Code Error Allowed Copilot Chat to Expose Confidential Information
A code error allowed Copilot Chat to expose confidential email. Microsoft is fixing the problem, but it’s a reminder of how AI can expose information of Microsoft 365 tenants don’t use available features to restrict AI access. Those features need to be configured and deployed, but that doesn’t take much effort. It’s better than users complaining when Copilot exposes their most secret thoughts. https://office365itpros.com/2026/02/13/dlp-policy-for-copilot-bug/Announcing the 2026 Microsoft 365 Community Conference Keynotes
The Microsoft 365 Community Conference returns to Orlando this April, bringing together thousands of builders, innovators, creators, communicators, admins, architects, MVPs, and product makers for three unforgettable days of learning and community. This year’s theme, “A Beacon for Builders, Innovators & Icons of Intelligent Work,” celebrates the people shaping the AI‑powered future — and the keynote lineup reflects exactly that. These leaders will set the tone for our biggest, boldest M365 Community Conference. Below is your first look at the official 2026 keynote order and what to expect from each session. Opening Keynote Jeff Teper — President, Microsoft 365 Collaborative Apps & Platforms Building for the future: Microsoft 365, Agents and AI, what's new and what's next Join Jeff Teper, to discover how AI-powered innovation across Copilot, Teams, and SharePoint is reshaping how people communicate, create, and work together. This session highlights what’s new, what’s fundamentally different, and why thoughtful design continues to matter. See the latest advances in AI and agents, gain insight into where collaboration is headed, and learn why Microsoft is the company to continue to bet on when it comes to building what’s next. Expect: New breakthroughs in collaboration powered by AI and agents Fresh innovations across Teams, Copilot, and SharePoint Practical guidance on how design continues to shape effective teamwork Real world demos that show how AI is transforming communication and content Insight into what is new, what is changing, and what is coming next Business Apps & Agents Keynote Charles Lamanna — President, Business Apps & Agents In this keynote, Charles Lamanna will share how Microsoft 365 Copilot, Copilot Studio, Power Apps, and Agent 365 come together to help makers build powerful agents and help IT teams deploy and govern them at scale. We’ll share how organizations can design, extend, and govern a new model for the intelligent workplace – connecting data, workflows, and systems into intelligent agents that move work forward. Copilot, apps, and agents: the next platform shift for Microsoft 365 Microsoft 365 Copilot has changed how we interact with software. Now AI agents are changing how work gets done – moving from responding to prompts to taking action, across the tools and data your organization already relies on. Expect: A clear explanation of how to leverage and build with Copilot and agents How agents access data, use tools, and complete multi-step work A deeper look at the latest capabilities across Microsoft 365 Copilot, Copilot Studio, and Power Apps End-to-end demos of agents in action Security, Trust & Responsible AI Keynote Vasu Jakkal — Corporate Vice President, Microsoft Security & Rohan Kumar — Corporate Vice President, Microsoft Security, Purview & Trust In our third keynote, Vasu Jakkal and Rohan Kumar join forces to address one of the most urgent topics of the AI era: trust and security at scale. As organizations accelerate into AI‑powered work, safeguarding identities, data, compliance, and governance is mission‑critical. Securing AI: Building Trust in the Era of AI Join Vasu Jakkal and Rohan Kumar as they unveil Microsoft’s vision for securing the new frontier of AI—showing how frontier firms are protecting their data, identities, and models amid rapid AI adoption. This session highlights how Microsoft is embedding security and governance into every layer of our AI platforms and unifying Purview, Defender, Entra, and Security Copilot to defend against threats like prompt injection, model tampering, and shadow AI. You’ll see how built-in protections across Microsoft 365 enable responsible, compliant AI innovation, and gain practical guidance to strengthen your own security posture as AI transforms the way everyone works. Expect: Microsoft's unified approach to secure AI transformation Forward‑looking insights across Security, Purview & Trust Guidance for building safe, responsible AI environments How to protect innovation without slowing momentum Future of Work Fireside Keynote Dr. Jaime Teevan — Chief Scientist & Technical Fellow, Microsoft Closing out the keynote lineup is Dr. Jaime Teevan, one of the foremost thought