Is Microsoft Copilot safe for business use?

A business owner and colleague reviewing a laptop screen together at an office desk
TL;DR

Microsoft 365 Copilot with Enterprise Data Protection keeps your prompts and files within your tenant boundary, does not use your data to train Microsoft's AI models, and operates under a GDPR-aligned Data Protection Addendum. The risks that remain are your own file permissions, sensitivity label gaps, and staff use of the free consumer version. Fix the permissions, block the consumer tool for business use, and you have a defensible starting position.

Key takeaways

- Microsoft 365 Copilot with Enterprise Data Protection does not use your prompts or files to train Microsoft's AI models; the free consumer version carries no such guarantee. - The main pre-rollout risk is your existing file permissions, not the AI model itself. Copilot accesses everything the signed-in user can already see in Microsoft 365. - Enterprise data protection covers encryption, data residency, eDiscovery via Purview, and GDPR processor obligations; it does not set your retention periods or enforce your internal policies. - The ICO requires a DPIA before deploying Copilot in any context processing significant volumes of personal data; FCA-regulated firms must also manage Copilot use within their conduct, outsourcing, and operational resilience frameworks. - Before switching Copilot on, audit existing Microsoft 365 permissions, enable Purview audit logging, test sensitivity label inheritance on Copilot outputs, and update your acceptable use policy to block consumer AI tools for business data.

Your Microsoft IT reseller has proposed a Copilot rollout. The demo looks polished and the licensing appears to slot neatly into your existing Microsoft 365 subscription. Before the meeting ends, someone asks what Copilot actually does with client data, staff records, and commercially sensitive documents. The answer depends on which version you enable and how your existing Microsoft 365 environment is set up.

What makes the two Microsoft Copilot versions different?

There are two Microsoft Copilot experiences with very different data-protection profiles. Microsoft 365 Copilot with Enterprise Data Protection runs inside your Microsoft 365 tenant boundary, covered by Microsoft’s Data Protection Addendum and GDPR-aligned security controls. Consumer Copilot, available free at copilot.microsoft.com or through Windows using a personal Microsoft account, sits outside your organisation entirely and carries no binding enterprise data commitments.

When you use Microsoft 365 Copilot with your work account inside a properly licensed tenant, Microsoft’s documentation makes this commitment explicit. Your prompts, responses, and the files it accesses through Microsoft Graph are not used to train its foundation language models. That commitment is backed by the Microsoft Data Protection Addendum, which covers GDPR Article 28 processor obligations, sub-processor transparency, and breach notification.

The consumer version carries none of those commitments. UK Microsoft partner Bridgeall advises that consumer Copilot has no connection to your organisation’s systems and that data may be used to improve Microsoft’s AI models. Staff should never use the consumer version for work-related tasks. That distinction matters in practice. If your people are using copilot.microsoft.com with their personal Microsoft accounts, none of your enterprise protections apply to those sessions, regardless of what your Microsoft 365 tenant is configured to do.

Why does your permissions setup matter more than the AI model?

The main practical risk with Microsoft 365 Copilot is the file permissions accumulated since you first set up your Microsoft 365 environment. Copilot can only access what the signed-in user already has access to within Microsoft 365. If your SharePoint sites or Teams channels are broadly open across the firm, Copilot makes that broad access faster and more searchable than it was before.

Concentric AI’s 2026 data risk report puts numbers to this. Around 16% of business-critical data is overshared in organisations that have deployed Copilot, with an average of 802,000 files at risk per organisation. Copilot does not create those exposure problems; it inherits them from existing permissions. What it does is make previously tolerated gaps far more visible to anyone who queries the system.

There is a second issue in the same territory. Copilot outputs do not consistently inherit the sensitivity labels applied to source files. A document classified as Highly Confidential in Microsoft Purview might be summarised by Copilot into a response that carries no classification at all. If a staff member pastes that summary into an email, the protection is gone. For owner-managed businesses that rely on information protection labels to meet ICO requirements around special-category data, this needs deliberate testing before rollout.

