The correct selections are No, No, Yes . Microsoft states that for Microsoft 365 Copilot , customer prompts, responses, and Microsoft Graph grounding data aren’t used to train foundation models . Microsoft also explains that Copilot processes organizational data within the service boundary and applies the same commitments that protect Microsoft 365 customer data. That makes statements 1 and 2 No . Microsoft further documents that Microsoft 365 Copilot grounds responses using Microsoft Graph and only surfaces data that the user is permitted to access , so it respects existing identity, access, and permission controls in the tenant. That makes statement 3 Yes .
This behavior is a core part of Copilot’s enterprise design. Microsoft describes Copilot as inheriting your organization’s existing Microsoft 365 permissions model, including access controls on content in SharePoint, OneDrive, Exchange, Teams, and other Microsoft 365 services. So Copilot does not grant new access; it works within the permissions already assigned to the signed-in user.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit