Merge pull request #29346 from MicrosoftDocs/main

[AutoPublish] main to live - 08/29 13:29 PDT | 08/30 01:59 IST

Author: m365-skilling-repo-management[bot]

copilot/enterprise-data-protection.md

@@ -15,33 +15,33 @@ ms.collection:
 - must-keep
 - trust-pod
 hideEdit: true
-ms.date: 03/13/2025
+ms.date: 08/29/2025
 ms.update-cycle: 180-days
 ---
 
 # Enterprise data protection in Microsoft 365 Copilot and Microsoft 365 Copilot Chat
 
 ## What is enterprise data protection in Microsoft 365 Copilot and Microsoft 365 Copilot Chat?
 
-The use of Microsoft 365 Copilot and Microsoft 365 Copilot Chat, as used by organizations, are covered by the terms of the [Data Protection Addendum (DPA)](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) and [Product Terms](https://www.microsoft.com/licensing/terms/product/PrivacyandSecurityTerms/all), with Microsoft acting as a data processor.
+The use of Microsoft 365 Copilot and Microsoft 365 Copilot Chat, as used by organizations, is covered by the terms of the [Microsoft Products and Services Data Protection Addendum (DPA)](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) and [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/PrivacyandSecurityTerms/all), with Microsoft acting as a data processor.
 
 Enterprise data protection (EDP) refers to controls<sup>[1]</sup> and commitments, under the Data Protection Addendum (DPA) and Product Terms, that apply to customer data for users of Microsoft 365 Copilot and Microsoft 365 Copilot Chat. The use of the term EDP isn't meant to limit the benefits offered under the DPA and Product Terms.  
 
 ## Enterprise data protection for prompts and responses
 
 Microsoft 365 Copilot and Microsoft 365 Copilot Chat offer the same enterprise terms<sup>[2]</sup> available in our Microsoft 365 commercial offerings.
 
-Use of Microsoft 365 Copilot and Microsoft 365 Copilot Chat involves prompts (entered by users) and responses (content generated by Copilot). With EDP, prompts and responses are protected by the same contractual terms and commitments widely trusted by our customers for their emails in Exchange and files in SharePoint.
+Use of Microsoft 365 Copilot and Microsoft 365 Copilot Chat involves prompts (entered by users) and responses (content generated by Copilot). With EDP, prompts and responses are protected by the same contractual terms and commitments widely trusted by our customers for their emails in Exchange and their files in SharePoint.
 
 - **We secure your data:** We help protect your data with [encryption](/purview/office-365-encryption-in-the-microsoft-cloud-overview) at rest and in transit, rigorous physical security controls, and data [isolation](/compliance/assurance/assurance-microsoft-365-isolation-controls) between tenants.
 
-- **Your data is private:** We won’t use your data except as you instruct. Our commitments to [privacy](https://www.microsoft.com/trust-center/privacy) include support for [GDPR](/compliance/regulatory/gdpr), the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn)<sup>[3]</sup>, [ISO/IEC 27018](/compliance/regulatory/offering-ISO-27018), and our [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
+- **Your data is private:** We won’t use your data except as you instruct. Our commitments to [privacy](https://www.microsoft.com/trust-center/privacy) include support for the [General Data Protection Regulation (GDPR)](/compliance/regulatory/gdpr), the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn)<sup>[3]</sup>, [ISO/IEC 27018](/compliance/regulatory/offering-ISO-27018), and our [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
 
-- **Your access controls and policies apply to Copilot:** Copilot respects your [identity model](microsoft-365-copilot-privacy.md#how-does-microsoft-365-copilot-protect-organizational-data) and [permissions](microsoft-365-copilot-privacy.md#how-does-microsoft-365-copilot-use-your-proprietary-organizational-data), inherits your [sensitivity labels](/purview/sensitivity-labels#sensitivity-labels-and-microsoft-365-copilot), applies your [retention](/purview/retention-policies-copilot) policies, supports [audit](/purview/audit-search?tabs=microsoft-purview-portal) of interactions, and follows your administrative settings. The specific controls and policies will vary depending on the underlying subscription plan.
+- **Your access controls and policies apply to Copilot:** Copilot respects your [identity model](microsoft-365-copilot-privacy.md#how-does-microsoft-365-copilot-protect-organizational-data) and [permissions](microsoft-365-copilot-privacy.md#how-does-microsoft-365-copilot-use-your-proprietary-organizational-data), inherits your [sensitivity labels](/purview/sensitivity-labels#sensitivity-labels-for-microsoft-365-copilot-and-microsoft-365-copilot-chat), applies your [retention](/purview/retention-policies-copilot) policies, supports [audit](/purview/audit-search) of interactions, and follows your administrative settings. The specific controls and policies will vary depending on the underlying subscription plan.
 
 - **You're protected against AI security and copyright risks:** We help safeguard against AI-focused risks such as [harmful content](microsoft-365-copilot-privacy.md#how-does-copilot-block-harmful-content) and [prompt injections](microsoft-365-copilot-privacy.md#does-copilot-block-prompt-injections-jailbreak-attacks). For content copyright concerns, we provide [protected material detection](microsoft-365-copilot-privacy.md#does-copilot-provide-protected-material-detection) and our [Customer Copyright Commitment](https://blogs.microsoft.com/on-the-issues/2023/09/07/copilot-copyright-commitment-ai-legal-concerns/).
 
-- **Your data isn’t used to train foundation models:** Microsoft 365 Copilot Chat uses the user’s context to create relevant responses. Microsoft 365 Copilot also uses Microsoft Graph data. Consistent with our other Copilot offers, prompts, responses, and data accessed through Microsoft Graph [aren't used to train foundation models](https://blogs.microsoft.com/on-the-issues/2024/03/28/data-protection-responsible-ai-azure-copilot/).
+- **Your data isn’t used to train foundation models:** Microsoft 365 Copilot Chat uses the user’s context to create relevant responses. Microsoft 365 Copilot also uses Microsoft Graph data. Consistent with our other Copilot offers, the prompts, responses, and data accessed through Microsoft Graph [aren't used to train foundation models](https://blogs.microsoft.com/on-the-issues/2024/03/28/data-protection-responsible-ai-azure-copilot/).
 
 ### Additional resources
 
@@ -52,15 +52,15 @@ Use of Microsoft 365 Copilot and Microsoft 365 Copilot Chat involves prompts (en
 
 ### Ground responses in latest data
 
-In addition to prompts and responses, web search queries (different from Microsoft Graph queries) are also a part of Copilot interactions. Allowing Copilot to reference web content via these queries improves the quality of Copilot responses by grounding them in the latest information from the web via Bing search service.
+In addition to prompts and responses, web search queries (different from Microsoft Graph queries) are also a part of Copilot interactions. Allowing Copilot to reference web content via these queries improves the quality of Copilot responses by grounding them in the latest information from the web via the Bing search service.
 
 ### Web queries have their own data handling practices
 
 - Web queries sent to the Bing search service are handled identically by both Copilots. Queries are generated from the prompt into a few words. They're sent via a secure connection with user and tenant identifiers removed. They aren't shared with advertisers and aren’t used to train our foundation large language models (LLMs).
 
 - The Bing search service operates separately from Microsoft 365 and has different data-handling practices covered by the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement) between each user and Microsoft, together with the [Microsoft Privacy Statement](https://www.microsoft.com/privacy/privacystatement). The means that Microsoft acts as an independent data controller responsible for complying with all applicable laws and controller obligations. This approach is consistent with other [optional connected experiences that rely on Bing](/microsoft-365-apps/privacy/optional-connected-experiences#experiences-that-rely-on-bing).  
 
-- The [Product Terms](https://www.microsoft.com/licensing/terms/product/PrivacyandSecurityTerms/all) provide additional commitments about the web queries sent to the Bing search service. For more information, see [Data, privacy, and security for web search in Microsoft 365 Copilot and Microsoft 365 Copilot Chat](manage-public-web-access.md#how-microsoft-handles-generated-search-queries).
+- The [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/PrivacyandSecurityTerms/all) provide additional commitments about the web queries sent to the Bing search service. For more information, see [Data, privacy, and security for web search in Microsoft 365 Copilot and Microsoft 365 Copilot Chat](manage-public-web-access.md#how-microsoft-handles-generated-search-queries).
 
 ## Agents in Microsoft 365 Copilot
 
@@ -70,6 +70,6 @@ When you’re using agents in Microsoft 365 Copilot, check the privacy statement
 
 <sup>[1]</sup> The specific controls will vary depending on a customer's Microsoft subscription plans.
 
-<sup>[2]</sup> Microsoft 365 Copilot and Microsoft 365 Copilot Chat support HIPAA compliance for properly configured implementations. HIPAA compliance doesn't apply to web search queries as they aren't covered by the DPA and BAA.
+<sup>[2]</sup> Microsoft 365 Copilot and Microsoft 365 Copilot Chat support HIPAA compliance for properly configured implementations. HIPAA compliance doesn't apply to web search queries as they aren't covered by the DPA and Business Associate Agreement (BAA).
 
 <sup>[3]</sup> The EU Data Boundary doesn’t apply to web search queries.