Menu
We Do Your IT Support offers comprehensive Microsoft Copilot security assessments for small and medium-sized businesses across Bristol, Bath, Cheltenham, Swindon, Gloucester, and the wider South West. Our security review helps SME owners and office managers understand exactly what risks Copilot poses to their business data and what safeguards must be in place before switching it on.
Microsoft 365 Copilot is a generative AI tool built into the Microsoft 365 apps your team already uses: Word, Excel, Teams, SharePoint, and others. It uses something called Microsoft Graph (which connects all of your organisational data) along with large language models powered by the Azure OpenAI Service to summarise documents, draft content, and answer questions about your business information. Microsoft Copilot protects user data by operating within the secure Microsoft 365 service boundary, and Enterprise Data Protection (EDP) standards are enforced by Microsoft Copilot across your environment. Copilot treats customer prompts and responses like confidential emails, and Copilot interactions are encrypted using Transport Layer Security (TLS) and IPsec.
So the technology itself is secure and aligned with responsible AI principles. But here is what matters most: Copilot uses existing Microsoft 365 data permissions for access control. It only respects the existing data permissions already in place in your environment. If a member of staff can access a file through SharePoint or Teams, Copilot can surface that information in its responses. It does not grant anyone new access they did not already have … but it does make existing access far more visible.
For many organisations, this is where the real risk sits. Years of ungoverned data sharing in SharePoint and Teams, old project sites left open, broad “Everyone” permissions, former staff accounts never cleaned up, this means sensitive data may be accessible to people who would never normally go looking for it. Copilot does not create these problems, but it brings them to the surface. The technology is secure; your existing privacy and data governance determines how safely it operates.
Customer data in Microsoft Copilot is isolated within unique organisational tenants, meaning your data stays within your Microsoft 365 environment. Microsoft maintains privacy commitments such as GDPR in the European Union, and data processed by Copilot is not used to train AI models or shared with other customers. These are important assurances. But data safety ultimately depends on what is already happening inside your tenant.
The primary concern for most enterprise users is straightforward: Copilot can access all sensitive data a user can access. That means if business sensitive data – salary spreadsheets, customer records, strategic plans, confidential data about clients – sits in a SharePoint site or Teams channel that too many people have access to, Copilot may surface it in generated responses.
This is not a theoretical problem. Over 15% of business-critical files are at risk from oversharing, and over 3% of sensitive data was shared organisation-wide without concern. A 2025 report from Concentric AI found that on average, each organisation has roughly three million sensitive data records accessible through Copilot. In regulated sectors like finance and healthcare, that figure was even higher. It is no surprise that 67% of enterprise security teams are concerned about AI data exposure. The U.S. Congress even banned Copilot use due to data security concerns – not because the tool itself was insecure, but because of the data governance challenges it exposes.
Here are the key security risks to be aware of:
Confidential files shared too broadly years ago can appear in Copilot’s responses to users who technically have access but who were never intended to see them. Employee salary data, customer information, and strategic documents may surface to the wrong people simply because erroneous access permissions were never corrected.
Without proper data classification, Copilot cannot distinguish between public and confidential information. If sensitivity labels are missing or misapplied, there is no mechanism for content filtering or content blocking to prevent sensitive information from appearing in responses. Copilot outputs do not always inherit sensitivity labels from source files, which means data leakage can occur if classification is inconsistent. Microsoft Purview can help enforce these policies, but only if applied correctly.
Many organisations have accumulated years of broadly shared sites where access controls were never tightened. These amplify risks significantly when Copilot is switched on, because the AI tool can now pull from all of that data accessed by the current user.
Prompt injections can lead to unauthorised data retrieval in Copilot. The “Reprompt” exploit, discovered by Varonis Threat Labs and patched on 13 January 2026, showed how malicious instructions hidden in a crafted link could trick Copilot into retrieving file listings or location data and sending them to an external server. Microsoft now uses classifiers to detect and block prompt injections, but staying up to date with patches is essential.
A technique known as “CoPhish” uses malicious Copilot Studio agents to trick users into granting OAuth permissions, giving attackers direct access to email, calendars, and chats. This is a reminder that user behaviour remains a risk factor alongside technical controls. Microsoft Entra ID plays a key role in identity and access management to reduce these risks.
If staff copy and paste sensitive information into Copilot chat, that content may lose its labels or sit outside governed storage, creating potential data leakage.
Copilot applies filters to avoid generating sexual content, discriminatory content, self harm, or other harmful or innapropriate content. However, no system is perfect, and user feedback mechanisms are in place to report inappropriate outputs. This is part of Microsoft’s commitment to responsible AI.
Conducting data audits helps identify over-permissioned accounts. The Principle of Least Privilege should be applied to SharePoint and OneDrive permissions – meaning every person should have access only to what they need for their role, nothing more. Organisations must regularly review permission settings in Microsoft 365. Look for “Everyone” permissions, external sharing links, orphaned Teams with no owners, and old user accounts that were never removed. Microsoft recommends using zero trust for data access management, and Conditional Access can enforce multi-factor authentication for accessing Copilot.
Microsoft Purview Information Protection lets you classify your data types – for example, Public, Internal, Confidential, Highly Confidential – and apply sensitivity labels that travel with the document. Sensitive items labelled “Highly Confidential” are enforced with corresponding rights in Copilot. You can also set up DLP policies (Data Loss Prevention) through Microsoft Purview Data Loss Prevention (DLP), which can be used to restrict Copilot’s access to sensitive information, and Purview’s trainable classifiers can scan across Microsoft 365 apps to discover sensitive content automatically.
AvePoint provides automated governance tools that detect risky permissions, alert you to configuration drift (where security settings slowly change away from compliance), and manage recertification – periodic checks that the right users still have the right access. This is especially useful for data security teams who need visibility without manually checking every site.
ThreatLocker Web Control adds an extra layer of data protection by blocking malicious URLs, phishing attempts, and untrusted web content at the network level. It includes allow-list and deny-list controls and site categorisation, which helps prevent harmful content or malicious instructions from reaching your team through links in SharePoint, Teams, or Microsoft Edge.
Switching Copilot on without training is a recipe for misuse. A structured AI adoption programme such as Let’s Copilot ensures that in Year 1, your staff understand how Copilot generates responses, what to put into prompts, what not to paste in, how to recognise phishing, and how to follow your governance and security policies. This is not optional – it is how you make Copilot capabilities productive and safe at the same time.
Detailed analysis of your current SharePoint and Teams permission models – identifying where over-permissioned access creates risk
Assessment of your data classification maturity and sensitivity labelling gaps, including whether Microsoft Purview is deployed and configured correctly
Review of existing security policies and identification of Copilot-specific risks, including DLP policies, privacy controls, and access controls
A written report outlining specific vulnerabilities and prioritised remediation steps, so you know exactly what to fix and in what order
A practical roadmap for safe Copilot implementation, with recommended security tools and processes tailored to your business
Ongoing support options to implement security measures, monitor Copilot usage, and adjust as new capabilities and AI features are released by Microsoft services and Microsoft products
Copilot is safe when proper data governance and access controls are in place. It respects existing Microsoft 365 permissions and operates securely within your environment. The main risk is from over-permissioned files and ungoverned data, not the tool itself. With correct setup and monitoring, Copilot can be used safely.
Copilot stores conversations for 18 months within your Microsoft 365 tenant, protected by encryption. It does not store organisational data outside your environment and follows your retention policies compliant with regulatory requirements.
No. Your data stays within your tenant and is not used to train AI models or shared with other customers. Microsoft maintains privacy commitments like GDPR and existing privacy standards to protect your information.
Yes, if data is properly classified and labelled using Microsoft Purview. Sensitivity labels carry through Copilot responses, helping protect confidential content. Without classification, risks increase.
No. Microsoft 365 Copilot processes your data only to generate responses and does not use it to train AI models or share it externally. Training data for the underlying AI models comes from publicly available sources, not your tenant data.