? What is the offline experience? Copilot will be available for Microsoft 365 web, mobile, and desktop apps. There will not be an offline experience.

The team will answer these questions and more at our AMA but take a look at all our technical readiness guidance and video series at https://adoption.microsoft.com/copilot. That is a great place to get started. In general though Microsoft 365 Copilot will respect the user based permissions you have in your tenant like any other Microsoft service. So, in your example above if you don't have access to Project X-Rey Copilot can't summarize that for you or use those documents. You can read more on that at the documentation links and guidance above and we will continually update that page as more guidance, customer use cases and content becomes available.

They have stated in the documentation, that if the OpenAI instance has to high utilization the LLM prompt CAN be sent to another region (but within the same region) such as for EU based tenants that prompt will never leave the EU, but data from a West Europe based tenant can be sent to another OpenAI instance within EU.

1. From watching a few videos Microsoft have hosted recently, it looks like there will be a "getting ready" stage for businesses where information will be communicated and companies will be given an opportunity to go through a "readiness" check on their data etc. --- 2. UNKNOWN but Microsoft do say that "your data is your data" and the model will not have access to your data nor will it be trained using your information. --- 3. Part of the readiness stage will be ensuring that employees are set up in a way where they cannot access specific sections of the SharePoint / report so should not be able to find information they're not meant to see. --- 4. You need an Enterprise or Business license and it seems from videos there will be an additional cost for Copilot licenses. --- 5. UNKNOWN --- 6. UNKNOWN --- 7. It seemed that Copilot would be on desktop applications as they pointed out you'd need to be on the "new Outlook" and it wouldn't work with the old version / layout (which is a shame). --- Offline Experience: Unknown, I imagine limited to none-existant.