Copilot Does Not Train on Your Data: The Facts
A clear, evidence-based explanation of Microsoft’s commitment that Copilot does not train on your data, distinguishing "processing" from "training" for government security reviews.
Overview
In almost every government conversation about AI, the first objection is the same: “We can’t have our data training the model.”
It’s a reasonable fear. Public consumer AI tools often do train on user data. But Microsoft 365 Copilot operates differently.
This video provides the specific, authoritative language you need to answer that objection. We’ll separate “training” from “processing,” explain the Azure OpenAI boundary, and show you exactly where Microsoft commits that your data stays yours.
What You’ll Learn
- The technical difference between training a model and processing a request
- The authoritative statement: “Prompts and responses are not used to train foundation LLMs”
- How Copilot uses Azure OpenAI services rather than public consumer endpoints
- How to document this data handling in your SSP or risk assessment
Script
Hook: the most common fear
The number one question I hear in government is simple:
“If we use Copilot, are we training the model on our data? Will my agency’s internal memo show up in someone else’s answer next week?”
Let’s answer that clearly—using the exact terms Microsoft uses in its contracts and documentation—so you can take it straight into a risk review.
Training vs. processing: two very different things
First, we have to distinguish between training and processing.
Training is the process of teaching a model new information or behaviors using a massive dataset. It’s how the model learns to understand language in the first place.
Processing—or inference—is what happens when you actually use the tool. You send a prompt, the model does the math, and it sends back an answer.
Here’s the key line:
Copilot has to process your prompt to answer it—but processing is not training.
It’s like a calculator. A calculator processes your numbers to give you a sum, but it doesn’t “learn” your math homework.
What Microsoft says about Copilot prompts/responses
So what is the official commitment?
Microsoft’s documentation and legal terms state clearly:
“Prompts, responses, and data accessed through Microsoft Graph aren’t used to train foundation LLMs.”
This includes the foundation models used by Microsoft 365 Copilot.
Now, does Copilot store anything? Yes.
Copilot interaction history—your prompts and the responses—can be stored in your tenant. Why? Because it’s a business record. It needs to be available for your eDiscovery, your retention policies, and your audit logs.
But storing that history for compliance is completely different from feeding it back into a global model for training.
Azure OpenAI vs. public OpenAI services
The other reason people get confused is the word “OpenAI.”
Copilot uses Azure OpenAI services for processing.
It does not use OpenAI’s publicly available consumer services (like ChatGPT).
When you use the public ChatGPT, your data might be used to improve the model. When you use Copilot, you are using a private, enterprise instance running within the Microsoft 365 service boundary.
So the practical takeaway for your ATO package is this:
When you document Copilot, you document it as Microsoft 365 service behavior. You are not “sending data to a public chatbot.” You are keeping data within the Microsoft trust boundary.
Close: what to say in one sentence
If you need one sentence for leadership, use this:
Copilot processes your prompt and content to create an answer, but Microsoft contractually commits that prompts, responses, and your data are not used to train the foundation models.
Our governance focus isn’t preventing training—it’s managing the retention and auditing of the prompts we create.
Next, let’s talk about Threat Protection and how Copilot can actually help you find security risks faster.
Sources & References
- Data, Privacy, and Security for Microsoft 365 Copilot — Primary statement: “Prompts, responses, and data accessed through Microsoft Graph aren’t used to train foundation LLMs.”
- Enterprise data protection for Microsoft 365 Copilot — Explains the separation of enterprise data from consumer model training
- Data privacy for Azure OpenAI Service — Details how Azure OpenAI differs from public OpenAI models regarding data usage
- Microsoft Trust Center - Privacy — High-level privacy principles and commitments