Guide · Security & Privacy · 24 June 2026

Microsoft Copilot Security & Privacy Guide (Australia, 2026)

How Microsoft 365 Copilot handles your data, whether it trains on your prompts, and how to configure it for Australian Privacy Principles — a plain-English guide for small business owners.

Every Melbourne business owner we talk to asks the same two questions about Microsoft 365 Copilot before they switch it on: "Does it train on our data?" and "Is it safe under Australian privacy law?" Short answers: no, and yes — if you configure it properly. The long answers are below, in plain English, written for owners and office managers rather than IT auditors.

The version of Copilot matters

"Copilot" is a brand Microsoft uses for at least four different products with very different data protection postures. Get this part right and the rest of the security conversation falls into place:

  • Microsoft 365 Copilot — the paid add-on for business and enterprise plans. Covered by commercial data protection. Your prompts and responses are not used to train foundation models.
  • Copilot Chat (formerly Bing Chat Enterprise) — free with most Microsoft 365 business plans. Also covered by commercial data protection when staff are signed in with their work account.
  • Copilot in Edge sidebar — protection follows the sign-in. Work account = enterprise protection. Personal account = consumer terms.
  • Free consumer Copilot (copilot.microsoft.com) — different terms; Microsoft can use prompts to improve services unless the user opts out. Do not let staff paste client data into this version on a personal device.

Commercial data protection — what it actually promises

Microsoft's commercial data protection commitments for Copilot are written into the Microsoft Product Terms and apply automatically to eligible Microsoft 365 plans. The three guarantees that matter most to small business owners:

  1. No training on your data. Prompts, responses and content accessed via Microsoft Graph are not used to train the underlying large language models.
  2. Logical isolation. Your tenant's data is processed within the Microsoft 365 service boundary and not shared with other customers.
  3. Permission inheritance. Copilot can only surface content the user already has permission to see in SharePoint, OneDrive, Outlook and Teams.

How to configure Copilot for the Australian Privacy Principles

The APPs make you (the business) accountable for personal information you collect and hold, including what you feed into AI tools. Here is the configuration we walk every Melbourne client through before they roll Copilot out:

  1. Run a SharePoint over-sharing review first. Use Microsoft's SharePoint Advanced Management (SAM) or the free Data Access Governance reports to find sites with "Everyone except external" or anonymous links. Fix those before Copilot is licensed for users — Copilot is a spotlight, not a leak.
  2. Turn on sensitivity labels (Purview Information Protection). Label client files as Confidential and Copilot will respect the label — it can still summarise the content for an authorised user but won't copy labelled content into unlabelled outputs.
  3. Apply DLP policies to Copilot interactions. Microsoft Purview DLP can block prompts that contain tax file numbers, Medicare numbers, or credit cards from being sent to Copilot or pasted into Copilot Chat.
  4. Set a retention policy. Decide whether Copilot interactions are kept for 30 days, 1 year, or indefinitely, and apply a Purview retention policy to "Teams chats and Copilot interactions". Default is to follow the user's mailbox retention.
  5. Restrict the consumer Copilot on managed devices. Use Intune to block copilot.microsoft.com and Edge sign-ins with personal accounts on work devices. Staff get the protected version; they can't accidentally use the unprotected one.
  6. Update your APP-compliant privacy policy. Disclose that you use Microsoft 365 Copilot to process personal information, that Microsoft is your processor, and that data may be processed in Microsoft data centres outside Australia for the AI step. This is required under APP 1.4 and APP 8.
  7. Train your team. The single biggest Copilot security incident pattern in 2026 is staff pasting client data into the wrong Copilot. A 30-minute induction prevents it.

Common questions

Does Microsoft Copilot use your data for training?

No — Microsoft 365 Copilot (the commercial, work-account version) does not use your prompts, responses, or any data accessed through Microsoft Graph to train the foundation large language models. This is covered by Microsoft's commercial data protection commitments and the Microsoft Product Terms. The free consumer Copilot (the one you get when signed in with a personal @outlook.com account) is a different product with different terms — assume that one can be used for training unless you explicitly opt out.

Where does my data go when I use Copilot?

Prompts and responses are processed by Azure OpenAI inside Microsoft's commercial cloud. For Microsoft 365 Copilot, processing happens within the Microsoft 365 service boundary your tenant already lives in. For Australian tenants on Microsoft 365 with data residency in Australia, the user content stored in Exchange, SharePoint, OneDrive and Teams stays in the Australian region; transient prompt processing may use the nearest available Azure OpenAI capacity, which Microsoft documents in the EU Data Boundary and regional commitments pages.

Is Microsoft Copilot compliant with the Australian Privacy Principles (APPs)?

Microsoft 365 Copilot inherits the same compliance posture as the rest of Microsoft 365 — IRAP assessed at PROTECTED, ISO 27001, SOC 2, and aligned to the Australian Privacy Principles when configured correctly. Compliance is shared responsibility: Microsoft handles the platform, you handle access control, what data is exposed to Copilot, and your own APP obligations as the data controller.

Can Copilot see files I don't have access to?

No. Copilot respects existing Microsoft 365 permissions. If a user can't open a SharePoint file directly, Copilot can't surface its contents to them either. The risk is the opposite: over-shared sites (e.g. an old 'Everyone except external users' SharePoint library) suddenly become very easy to discover. The fix is permission hygiene, not turning Copilot off.

Does Copilot store my prompts forever?

Prompt and response history is stored in the user's mailbox as a hidden item and is subject to your tenant's existing retention policies. Admins can apply Purview retention and eDiscovery to Copilot interactions the same way they do for Teams chat.

What about Copilot in Edge or Bing on a work device?

Copilot in Edge (the sidebar) and Bing Chat Enterprise also benefit from commercial data protection when the user is signed in with their Entra ID work account — chat data is not retained beyond the session, and is not used for training. If staff sign in with a personal account on a work device, that protection does not apply.

A note on shared responsibility

Microsoft's job is to keep the platform secure, compliant, and free from training-on-your-data. Your job is everything else: who you give licences to, what's in your SharePoint, how you label sensitive files, what your staff are allowed to paste in, and what you tell your customers in your privacy policy. Copilot doesn't change the APPs — it just makes the consequences of getting them wrong faster.

Want help configuring Copilot safely?

Ground-Up AI runs a one-day Copilot Readiness Review for Melbourne small businesses — SharePoint over-sharing scan, sensitivity labels, DLP for Copilot, staff induction, and an APP-compliant privacy policy update. No big-bang transformation, no upsell.

Talk to us

This article is general information for Australian small business owners and does not constitute legal advice. For advice specific to your obligations under the Privacy Act 1988, consult a qualified privacy lawyer.