Microsoft regularly enhances the underlying AI models that power Microsoft 365 Copilot. These updates are designed to bring performance improvements, more advanced reasoning, and expanded multimodal capabilities without altering controls, configurations, compliance, security, or core enterprise contractual commitments. Customers do not need to make changes to their environment to account for new model changes.
In this blog we’ll explore:
- What changes during a model update
- What doesn’t change during a model update
- Microsoft position on re-assessment of risk with model changes
Note: “Model updates” refer to underlying foundation model upgrades within Microsoft 365 Copilot, including changes to foundation model versions. This does not include broader product feature changes, which are communicated separately through standard Microsoft roadmap channels.
What changes during a model update
Microsoft regularly updates the underlying AI models to improve the performance, reasoning, and multimodal capabilities of Microsoft 365 Copilot, Microsoft Copilot Chat, and agents. Here’s what changes.
Updates are generally rolled out to users in phases, starting with specific surfaces (e.g., web grounded queries only) then gradually expanding to broader contexts. A model selector within the Copilot system may dynamically route prompts to the most appropriate model depending on the complexity of the task.
We may introduce new models through UI cues, such as toggle options or session-specific selections, before being fully integrated into tenant-wide defaults. This way, customers can try newer models in a controlled way without affecting broader workflows.
Throughout this process we follow our standard change management and safe deployment practices to introduce updates with enterprise-grade reliability and oversight. This includes security, privacy, accessibility, and Responsible AI reviews across the principles of fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability. Microsoft also conducts independent red teaming, vulnerability scanning, and Security Development Lifecycle (SDL) assessments.
When newer models are introduced, users may experience enhancements to model capabilities intended to increase Copilot's utility in complex, content-rich workflows—such as improved reasoning, larger context windows, faster performance, more fluent responses, or better handling of text, images, audio, and video together.
What does not change during a model update
Model updates do not change our enterprise-grade security, privacy, and compliance commitments. There are no changes to the way that Microsoft processes, stores, or protects customer data. It’s also important to note that model updates do not impact any of your existing controls, settings, or configurations, including Microsoft Purview controls such as retention, eDiscovery, and audit logging. There is no need for new configurations or administrative actions. Finally, API behavior remains unchanged and is updated through a process separate from model changes.
Note: When Open AI models are used by Copilot, they are all hosted in Microsoft’s Azure environment and do not interact with any services operated by OpenAI (e.g., ChatGPT, or the OpenAI API). OpenAI remains outside of Microsoft’s Customer Data processing boundary and is not a subprocessor. Copilot customer data is not available to OpenAI or used to train OpenAI foundation models. No customer data is shared with OpenAI, even as models are updated or switched. This position remains consistent across all model transitions.
Risk and compliance position
Model updates do not change how data is handled or inherently introduce new customer-facing features. All existing customer-defined compliance, privacy, and security settings continue to apply. As such, customers don’t need to take any administrative actions or make any changes to their environment.
Further, as model updates don’t impact compliance posture, data handling, surrounding safety systems, or customer-facing features, we advise against performing a brand-new risk assessment. That said, some organizations have internal policies requiring risk reviews upon any model change. For those customers, Microsoft account teams can provide documentation and support as needed to assist with assessments.
Copilot model updates are just one type of ongoing enhancement we make to keep pace with AI advancements, and we remain committed to continually improving our platform to help customers accelerate AI transformation at Enterprise scale.
Disclaimer
This blog post is provided for informational purposes only and reflects Microsoft’s current thinking as of the date of publication. It does not constitute a legal or contractual commitment. Microsoft makes no warranties, express or implied, in this summary. Information and views expressed, including URLs and other references, may change without notice. Customers should consult their own legal, compliance, and risk teams when evaluating the impact of model updates on their environments.
Microsoft