The correct selections are Yes, No, Yes . Microsoft states that Microsoft 365 Copilot inherits the security, compliance, and privacy policies already configured in Microsoft 365, including Microsoft Purview sensitivity labels and other compliance controls. That makes statement 1 Yes . Microsoft also explains that Copilot respects existing access controls and compliance boundaries rather than bypassing them.
Statement 2 is No because Microsoft 365 Copilot does not ignore Microsoft Purview DLP . Microsoft documents that Copilot honors the protections applied to the underlying content and works within Microsoft 365’s existing compliance framework. DLP remains part of the environment governing how sensitive data is protected and shared.
Statement 3 is Yes because Microsoft clearly states that Copilot only surfaces content that a user is already authorized to access through existing Microsoft 365 permissions . Copilot uses Microsoft Graph to ground responses, but it does not grant new permissions or expose content outside the user’s allowed scope. Therefore, the correct hotspot answers are Yes , No , and Yes .
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit