Edit

Share via

Recommended configuration for Copilot alignment to the ASD Blueprint

  • Article

The Copilot for Microsoft 365 configuration and planning guide intended for Australia and New Zealand sensitive and regulated industry customers, and is in alignment with the Australian Signals Directorate (ASD) Blueprint for Secure Cloud configuration guidance for Microsoft 365.

This section refers to a recommended configuration. Recommended elements address configuration that is considered appropriate and fit for purpose for a sensitive environment. Deviating from these recommendations doesn't prevent Copilot from functioning but may reduce overall functionality and could increase your risk exposure.

Office release channel

Copilot for Microsoft 365 requires the Microsoft 365 Apps version of Office and isn't supported on older versions. Copilot for Microsoft 365 is available on the Current and Monthly Enterprise update channels of Microsoft 365 Apps.

Customers choose their update channel based on their user requirements and risk assessment, balancing access to the latest features (Current) and a more stable build version (Monthly Enterprise). Both are suitable for sensitive environments and can be applied to user groups or individual users.

Office Customization Tool configuration for Update Channel.

For more information on how to configure your update channel, see how to change your channel for Copilot.

The Office Customization Tool is available to help build your Microsoft 365 Apps configuration, including the choice of Update Channel.

Customers must also ensure that the Office Feature Updates task is enabled for the Office applications to continue to work with Copilot correctly. The Office Feature Updates task checks for updates to Connected experiences in Microsoft 365, such as Copilot.

Feedback samples

While it's standard practice in sensitive environments to disable in-product feedback mechanisms, it's worth reiterating that advice in relation to Copilot for Microsoft 365 as interaction and response interactions can be submitted to Microsoft if the Allow users to include log files and content samples when feedback is submitted to Microsoft policy is enabled.

For this reason, we recommend disabling the Allow users to include log files and content samples when feedback is submitted to Microsoft policy.

While this can be configured with Group Policy in Active Directory Domain connected environments, it must be configured in the Cloud Policy of Microsoft 365 at a minimum, given the web experiences and modern apps are controlled exclusively by the Cloud Policy. Rich client Office applications (Win32 apps) can be controlled by both Group Policy and Cloud Policy, with Group Policy taking precedence where both are in use. For organizations that use a combination of Group Policy and Cloud Policy it's recommended that these are kept in alignment with one another to avoid confusion.

Feedback Cloud Policy.

Feedback Cloud Policy is configured from the Microsoft 365 portal

For more information about Feedback policies, see managing feedback policies.

Note

Connected experiences policy is also controlled by both the Group Policy and Cloud Policy mechanisms that control feedback.

Microsoft Teams

One of the most popular features of Copilot for Microsoft 365 is the integration with Microsoft Teams. Copilot integrates into Teams in two distinct ways:

  1. To help everyday tasks such as summarizing & recapping meetings and helping answer questions in chats and channels.
  2. As a stand-alone Copilot chat experience.

The Copilot chat experience that is surfaced in Microsoft Teams is referred to by its full name as Microsoft Copilot with Graph-grounded chat, which is reflected in the license element controls availability of the feature more broadly.

This is the conversational general-purpose Copilot chat experience that can be accessed not only through Microsoft Teams but also in the web-based Copilot experiences, in the Microsoft Edge browser, in the Windows desktop, and in Copilot mobile apps.

Customers are advised to consider the following configuration elements when enabling Copilot for Microsoft 365 integration with Microsoft Teams:

Teams meetings

Copilot in Teams meetings allows users to get up to speed on meetings they're late to join and obtain a structured meeting recap with notes for meetings that have finished. Users can also ask Copilot questions about the content and discussion that occurred within a meeting.

For Copilot to be able to work in a meeting there needs to be a transcript generated by Teams. This creates a decision for organizations to consider how Teams operates in this scenario. There are fundamentally two ways that Copilot can work with transcription: Retained transcripts and Temporary transcripts.

Retained transcripts

Retained transcripts can be started by a user in the meeting or automatically by meeting configuration, transcripts are created and stored with the meeting according to the organization’s retention settings.

These transcripts can be accessed by users, downloaded, and retained or deleted in a timeframe of the organizations choosing.

This is the most feature rich experience because it allows Copilot to continue to answer questions and reference details of the meeting for as long as the transcript is retained.

Temporary transcripts

For organizations with concerns about the retention and discoverability of transcripts, this option creates a temporary transcript just for Copilot. It isn't discoverable or downloadable and is irrevocably removed upon completion of the meeting.

After Copilot has completed its meeting notes, the transcript is destroyed. This benefits organizations that don't want the transcript to be created in a way that users or discovery processes could retrieve. But the trade-off is that once the meeting has finished Copilot can no longer be used to discuss the meeting content.

Transcription method

The decision about which transcript method to use isn't determined by the classification of the environment. A sensitive environment may utilize either transcription method. The Australian Privacy Principles and Privacy Act isn't prescriptive of the method chosen by the organization. Each customer decides which model best suits their need to retain versus dispose of meeting transcripts to meet their own retention and discovery obligations and desires.

The flexibility of Teams meeting policies means that different users can be subject to different requirements, giving organizations a high degree of configurability to provide different settings for different user groups.

Teams Meeting policies

Teams Meeting policies are configured in the Microsoft Teams admin portal.

Teams meeting policies can be configured for a wide variety of customer needs, therefore it's important to develop a good understanding of the features and settings available to get the right configuration for your organization’s requirements.

Teams Meeting policies for Copilot.

The meeting policy transcription setting determines the ability of a user to trigger the creation of a retained transcript.

Specifically, if the transcription setting is Off then affected users won't be able to trigger the creation of a retained transcript.

How this affects Copilot is then based on two settings, the meeting policy Copilot setting for the user, and the recording & transcript meeting options chosen when the meeting was created.

The meeting policy Copilot setting can be On only with retained transcript or On. This allows an administrator to require retained transcripts for a user to access Copilot, or to allow a user to engage with Copilot through either a retained or temporary transcript. By combining this setting with the meeting policy transcript setting, a range of scenarios can be established based on the specific requirements of individual organizations and user groups.

The third element that alters the way Copilot functions within a meeting is the meeting organizer’s choice when configuring the 'Recording & transcript' settings of a scheduled meeting itself.

The meeting option Record and transcribe automatically is available, if the meeting policy that user has Transcription set to on. When Record and transcribe automatically is enabled, it creates a retained transcript as soon as the meeting begins. Copilot is available to licensed users in such a meeting.

If automatic recording and transcribing isn't enabled, then the Who can record and transcribe and Allow Copilot settings become available to configure and will affect how Copilot operates.

The Who can record and transcribe setting determines who can enable recording and transcription.

The Allow Copilot setting has two options:

  • Only during the meeting: This setting instructs Copilot to create a temporary transcript when the meeting begins and dispose of it at the end of the meeting. Therefore, Copilot isn't available after the meeting finishes, unless a user turns on transcription during the meeting. This creates a retained transcript that Copilot can use after the meeting finishes.
  • During and after the meeting: This setting enables a user in the meeting to turn on transcription, creating a retained transcript, which Copilot uses to provide functionality during and after the meeting finishes.

For more information on Teams Meeting Copilot configuration, see Transcription settings.

Copilot chat

Copilot for Microsoft 365 offers AI chat directly inside Microsoft Teams. This is a general-purpose chat experience that provides a way to answer questions, perform research, and draft content. To ensure this is available to Copilot users, you need to confirm that the Teams App Integration isn't blocked by any app blocking policy you may have in place.

Check the app availability by navigating to the Teams Admin Portal and then the Teams apps, Manage apps menu. Locate and select on the Copilot app integration.

Copilot app for Microsoft Teams.

Note

You can use the search box on the Manage apps page to narrow down the list of available apps by entering 'Copilot'

Once you navigate to the app details page, if you find that the app is blocked, unblock the app by selecting Unblock app:

The Copilot Teams app blocked by policy.

If the Teams app is unblocked and allowed, then Copilot enabled users find the Copilot chat app pinned to the top of the Chat tab in Microsoft Teams:

Copilot chat in Microsoft Teams.

Access to web content (Bing integration)

Copilot for Microsoft 365 comes with a web content integration from Microsoft Bing as a way to augment the trained knowledge of the service and information gathered from within your Microsoft 365 environment with public web content from Bing. For more information, see service architecture.

This integration operates in the grounding phase of the Copilot process as a mechanism to access relevant, up to date public information from the internet. This is done by rewriting the user interaction into search keywords that are sent to Bing anonymously. Relevant results from Bing are then used alongside internal data to create a response in the Large Language Model.

For example, below you can see the interaction 'Who won the most recent Ashes series?' run by Copilot first with web content disabled, and then later with it enabled.

Copilot can't answer this question with web content disabled:

Copilot cannot answer this question with web content disabled.

Copilot can answer with web content enabled:

Copilot can answer with web content enabled.

While Copilot for Microsoft 365 runs within the Microsoft 365 Service Boundary, plugins operate outside that boundary. This is true for the integrated web content plugin too. Although Bing is a Microsoft first party service that connects over the Microsoft network, it is outside the Microsoft 365 Service Boundary and hasn't been IRAP assessed. Therefore, Microsoft can't assert that Bing is suitable for handling classified material.

Copilot for Microsoft 365 will not send the following information to Bing:

  • The user’s original interaction
  • Whole Microsoft 365 files (that is, entire documents or emails)
  • Identifying information from the user’s Microsoft Entra ID object, such as username, domain, the user ID, or tenant ID

Importantly, and consistent with use of Microsoft Copilot with Commercial Data Protection, the search queries created by Copilot for Microsoft 365 and sent to Bing:

  • Aren't stored in, and have no bearing on, the ranking parameters of the Bing Search index.
  • Aren't made accessible via the Bing Webmaster tools or any other tools provided to third parties (including Microsoft partners or advertisers).

However, while Microsoft takes strong measures to protect customer data security, privacy, and compliance, Bing isn't currently assessed for suitability to handle classified material. Customers with sensitive environments need to take this into consideration.

It's recommended that initially, while users are becoming familiar with Copilot for Microsoft 365, this feature is disabled for any users that handle sensitive material.

Tenant-level web content plugin setting.

The tenant-level web content plugin setting is configured from the Microsoft 365 admin portal.

Once users become familiar with Copilot for Microsoft 365, it may be appropriate to introduce web content integration with relevant staff training. When enabled by administrators, web content can be turned on or off by the end user as needed. This puts the end user in control of when information from the current session may be sent to Bing.

End-user web content setting.

As users can turn the web content plugin on and off at will, it's possible to use this feature responsibly. This is similar to an end user deciding what and when to engage with a public search engine today. However, with the Copilot for Microsoft 365 web content plugin more privacy controls are applied than in consumer web search.

It's recommended that staff utilize the web content plugin on a session-by-session basis, enabling the plugin to engage with material from the web, and then disabling it at the start of a ‘New Chat’ to engage with more sensitive information.

Copilot Chat with the New chat button visible.

For more information about Copilot experiences with web content, see Microsoft Copilot with Commercial Data Protection.

Microsoft Copilot with Commercial Data Protection

Microsoft Copilot with Commercial Data Protection is a separate Copilot experience that isn't part of Copilot for Microsoft 365 and can't connect itself with Microsoft 365 data. It's connected to the web through Bing. Commercial Data Protection builds on the consumer Microsoft Copilot experience by adding specific data protection commitments for commercial customers.

Every Copilot for Microsoft 365 customer has access to the Commercial Data Protection offering through their qualifying Office 365 or Microsoft 365 licensing.

Microsoft Copilot with Commercial Data Protection brings stronger security, compliance, and privacy commitments beyond what a consumer service may provide, such as:

  • Commitment not to train the underlying AI model on your interactions and data.
  • Interactions and responses are encrypted and not visible to Microsoft staff.
  • No linking of your users’ interactions back to them or your organization.

Importantly, and consistent with use of Copilot for Microsoft 365, the search queries created by Microsoft Copilot with Commercial Data Protection and sent to Bing:

  • Aren't stored in, and have no bearing on, the ranking parameters of the Bing Search index.
  • Aren't made accessible via the Bing Webmaster tools or any other tools provided to third parties (including Microsoft partners or advertisers).

Microsoft Copilot wasn't included in the IRAP assessment of Copilot for Microsoft 365 and is intrinsically linked with Bing for access to the web. Therefore, isn't appropriate for handling classified material.

However, just as many organizations allow staff to access a web search engine today, training their staff to avoid entering sensitive information into the search engine, Microsoft Copilot with Commercial Data Protection can provide a safe, secure, and private way to access generative AI functionality without using a consumer-grade public internet service that risks exposing government information to unknown third parties, or training an AI model with your data.

For these reasons, Microsoft Copilot with Commercial Data Protection is recommended for customers that allow public web search engine access from their end user compute environment as an alternative to less secure public generative AI services.

To configure Microsoft Copilot with Commercial Data Protection, customers should perform the implementation steps in this link.

Enforce Commercial Data Protection

To ensure that users only engage with Microsoft Copilot when Commercial Data Protection is active, and not with the consumer service, configuration is required. The configuration that needs to be applied redirects users from the consumer service to the Commercial Data Protection service.

There are three ways to enforce the use of Commercial Data Protection:

  1. DNS CNAME: Create DNS redirects for various Copilot entry points:

    • For Copilot in Bing, Copilot in Microsoft Edge, and Copilot in Windows: Update your DNS configuration by setting the DNS entry for <www.bing.com> to be a CNAME for nochat.bing.com.
    • For copilot.microsoft.com and the Copilot mobile app: Update your DNS configuration by setting the DNS entry for copilot.microsoft.com to be a CNAME for cdp.copilot.microsoft.com.

    For more information on Active Directory Domain Services DNS configuration, see Active Directory Domain Services DNS configuration.

  2. Header injection: Append the following HTTP header to all outgoing requests to <www.bing.com>, edgeservices.bing.com, and copilot.microsoft.com:

    • x-ms-entraonly-copilot: 1

  3. Destination Network Address Translation (DNAT): Use your corporate firewall to perform Destination Network Address Translation (DNAT):

    • For Copilot in Bing, Copilot in Microsoft Edge, and Copilot in Windows: Resolve <www.bing.com> and edgeservices.bing.com to DNAT IP address nochat.bing.com.
    • For copilot.microsoft.com and the Copilot mobile app: Resolve copilot.microsoft.com to DNAT IP address cdp.copilot.microsoft.com.

Apply the user license

Each user that is to have access to Microsoft Copilot with Commercial Data Protection needs to have the 'Commercial data protection for Microsoft Copilot' license element (License ID: 0d0c0d31-fae7-41f2-b909-eaf4d7f26dba) applied to their Microsoft Entra ID user object.

Apply the Commercial data protection for Microsoft Copilot license item.

The Commercial data protection for Microsoft Copilot license element is included with the Copilot for Microsoft 365 prerequisite license types of Office 365 Enterprise and Frontline, and Microsoft 365 Enterprise, Business, Frontline, and Education.

Auditing, discovery, and retention

When implementing any new technology, it's important to consider auditing of use, the search, and discovery processes that exist, and policies applied the retention of material. Copilot for Microsoft 365 is no different, though as it's integrated into Microsoft 365 it's more a matter of understanding where to go and what you find, rather than needing to set up any new mechanism you don't already have.

Quick access to the auditing, discovery, and retention settings (plus sensitivity labels and communication compliance settings) is made available from the Copilot settings page in the Microsoft 365 admin portal.

Data security and compliance quick links.

Organization administrators can access the Copilot data security and compliance quick links from the Microsoft 365 admin portal.

Auditing

Every interaction with Copilot generates an audit log entry in the same way as user actions in SharePoint, OneDrive, or Teams do today. The standard Microsoft 365 audit logs now include a category of audit entry for Copilot named Copilot Interaction.

Audit log data for a Copilot Interaction.

In the audit log data above the Activity, Operation, and Workload information all points to a Copilot interaction, and the JSON payload of the CopilotEventData entry indicates which resources were accessed as part of the interaction, the originating host application, and the chat thread ID. This information can be used to access the user interaction and Copilot response. For more information, see retention and discovery.

Retention

Copilot for Microsoft 365 prompt and response interactions are stored as Microsoft Teams messages, in the same way as chat messages between two users are stored by Teams today. This data is held in the user’s mailbox storage and is subject to Microsoft 365 retention and disposal policies in the same way as Teams chats.

Organizations implementing Copilot for Microsoft 365 should consider the retention and disposal requirements for such interactions and ensure retention and/or disposal policies are in place to enable discovery and retrieval of user interactions with Copilot as needed.

Configuring a retention policy for Teams chats and Copilot interactions.

As with other retention policies, Teams chats and Copilot interactions can be retained for any chosen duration, including indefinitely, and optionally deleted automatically at the end of the retention period. Copilot for Microsoft 365 customers should decide on a suitable retention period and apply an appropriate policy to match from the Microsoft Purview portal.

Continuing configuring a retention policy for Teams chats and Copilot interactions.

eDiscovery

As Copilot for Microsoft 365 interactions are stored in the same manner as chat messages from Microsoft Teams, the same Content Search and eDiscovery features are available to customers to access them.

Copilot for Microsoft 365 introduces a new content type for the discovery features in Microsoft 365 called Copilot interactions.

When performing a Content Search, using the Copilot interactions type allows an administrator or eDiscovery officer to locate specifically the interactions of a given user or group, or to locate a specific interaction that has been identified through audit logs.

Regardless of whether you're an administrator or a manager of an eDiscovery case, Copilot interactions are recorded and can be retrieved while within their default retention period or covered by a retention policy.