Microsoft 365 Copilot does not train the underlying large language model on your organization’s tenant data. Instead, it uses your organization’s data at run time to ground responses (for example, by retrieving relevant emails or documents you have permission to access). This separation protects confidentiality and supports enterprise compliance.
If a mailbox (or specific folders) is shared with you and your account has the required permissions, Copilot can summarize emails from that shared content because Copilot respects Microsoft 365 access controls (“permission trimming”).
Copilot also relies on Microsoft 365’s established security and compliance framework—identity, permissions, and policy enforcement—so it only surfaces content you’re authorized to see. This ensures Copilot’s outputs remain aligned with organizational governance, information protection, and least-privilege access principles.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit