Microsoft’s Copilot with Data Protection to get prompt retention and more

Mary Jo Foley is the Editor in Chief at Directions on Microsoft. Before joining Directions, Mary Jo has worked as... more

Microsoft is making changes to how customers of its Copilot with Data Protection (the Copilot formerly known as Bing Chat Enterprise) will use and access its AI service starting in mid-September. The most notable change will happen around prompt retention and discoverability. Until now, Microsoft officials touted that Microsoft didn’t retain chat prompts and responses with this Copilot. But beginning in September, Microsoft will start to do so, in the name of compliance, auditing, and discovery.

The Bing Chat Enterprise version of Copilot — which is accessible to those who sign in with their Entra ID accounts — has included Commercial Data Protection since November 2023. Microsoft officials said in an August 15, 2024, blog post that this Copilot version will now include “Enterprise Data Protection” starting this September.

Directions on Microsoft asked Microsoft if there’s a difference between Commercial and Enterprise Data Protection (and if so, what it is) but have not yet received a response.

Microsoft’s Frequently Asked Questions (FAQ) page doesn’t offer any further clues about what’s changing from Commercial Data Protection beyond this:

“Enterprise data protection (EDP) refers to controls and commitments, under the Data Protection Addendum (DPA) and the Product Terms, that apply to customer data for users of Copilot for Microsoft 365 and Microsoft Copilot. The use of the term EDP is not meant to limit the benefits offered under the DPA and Product Terms.”

However, there are some answers buried in a comment on Microsoft’s August 15 blog post about the differences between Commercial Data Protection and Enterprise Data Protection, courtesy of a Microsoft representative. According to that person, Enterprise Data Protection adds the following to the list of privacy and security features already in Commercial Data Protection:

Prompts and responses will stay within the Microsoft 365 service boundary, and all associated data handling commitments will apply — including support for GDPR, and ISO/IEC 27018 (Copilot for Microsoft 365 runs on the ISO 27018 certified Microsoft 365 platform)
Prompts and responses can be logged and have retention policies applied to them
Prompt and responses will be available for eDiscovery and other Purview capabilities
Commercial use of Microsoft Copilot will be covered by the Data Protection Addendum for all prompts and responses
Ads will not be displayed in Copilot chat web scope

Commercial Data Protection already delivers several of the benefits Microsoft is highlighting as being included in Enterprise Data Protection. For example, chat data sent to and from copilot with Commercial Data Protection is encrypted. And chat data isn’t used to train the underlying large language models with Commercial Data Protection.

As noted by the company representative and in a footnote on Microsoft’s blogpost: “Microsoft Copilot for Microsoft 365 runs on the ISO 27018 certified Microsoft 365 platform. Microsoft Copilot will start rolling out to the same platform in the second half of September 2024 for users signed in with a Microsoft Entra account.” I’d assume this means that Copilot Bing Chat Enterprise has been running on the Bing platform to date.

Microsoft To Admins: Put a Pin on It

As explained in more detail in a message in the Microsoft 365 admin center (MC862983), Microsoft also is updating the interface for this version of Microsoft Copilot for work and education customers. (Government cloud customers and students under 18 are not yet eligible to use Copilot with Data Protection.)

Beginning in mid-September, once eligible Copilot users are logged in with their Entra accounts, they will be redirected to a new, centralized Microsoft.com/copilot site if they are accessing Copilot via the Web. Windows users signed in with their Entra accounts will be redirected to the Microsoft 365 app and can access Microsoft Copilot there. Mobile users who have been using the Copilot mobile app with their Entra accounts will be redirected to the Microsoft 365 Mobile app and given the option to access Copilot there instead. The Copilot mobile apps are being discontinued and replaced by the Microsoft 365 app.

Microsoft also is using this redirection — which officials said will be complete by mid-October 2024 — to try to get administrators to pin Microsoft Copilot to users’ task bars and/or in the Microsoft 365 app. (Those who have licenses for Copilot for Microsoft 365 already see Copilot pinned in these ways.)

Microsoft is planning to make the Bing Chat Enterprise Copilot pinning option part of Outlook and Teams at some point in the future, according to the Message Center post. If admins do not make a pinning selection by mid-September, Microsoft will prompt their users to pin Copilot for themselves (though admins can disable this from happening.)