Microsoft is leaking more and more Microsoft 365 Copilot data online. I found an interesting picture below on how Microsoft 365 Copilot works and from where it pulls data.
Few important premises to know:
✅ Microsoft 365 Copilot only surfaces data to which users have at least VIEW permissions
✅ Microsoft 365 Copilot will look at the sharing links, what are the sharing links where user has access, it will use that data for crafting replies
✅ Have clean permissions that are available in Microsoft 365, paz attention to oversharing
✅ In SharePoint ensure the right users or groups have the right access to the right content within your organization.
✅ Microsoft 365 Copilot only searches for information from the user’s tenant.
✅ Microsoft 365 Copilot looks only in the tenant where user is in the in Azure AD (Entra? Happy that MSFT kept the same icon as before so now in the Azure portal I can find Azure AD easily because I am not used yet to new name).
✅ Microsoft 365 Copilot doesn’t look at other tenants where the user has access via B2B direct connect
✅ Microsoft 365 Copilot doesn’t look at other tenants where the user has access as the guest user