Your Microsoft IT reseller has proposed a Copilot rollout. The demo looks polished and the licensing appears to slot neatly into your existing Microsoft 365 subscription. Before the meeting ends, someone asks what Copilot actually does with client data, staff records, and commercially sensitive documents. The answer depends on which version you enable and how your existing Microsoft 365 environment is set up.
What makes the two Microsoft Copilot versions different?
There are two Microsoft Copilot experiences with very different data-protection profiles. Microsoft 365 Copilot with Enterprise Data Protection runs inside your Microsoft 365 tenant boundary, covered by Microsoft’s Data Protection Addendum and GDPR-aligned security controls. Consumer Copilot, available free at copilot.microsoft.com or through Windows using a personal Microsoft account, sits outside your organisation entirely and carries no binding enterprise data commitments.
When you use Microsoft 365 Copilot with your work account inside a properly licensed tenant, Microsoft’s documentation makes this commitment explicit. Your prompts, responses, and the files it accesses through Microsoft Graph are not used to train its foundation language models. That commitment is backed by the Microsoft Data Protection Addendum, which covers GDPR Article 28 processor obligations, sub-processor transparency, and breach notification.
The consumer version carries none of those commitments. UK Microsoft partner Bridgeall advises that consumer Copilot has no connection to your organisation’s systems and that data may be used to improve Microsoft’s AI models. Staff should never use the consumer version for work-related tasks. That distinction matters in practice. If your people are using copilot.microsoft.com with their personal Microsoft accounts, none of your enterprise protections apply to those sessions, regardless of what your Microsoft 365 tenant is configured to do.
Why does your permissions setup matter more than the AI model?
The main practical risk with Microsoft 365 Copilot is the file permissions accumulated since you first set up your Microsoft 365 environment. Copilot can only access what the signed-in user already has access to within Microsoft 365. If your SharePoint sites or Teams channels are broadly open across the firm, Copilot makes that broad access faster and more searchable than it was before.
Concentric AI’s 2026 data risk report puts numbers to this. Around 16% of business-critical data is overshared in organisations that have deployed Copilot, with an average of 802,000 files at risk per organisation. Copilot does not create those exposure problems; it inherits them from existing permissions. What it does is make previously tolerated gaps far more visible to anyone who queries the system.
There is a second issue in the same territory. Copilot outputs do not consistently inherit the sensitivity labels applied to source files. A document classified as Highly Confidential in Microsoft Purview might be summarised by Copilot into a response that carries no classification at all. If a staff member pastes that summary into an email, the protection is gone. For owner-managed businesses that rely on information protection labels to meet ICO requirements around special-category data, this needs deliberate testing before rollout.
Where does enterprise data protection apply, and where does it stop?
When Microsoft 365 Copilot runs inside a properly configured tenant with Enterprise Data Protection, it operates under the same contractual controls as your email and SharePoint files. Prompts and responses are encrypted, stored within your Microsoft 365 data boundary, subject to your retention policies, and available for eDiscovery via Microsoft Purview. Microsoft acts as a data processor under a GDPR-aligned Data Protection Addendum.
Jisc, the UK national body for digital education, confirmed in its September 2024 analysis that when Enterprise Data Protection is enabled, all Copilot activity is bounded and stored in the same way as the rest of an organisation’s Office 365 data. Your data residency configuration and the EU Data Boundary commitments govern where that data is processed, which matters if your firm handles personal data of EU residents.
What enterprise data protection does not automatically cover is equally important to understand. Microsoft does not set your data retention periods or define which personal data is appropriate to process via Copilot. Those remain your responsibilities under UK GDPR. Copilot does not enforce your internal policies around client confidentiality, insider information, or HR data. It follows technical access controls only. And if a member of staff copies client material into consumer Copilot while signed in with a personal account, your enterprise commitments do not cover that interaction at all.
When does UK regulation apply to your Copilot rollout?
UK data protection, financial services, and cyber security regulation all have a direct stake in how you deploy Microsoft Copilot. The ICO’s generative AI guidance requires organisations to conduct Data Protection Impact Assessments before deploying tools that process significant volumes of personal data, and to demonstrate data minimisation and transparency. A Copilot rollout in an owner-managed business will typically trigger that requirement.
If your firm is regulated by the FCA, the requirements are sharper. The FCA’s April 2024 update on AI in financial services makes clear that regulated firms remain fully responsible for outcomes when using third-party AI tools. Outsourcing and conduct standards apply. If you use Copilot to summarise client portfolios, draft advice documents, or process trading-related material, that use needs to sit within your existing operational resilience and data governance framework, not be managed separately from it.
The NCSC recommends treating a Copilot deployment as a change in how users can search and combine organisational data, which should trigger a permissions review against its least-privilege guidance. That recommendation applies regardless of sector. For firms with EU clients or operations, the EU AI Act is also in scope. Certain AI uses, including tools that contribute to decisions about credit, HR selection, or law enforcement, are classified as high-risk and carry documentation and human oversight requirements.
What should you check before you switch Microsoft Copilot on?
Before you authorise a Copilot rollout, five checks will tell you whether your Microsoft 365 environment is in a state where the enterprise protections actually hold. Skipping them doesn’t mean Copilot fails. It means you won’t know what it can access until something surfaces that surprises you. A few hours of preparation avoids many unpleasant discoveries after the fact.
First, confirm you are enabling Microsoft 365 Copilot with Enterprise Data Protection and that staff will use it via their organisational Microsoft accounts, not personal ones. The licensing route and the sign-in context both determine whether the enterprise commitments apply.
Second, run a permissions audit before rollout. Use SharePoint and Teams permission reports to find any document libraries or sites shared with everyone in the organisation or with external guests, then tighten access to HR, finance, and client folders so only the appropriate roles can reach them.
Third, review your sensitivity labels. Test how Copilot handles summarising labelled content and whether outputs carry the appropriate classification. Where they do not, adjust your information protection policies or staff training accordingly.
Fourth, enable audit logging in Microsoft Purview and set retention periods that meet your regulatory requirements. Copilot interactions are available for eDiscovery and compliance review, but only if you have configured the policies to capture them. FCA-regulated firms should check that Copilot activity logging aligns with existing record-keeping obligations.
Fifth, update your acceptable use policy to explicitly prohibit the use of consumer AI tools, including the free version of Copilot, for client data and commercially sensitive information. Train staff on what Copilot can see, which is everything the signed-in user already has access to, and on checking outputs for accuracy before sharing externally.