leaders on AI, productivity, and how work is evolving. In this intimate fireside‑style session, she’ll share research, real‑world insights, and Microsoft’s learnings from being both the maker and the first customer of the AI‑powered workplace. Expect: Insights from decades of workplace research The human side of AI transformation Practical guidance for leaders, creators, and practitioners Why collaboration is essential to unlock the true potential of AI. More Than Keynotes: Why You’ll Want to Be in Orlando The M365 Community Conference brings together: 200+ sessions and breakouts 21 hands‑on workshops 200+ Microsoft engineers and product leaders onsite The Microsoft Innovation Hub Ask the Experts, Meet & Greets, and Community Studio Women in Tech & Allies Luncheon SharePoint’s 25th Anniversary Celebration And an epic attendee party at Universal’s Islands of Adventure Whether you create, deploy, secure, govern, design, or lead with Microsoft 365 — this is your community, and this is your moment. Join Us for the Microsoft 365 Community Conference April 21–23, 2026 Loews Sapphire Falls & Loews Royal Pacific 👉 Register now: https://aka.ms/M365Con26 Use the SAVE150 code for $150USD off current pricing Come be part of the global community building the future of intelligent work.
Foundry Agent deployed to Copilot/Teams Can't Display Images Generated via Code Interpreter
Hello everyone, I’ve been developing an agent in the new Microsoft Foundry and enabled the Code Interpreter tool for it. In Agent Playground, I can successfully start a new chat and have the agent generate a chart/image using Code Interpreter. This works as expected in both the old and new Foundry experiences. However, after publishing the agent to Copilot/Teams for my organization, the same prompt that works in Agent Playground does not function properly. The agent appears to execute the code, but the image is not accessible in Teams. When reviewing the agent traces (via the Traces tab in Foundry), I can see that the agent generates a link to the image in the Code Interpreter sandbox environment, for example: `[Download the bar chart](sandbox:/mnt/data/bar_chart.png)` This works correctly within Foundry, but the sandbox path is not accessible from Teams, so the link fails there. Is there an officially supported way to surface Code Interpreter–generated files/images when the agent is deployed to Copilot/Teams, or is the recommended approach perhaps to implement a custom tool that uploads generated files to an external storage location (e.g., SharePoint, Blob Storage, or another file hosting service) and returns a publicly accessible link instead? I've been having trouble finding anything about this online. Any guidance would be greatly appreciated. Thank you!
SharePoint at 25: The knowledge platform for Copilot and agents
Join us for a global digital event to celebrate the 25th birthday of SharePoint! Gear up for an exciting look at SharePoint’s historic moments along with an exclusive look ahead to the next chapter of SharePoint’s AI future! You will discover how SharePoint’s new content AI capabilities and intelligent experiences will transform the way people create, manage, and collaborate. Be sure to stick around after for our live Ask Microsoft Anything (AMA), where you can ask your questions about the exciting new SharePoint features directly to the product team! 🛠️ Don’t miss the SharePoint Hackathon in March 2026 Design, create, share! We are excited to invite you to a hackathon dedicated to crafting exceptional employee experiences using AI and the latest SharePoint features. More details coming soon. Event LinkUnleashing the power of agents in Microsoft Planner
In today's fast-paced world, AI has become an essential tool for enhancing productivity and efficiency. We are committed to empowering our users with innovative solutions that simplify their work processes, and we’re thrilled to introduce the latest updates to Microsoft Planner, designed to leverage the power of Copilot and agents to streamline project management and task organization. With the recent announcement of Project Manager agent, rolling out in public preview in the Planner app in Microsoft Teams, and the rollout of the new Planner for the web, we are bringing you a comprehensive suite of tools to help you and your team achieve more with less effort. We invite you to explore these exciting new features and discover how they can transform the way you work. Introducing Project Manager agent Project Manager agent is a new AI-powered agent designed to enhance your planning experience by acting as a virtual project manager within your plans. Project Manager agent is built to streamline your planning process, empowering you to focus on the strategic aspects of your work while it handles some of the tasks on your behalf. It is the latest development in enhancing and transforming team collaboration with AI in Planner. Earlier this year, we introduced Copilot in Planner (preview) as a personal companion experience designed to work alongside your planner workflow. With Project Manager agent, we’re now bringing AI capabilities directly into your plans, allowing you to interact with the agent as an integral part of your plan. Project Manager agent takes your goals and automatically breaks them down into actionable tasks. But it doesn’t stop there, it can also execute these tasks on your behalf. By managing the plan and executing tasks, the agent enables you to focus on impactful decisions while it contributes directly to the success of your project. When you start a plan with Project Manager agent, it guides you to define a goal you want to achieve (for example, conducting research on a specific topic). The agent will then generate all the necessary tasks for the research topic. Assign these tasks to the agent, and it will execute on them, providing detailed output that is automatically captured in a Loop page embedded within each task. All members of the plan can collaborate directly within the Loop page, exchanging comments and feedback with the Project Manager agent. Upon selecting Regenerate, the agent incorporates the feedback and generates a refined response, improving the task outcomes. At any point, if Project Manager agent does not have adequate information to generate necessary output, it will even ask clarifying questions that will allow it to provide better responses. You will notice that Project Manager agent is capable of contributing at every step of your plan, delivering value throughout the process. This comes with a new Project Manager View in Planner—your hub for setting goals, generating tasks, and showcasing the execution status. This intuitive interface lets you set your project goals and generate tasks, assign tasks to team members or the agent for execution and track progress and statuses in real time. Additionally, in the board view, you can also group tasks by Project Manager, which shows all the Project manager tasks and status in the appropriate buckets. At its core, the Project Manager agent runs on the Multi-Agent Runtime Service (MARS), a platform built on Microsoft Autogen. MARS leverages specialized agents with unique expertise, enabling the Project Manager agent to perform effectively across diverse scenarios. See the blog post to learn more about how Project Manager agent and MARS function. To help you get started, we’ve provided predefined, customizable templates on various topics, allowing you to quickly kickstart a Project Manager plan and easily tailor it to meet your specific goals. Once you’ve selected a template, you can modify the plan to align with your specific needs and goals, ensuring it meets your unique requirements while leveraging the agent’s capabilities for streamlined execution. From idea, to plan, to done, the Project Manager agent is your trusted partner, ensuring every aspect of your plan is managed seamlessly. We’re also introducing the Microsoft Whiteboard canvas in Planner! This new feature allows you and your team to brainstorm directly within the context of your plan. Upon creating a new plan with the Project Manager agent, you will now see a Whiteboard tab in the plan. Whiteboard offers a dynamic and collaborative canvas within Planner, allowing users to easily convert ideas into tasks and streamline workflow from ideation to action. In the canvas, you and your team can engage in real-time collaboration using inking, sticky notes, and templates. With the Planner integration, you can quickly convert your notes to tasks in one click, directly adding them to your plan. We’re excited to bring these powerful tools to your planning experience, and we can’t wait to see the impact of the Project Manager agent in your daily workflows! The new Project Manager agent will be rolling out to public preview in the Planner app in Teams in the coming weeks. To explore these capabilities, customers are required to have a Microsoft 365 Copilot license and also need to ensure their current Microsoft 365 licensing allows them access to Microsoft Loop. As this is a preview release, please note that the features may evolve based on user feedback and ongoing improvements. Initially, Project Manager agent will support English language as the interaction medium, and other languages in the future. We’d love for you to try it out and share your thoughts to help shape its future development! Please select the thumbs up or thumbs down button in the Project Manager view or in the Task details to share what you think about the experience. In addition, we are announcing two more capabilities that will be coming soon to Microsoft Planner: 1. Copilot in My Tasks view: This feature brings AI-powered organization and prioritization to your tasks, helping users effectively manage their backlog and enabling them to stay on top of what matters most. 2. Automated status report emails: Provides the capability to automatically generate a status email from your plans, streamlining the process of sharing weekly updates so you can spend less time on emails and more time moving projects forward. We expect these features to be available for our customers to try early 2025. Join us at Microsoft Ignite to learn more about Project Manager agent in our breakout session, "Boost productivity with Copilot in Microsoft 365 apps." Try Planner for the web today! The new Planner for the web is now available! This marks another major milestone in the Planner journey that we announced last November at Ignite. In April, we launched the new Planner app in Microsoft Teams, and now we've completed the rollout with Planner for the web. Planner for the web now brings together the simplicity of Microsoft To Do, the collaboration of Planner, the power of Project for the web, and the intelligence of Microsoft 365 Copilot into a simple, familiar experience. Discover a new way to manage tasks for individual plans, team initiatives, and larger scale project management aligned to goals and key strategic objectives. We’re excited for you to try it out and share your thoughts. Thanks to your ongoing feedback, we’re continuing to roll out bug fixes and new enhancements regularly to both Planner in Teams and Planner for the Web. We have more exciting updates coming soon including the availability of Planner for the web in GCC, a new board view in the My Tasks view, an updated experience for the Planner app in Teams channels, and more. Check in regularly on the roadmap to learn about what’s coming. Explore the new Portfolios feature The frequently requested Portfolios feature is also rolling out in the Planner app in Teams and will start rolling out in the new Planner for the web app in the coming weeks! This powerful addition is designed to help you effortlessly manage and track progress across multiple plans. With Portfolios, you can now get a consolidated view of all your premium plans and tasks, ensuring nothing slips through the cracks. Whether you're coordinating between teams or looking for a top-down perspective, Portfolios in Planner makes it all possible in one location, streamlining workflows and enhancing collaboration. Join our session at Microsoft Ignite We are eager to share more details about these exciting updates during our session at Microsoft Ignite! Join us as we dive deeper into the new features and capabilities of Planner, and learn how they can elevate your teamwork. Don't miss this opportunity to connect with our team and get a firsthand look at what's new. Share your feedback Your feedback helps inform our feature updates and we look forward to hearing from you as you try out the new Planner! Provide feedback by using the Feedback button in the top right corner of the Planner app. We also encourage you to share any features you want to see in the app by adding it to our Planner Feedback Portal. Learn more Check out the recently refreshed Planner adoption page. Sign up to receive future communication about Planner. Check out the Microsoft 365 roadmap for feature descriptions and estimated release dates for Planner. Watch Planner demos for inspiration on how to get the most out of the new Planner app in Microsoft Teams. Watch the recording from September's What’s New and What’s Coming Next + AMA about the new Planner. Visit the Planner help page to learn more about the capabilities in the new Planner.AlphaLife Sciences powers regulatory-compliant AI workflows with PostgreSQL on Azure
by: Maxim Lukiyanov, PhD, Principal PM Manager and Sharon Chen, CEO and Founder at AlphaLife Sciences In life sciences, every document is deeply interconnected and highly regulated. Each clinical trial, regulatory submission, safety report, or protocol amendment is expected to stand up to rigorous audit. For AlphaLife Sciences, that challenge became an opportunity to rethink how AI could support expert human judgment. At Microsoft Ignite, AlphaLife Sciences CEO and Founder Sharon Chen shared how her team is building an AI-powered content authoring platform on top of Azure Database for PostgreSQL, designed specifically for the demands of regulated life sciences workflows. She also explained why the team is excited about Azure HorizonDB as a new PostgreSQL service that is built to meet the needs of modern enterprise workloads. This post explores how AlphaLife Sciences uses PostgreSQL as more than a data store. It’s a semantic foundation for compliant, auditable AI agents. Bringing AI into regulated workflows Life sciences organizations are under constant pressure. R&D pipelines are growing and patent windows are shrinking. A single clinical study report can take six months or more to complete, involving multiple teams and hundreds of source documents. Building efficiency into these processes is critical, but only if it doesn’t compromise accuracy, traceability, or compliance. That’s where many AI solutions fall short. Generating text is one thing, but generating verifiable, version-controlled, regulation-aware content is another. AlphaLife Sciences needed agents that could: Work across massive volumes of structured and unstructured data (Word, PDF, Excel, PowerPoint) Maintain full traceability from generated content back to source documents Support audits, amendments, and regulatory review Minimize hallucinations in a zero-tolerance environment Integrate naturally into the tools writers already use Bringing data, search, and AI together in one system At the core of AlphaLife Sciences’ platform is Azure Database for PostgreSQL. The team chose it for flexibility, extensibility, and for how well it supports modern AI workloads. Instead of stitching together separate systems for SQL queries, vector search, text indexing, and metadata tracking, AlphaLife Sciences consolidated everything into PostgreSQL. One of its flagship use cases is clinical trial protocol authoring, a process that typically involves: Designing trial objectives and endpoints Pulling references from previous studies Writing and revising hundreds of pages of structured content Managing multiple rounds of amendments and regulatory feedback With AI agents backed by PostgreSQL, that workflow changes dramatically. When a writer generates a protocol section, the system can automatically retrieve relevant references from a centralized document pool, using semantic search rather than manual lookup. Writers select the sources they want, apply rules or prompts, and let AI draft the section - complete with citations tied back to the original documents. Reviewers can inspect the source, adjust the output, or insert it directly into the document. For protocol amendments, the platform allows teams to upload inputs (Word or Excel), analyze which sections are affected, and generate structured suggestions. Changes are clearly highlighted, compared against previous versions, and summarized in amendment tables. AI agents that respect the rules A recurring theme in Chen’s talk was restraint. “We don’t just need AI that can write,” she said. “We need intelligent agents that understand data structures, follow regulatory laws, and manage version control.” This is where PostgreSQL-backed AI agents shine. By grounding AI behavior in structured schemas, controlled access, and auditable records, automation works hand-in-hand with human experts. AI accelerates first drafts, consistency checks, discrepancy detection, and cross-document analysis, but final accountability stays firmly with professionals. In some cases, the time to complete processes has been reduced by more than 50%. Azure Database for PostgreSQL has become more than a database for AlphaLife Sciences. It’s a semantic knowledge base that supports: Structured and unstructured data Vector similarity search Metadata-driven traceability Compliance, security, and auditability AI agents operating safely inside enterprise constraints By grounding AI agents directly in the database, reasoning, retrieval, and generation all operate against the same governed source of truth. “AI agents are not here to replace human beings,” said Chen. “They extend structured, compliant, and auditable thinking.” What’s next for AlphaLife Sciences with PostgreSQL on Azure Looking ahead, Chen shared her excitement about Azure HorizonDB and the capabilities it brings to PostgreSQL on Azure. Features like in-database AI model management, semantic operators for classification and summarization, and faster vector search with DiskANN align closely with AlphaLife Sciences’ needs as their platform continues to scale. “We’re extremely happy to see the launch of Azure HorizonDB and the more powerful tools coming with it,” Chen said. “By putting everything together in PostgreSQL, we don’t have to rely on different systems for vector search, text indexing, or SQL queries. Everything happens in one streamlined system. The code becomes cleaner, efficiency improves, and the AI agents perform much more elegantly.” Learn more AlphaLife Sciences’ journey was featured during the Microsoft Ignite session “The Blueprint for Intelligent AI Agents Backed by PostgreSQL.” Watch the session to learn more and see a demo of how Azure Database for PostgreSQL transforms the protocol and protocol amendment process. When AI is anchored in a strong PostgreSQL foundation, innovation and compliance don’t have to compete - they can reinforce each other.Choosing the Right Model in GitHub Copilot: A Practical Guide for Developers
AI-assisted development has grown far beyond simple code suggestions. GitHub Copilot now supports multiple AI models, each optimized for different workflows, from quick edits to deep debugging to multi-step agentic tasks that generate or modify code across your entire repository. As developers, this flexibility is powerful… but only if we know how to choose the right model at the right time. In this guide, I’ll break down: Why model selection matters The four major categories of development tasks A simplified, developer-friendly model comparison table Enterprise considerations and practical tips This is written from the perspective of real-world customer conversations, GitHub Copilot demos, and enterprise adoption journeys Why Model Selection Matters GitHub Copilot isn’t tied to a single model. Instead, it offers a range of models, each with different strengths: Some are optimized for speed Others are optimized for reasoning depth Some are built for agentic workflows Choosing the right model can dramatically improve: The quality of the output The speed of your workflow The accuracy of Copilot’s reasoning The effectiveness of Agents and Plan Mode Your usage efficiency under enterprise quotas Model selection is now a core part of modern software development, just like choosing the right library, framework, or cloud service. The Four Task Categories (and which Model Fits) To simplify model selection, I group tasks into four categories. Each category aligns naturally with specific types of models. 1. Everyday Development Tasks Examples: Writing new functions Improving readability Generating tests Creating documentation Best fit: General-purpose coding models (e.g., GPT‑4.1, GPT‑5‑mini, Claude Sonnet) These models offer the best balance between speed and quality. 2. Fast, Lightweight Edits Examples: Quick explanations JSON/YAML transformations Small refactors Regex generation Short Q&A tasks Best fit: Lightweight models (e.g., Claude Haiku 4.5) These models give near-instant responses and keep you “in flow.” 3. Complex Debugging & Deep Reasoning Examples: Analyzing unfamiliar code Debugging tricky production issues Architecture decisions Multi-step reasoning Performance analysis Best fit: Deep reasoning models (e.g., GPT‑5, GPT‑5.1, GPT‑5.2, Claude Opus) These models handle large context, produce structured reasoning, and give the most reliable insights for complex engineering tasks. 4. Multi-step Agentic Development Examples: Repo-wide refactors Migrating a codebase Scaffolding entire features Implementing multi-file plans in Agent Mode Automated workflows (Plan → Execute → Modify) Best fit: Agent-capable models (e.g., GPT‑5.1‑Codex‑Max, GPT‑5.2‑Codex) These models are ideal when you need Copilot to execute multi-step tasks across your repository. GitHub Copilot Models - Developer Friendly Comparison The set of models you can choose from depends on your Copilot subscription, and the available options may evolve over time. Each model also has its own premium request multiplier, which reflects the compute resources it requires. If you're using a paid Copilot plan, the multiplier determines how many premium requests are deducted whenever that model is used. Model Category Example Models (Premium request Multiplier for paid plans) What they’re best at When to Use Them Fast Lightweight Models Claude Haiku 4.5, Gemini 3 Flash (0.33x) Grok Code Fast 1 (0.25x) Low latency, quick responses Small edits, Q&A, simple code tasks General-Purpose Coding Models GPT‑4.1, GPT‑5‑mini (0x) GPT-5-Codex, Claude Sonnet 4.5 (1x) Reliable day‑to‑day development Writing functions, small tests, documentation Deep Reasoning Models GPT-5.1 Codex Mini (0.33x) GPT‑5, GPT‑5.1, GPT-5.1 Codex, GPT‑5.2, Claude Sonnet 4.0, Gemini 2.5 Pro, Gemini 3 Pro (1x) Claude Opus 4.5 (3x) Complex reasoning and debugging Architecture work, deep bug diagnosis Agentic / Multi-step Models GPT‑5.1‑Codex‑Max, GPT‑5.2‑Codex (1x) Planning + execution workflows Repo-wide changes, feature scaffolding Enterprise Considerations For organizations using Copilot Enterprise or Business: Admins can control which models employees can use Model selection may be restricted due to security, regulation, or data governance You may see fewer available models depending on your organization’s Copilot policies Using "Auto" Model selection in GitHub Copilot GitHub Copilot’s Auto model selection automatically chooses the best available model for your prompts, reducing the mental load of picking a model and helping you avoid rate‑limiting. When enabled, Copilot prioritizes model availability and selects from a rotating set of eligible models such as GPT‑4.1, GPT‑5 mini, GPT‑5.2‑Codex, Claude Haiku 4.5, and Claude Sonnet 4.5 while respecting your subscription level and any administrator‑imposed restrictions. Auto also excludes models blocked by policies, models with premium multipliers greater than 1, and models unavailable in your plan. For paid plans, Auto provides an additional benefit: a 10% discount on premium request multipliers when used in Copilot Chat. Overall, Auto offers a balanced, optimized experience by dynamically selecting a performant and cost‑efficient model without requiring developers to switch models manually. Read more about the 'Auto' Model selection here - About Copilot auto model selection - GitHub Docs Final Thoughts GitHub Copilot is becoming a core part of the developer workflows. Choosing the right model can dramatically improve your productivity, the accuracy of Copilot’s responses, your experience with multi-step agentic tasks, your ability to navigate complex codebases Whether you’re building features, debugging complex issues, or orchestrating repo-wide changes, picking the right model helps you get the best out of GitHub Copilot. References and Further Reading To explore each model further, visit the GitHub Copilot model comparison documentation or try switching models in Copilot Chat to see how they impact your workflow. AI model comparison - GitHub Docs Requests in GitHub Copilot - GitHub Docs About Copilot auto model selection - GitHub DocsDemystifying GitHub Copilot Security Controls: easing concerns for organizational adoption
At a recent developer conference, I delivered a session on Legacy Code Rescue using GitHub Copilot App Modernization. Throughout the day, conversations with developers revealed a clear divide: some have fully embraced Agentic AI in their daily coding, while others remain cautious. Often, this hesitation isn't due to reluctance but stems from organizational concerns around security and regulatory compliance. Having witnessed similar patterns during past technology shifts, I understand how these barriers can slow adoption. In this blog, I'll demystify the most common security concerns about GitHub Copilot and explain how its built-in features address them, empowering organizations to confidently modernize their development workflows. GitHub Copilot Model Training A common question I received at the conference was whether GitHub uses your code as training data for GitHub Copilot. I always direct customers to the GitHub Copilot Trust Center for clarity, but the answer is straightforward: “No. GitHub uses neither Copilot Business nor Enterprise data to train the GitHub model.” Notice this restriction also applies to third-party models as well (e.g. Anthropic, Google). GitHub Copilot Intellectual Property indemnification policy A frequent concern I hear is, since GitHub Copilot’s underlying models are trained on sources that include public code, it might simply “copy and paste” code from those sources. Let’s clarify how this actually works: Does GitHub Copilot “copy/paste”? “The AI models that create Copilot’s suggestions may be trained on public code, but do not contain any code. When they generate a suggestion, they are not “copying and pasting” from any codebase.” To provide an additional layer of protection, GitHub Copilot includes a “duplicate detection filter”. This feature helps prevent suggestions that closely match public code from being surfaced. (Note: This duplicate detection currently does not apply to the Copilot coding agent.) More importantly, customers are protected by an Intellectual Property indemnification policy. This means that if you receive an unmodified suggestion from GitHub Copilot and face a copyright claim as a result, Microsoft will defend you in court. GitHub Copilot Data Retention Another frequent question I hear concerns GitHub Copilot’s data retention policies. For organizations on GitHub Copilot Business and Enterprise plans, retention practices depend on how and where the service is accessed from: Access through IDE for Chat and Code Completions: Prompts and Suggestions: Not retained. User Engagement Data: Kept for two years. Feedback Data: Stored for as long as needed for its intended purpose. Other GitHub Copilot access and use: Prompts and Suggestions: Retained for 28 days. User Engagement Data: Kept for two years. Feedback Data: Stored for as long as needed for its intended purpose. For Copilot Coding Agent, session logs are retained for the life of the account in order to provide the service. Excluding content from GitHub Copilot To prevent GitHub Copilot from indexing sensitive files, you can configure content exclusions at the repository or organization level. In VS Code, use the .copilotignore file to exclude files client-side. Note that files listed in .gitignore are not indexed by default but may still be referenced if open or explicitly referenced (unless they’re excluded through .copilotignore or content exclusions). The life cycle of a GitHub Copilot code suggestion Here are the key protections at each stage of the life cycle of a GitHub Copilot code suggestion: In the IDE: Content exclusions prevent files, folders, or patterns from being included. GitHub proxy (pre-model safety): Prompts go through a GitHub proxy hosted in Microsoft Azure for pre-inference checks: screening for toxic or inappropriate language, relevance, and hacking attempts/jailbreak-style prompts before reaching the model. Model response: With the public code filter enabled, some suggestions are suppressed. The vulnerability protection feature blocks insecure coding patterns like hardcoded credentials or SQL injections in real time. Disable access to GitHub Copilot Free Due to the varying policies associated with GitHub Copilot Free, it is crucial for organizations to ensure it is disabled both in the IDE and on GitHub.com. Since not all IDEs currently offer a built-in option to disable Copilot Free, the most reliable method to prevent both accidental and intentional access is to implement firewall rule changes, as outlined in the official documentation. Agent Mode Allow List Accidental file system deletion by Agentic AI assistants can happen. With GitHub Copilot agent mode, the "Terminal auto approve” setting in VS Code can be used to prevent this. This setting can be managed centrally using a VS Code policy. MCP registry Organizations often want to restrict access to allow only trusted MCP servers. GitHub now offers an MCP registry feature for this purpose. This feature isn’t available in all IDEs and clients yet, but it's being developed. Compliance Certifications The GitHub Copilot Trust Center page lists GitHub Copilot's broad compliance credentials, surpassing many competitors in financial, security, privacy, cloud, and industry coverage. SOC 1 Type 2: Assurance over internal controls for financial reporting. SOC 2 Type 2: In-depth report covering Security, Availability, Processing Integrity, Confidentiality, and Privacy over time. SOC 3: General-use version of SOC 2 with broad executive-level assurance. ISO/IEC 27001:2013: Certification for a formal Information Security Management System (ISMS), based on risk management controls. CSA STAR Level 2: Includes a third-party attestation combining ISO 27001 or SOC 2 with additional cloud control matrix (CCM) requirements. TISAX: Trusted Information Security Assessment Exchange, covering automotive-sector security standards. In summary, while the adoption of AI tools like GitHub Copilot in software development can raise important questions around security, privacy, and compliance, it’s clear that existing safeguards in place help address these concerns. By understanding the safeguards, configurable controls, and robust compliance certifications offered, organizations and developers alike can feel more confident in embracing GitHub Copilot to accelerate innovation while maintaining trust and peace of mind.Microsoft 365 & Power Platform Community call
💡 Microsoft 365 & Power Platform Development bi-weekly community call focuses on different use cases and features within the Microsoft 365 and Power Platform - across Microsoft 365 Copilot, Copilot Studio, SharePoint, Power Apps and more. 👏 Looking to catch up on the latest news and updates, including cool community demos, this call is for you! 📅 On 12th of February we'll have following agenda: Copilot prompt of the week CommunityDays.org update Microsoft 365 Maturity model Latest on PnP Framework and Core SDK extension Latest on PnP PowerShell Latest on script samples Latest Copilot pro dev samples Latest on Power Platform samples Picture time with the Together Mode! Mohammed Amer (Atea Global Services) – Reverse Engineering: Teaching GitHub Copilot to Configure Vitest Unit Testing for your SPFx apps Peter Paul Kirschner (ACP Cubido) – Creating React Office Breakout game with SPFx - Vision, Motion, and a Little Chaos 📅 Download recurrent invite from https://aka.ms/community/m365-powerplat-dev-call-invite 📞 & 📺 Join the Microsoft Teams meeting live at https://aka.ms/community/m365-powerplat-dev-call-join 👋 See you in the call! 💡 Building something cool for Microsoft 365 or Power Platform (Copilot, SharePoint, Power Apps, etc)? We are always looking for presenters - Volunteer for a community call demo at https://aka.ms/community/request/demo 📖 Resources: Previous community call recordings and demos from the Microsoft Community Learning YouTube channel at https://aka.ms/community/youtube Microsoft 365 & Power Platform samples from Microsoft and community - https://aka.ms/community/samples Microsoft 365 & Power Platform community details - https://aka.ms/community/home 🧡 Sharing is caring!