Where does enterprise data protection apply, and where does it stop?

When Microsoft 365 Copilot runs inside a properly configured tenant with Enterprise Data Protection, it operates under the same contractual controls as your email and SharePoint files. Prompts and responses are encrypted, stored within your Microsoft 365 data boundary, subject to your retention policies, and available for eDiscovery via Microsoft Purview. Microsoft acts as a data processor under a GDPR-aligned Data Protection Addendum.

Jisc, the UK national body for digital education, confirmed in its September 2024 analysis that when Enterprise Data Protection is enabled, all Copilot activity is bounded and stored in the same way as the rest of an organisation’s Office 365 data. Your data residency configuration and the EU Data Boundary commitments govern where that data is processed, which matters if your firm handles personal data of EU residents.

What enterprise data protection does not automatically cover is equally important to understand. Microsoft does not set your data retention periods or define which personal data is appropriate to process via Copilot. Those remain your responsibilities under UK GDPR. Copilot does not enforce your internal policies around client confidentiality, insider information, or HR data. It follows technical access controls only. And if a member of staff copies client material into consumer Copilot while signed in with a personal account, your enterprise commitments do not cover that interaction at all.

When does UK regulation apply to your Copilot rollout?

UK data protection, financial services, and cyber security regulation all have a direct stake in how you deploy Microsoft Copilot. The ICO’s generative AI guidance requires organisations to conduct Data Protection Impact Assessments before deploying tools that process significant volumes of personal data, and to demonstrate data minimisation and transparency. A Copilot rollout in an owner-managed business will typically trigger that requirement.

If your firm is regulated by the FCA, the requirements are sharper. The FCA’s April 2024 update on AI in financial services makes clear that regulated firms remain fully responsible for outcomes when using third-party AI tools. Outsourcing and conduct standards apply. If you use Copilot to summarise client portfolios, draft advice documents, or process trading-related material, that use needs to sit within your existing operational resilience and data governance framework, not be managed separately from it.

The NCSC recommends treating a Copilot deployment as a change in how users can search and combine organisational data, which should trigger a permissions review against its least-privilege guidance. That recommendation applies regardless of sector. For firms with EU clients or operations, the EU AI Act is also in scope. Certain AI uses, including tools that contribute to decisions about credit, HR selection, or law enforcement, are classified as high-risk and carry documentation and human oversight requirements.

What should you check before you switch Microsoft Copilot on?

Before you authorise a Copilot rollout, five checks will tell you whether your Microsoft 365 environment is in a state where the enterprise protections actually hold. Skipping them doesn’t mean Copilot fails. It means you won’t know what it can access until something surfaces that surprises you. A few hours of preparation avoids many unpleasant discoveries after the fact.

First, confirm you are enabling Microsoft 365 Copilot with Enterprise Data Protection and that staff will use it via their organisational Microsoft accounts, not personal ones. The licensing route and the sign-in context both determine whether the enterprise commitments apply.

Second, run a permissions audit before rollout. Use SharePoint and Teams permission reports to find any document libraries or sites shared with everyone in the organisation or with external guests, then tighten access to HR, finance, and client folders so only the appropriate roles can reach them.

Third, review your sensitivity labels. Test how Copilot handles summarising labelled content and whether outputs carry the appropriate classification. Where they do not, adjust your information protection policies or staff training accordingly.

Fourth, enable audit logging in Microsoft Purview and set retention periods that meet your regulatory requirements. Copilot interactions are available for eDiscovery and compliance review, but only if you have configured the policies to capture them. FCA-regulated firms should check that Copilot activity logging aligns with existing record-keeping obligations.

Fifth, update your acceptable use policy to explicitly prohibit the use of consumer AI tools, including the free version of Copilot, for client data and commercially sensitive information. Train staff on what Copilot can see, which is everything the signed-in user already has access to, and on checking outputs for accuracy before sharing externally.

Sources

- Bridgeall (2026). Data security in Microsoft Copilot. UK Microsoft partner analysis of consumer versus enterprise Copilot data protections; advises that consumer Copilot is not appropriate for business or sensitive use. https://www.bridgeall.com/2026/03/17/data-security-in-microsoft-copilot-the-three-levels-explained/ - Microsoft (2025). Microsoft 365 Copilot privacy. Confirms that prompts and responses are not used to train foundation language models and covers GDPR-aligned processor obligations under the Data Protection Addendum. https://learn.microsoft.com/en-us/microsoft-365/copilot/microsoft-365-copilot-privacy - Microsoft (2025). Enterprise Data Protection for Microsoft 365 Copilot. Details tenant boundary controls, encryption, audit logging via Purview, and recommended permission configuration steps before rollout. https://learn.microsoft.com/en-us/microsoft-365/copilot/enterprise-data-protection - Jisc National Centre for AI (2024). Microsoft Copilot and data protection, an update. UK-focused analysis confirming that with Enterprise Data Protection enabled, Copilot activity is stored and bounded within the Office 365 tenancy under Microsoft's Data Protection Addendum. https://nationalcentreforai.jiscinvolve.org/wp/2024/09/26/microsoft-copilot-and-data-protection-an-update/ - Concentric AI (2026). Microsoft Copilot data risk report. Reports that 16% of business-critical data is overshared in organisations deploying Copilot and that Copilot outputs do not consistently inherit sensitivity labels from source files. https://concentric.ai/too-much-access-microsoft-copilot-data-risks-explained/ - Information Commissioner's Office (2023). Guidance on generative AI and data protection. Sets out ICO expectations for DPIAs, data minimisation, transparency, and controller responsibilities when deploying generative AI tools in UK organisations. https://ico.org.uk/media/for-organisations/documents/4021871/guidance-on-generative-ai-and-data-protection.pdf - Information Commissioner's Office (2023). ICO publishes new guidance on generative AI and data protection. Reinforces controller responsibilities under UK GDPR, including transparency with staff and documenting AI tool use. https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/10/ico-publishes-new-guidance-on-generative-ai-and-data-protection/ - Financial Conduct Authority (2024). AI in financial services. Confirms that regulated firms remain fully responsible for outcomes when using third-party AI tools and must manage outsourcing and data governance risk accordingly. https://www.fca.org.uk/news/speeches/ai-financial-services - National Cyber Security Centre (2023). Guidelines for secure AI system development. Recommends least-privilege access, tenant isolation, and data flow mapping as principles for AI deployments inside cloud platforms including Microsoft 365. https://www.ncsc.gov.uk/whitepaper/guidelines-for-secure-ai-system-development - European Parliament (2024). EU Artificial Intelligence Act (Regulation 2024/1689). Establishes high-risk AI categories and documentation and oversight requirements relevant to UK firms using Copilot for decisions affecting EU residents. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689

Frequently asked questions

Does Microsoft Copilot use my business data to train its AI models?

Microsoft 365 Copilot with Enterprise Data Protection does not use your prompts, responses, or files to train its foundation language models. That commitment is covered by Microsoft's Data Protection Addendum. The consumer version of Copilot carries no such guarantee, which is why staff should use only the organisational, tenant-bound version for any work-related tasks.

What is the biggest data risk with Microsoft Copilot for a small firm?

Oversharing in your existing Microsoft 365 environment is the most commonly cited practical risk. Copilot can access everything the signed-in user already has access to. If your SharePoint sites or Teams channels are broadly open within the firm, Copilot will surface that information quickly and in searchable form. Fixing permissions before rollout reduces this risk significantly.

Do I need to complete a Data Protection Impact Assessment before using Microsoft Copilot?

The ICO's guidance on generative AI indicates that a DPIA is required when deploying tools that process significant volumes of personal data, which Microsoft Copilot will do in virtually any business deployment. A lightweight DPIA, documenting the purposes of use, the categories of personal data involved, and the controls in place, provides a useful record if a complaint or incident arises.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation