Admin Center Configuration for Copilot

Overview

Microsoft 365 Copilot comes with default settings that are designed for commercial organizations. In government environments, those defaults aren’t always appropriate. Before you enable Copilot for any users, you need to review and configure every admin setting to align with your organization’s security posture and governance requirements.

This video maps out where Copilot settings live in the admin center, what each setting does, and what government organizations should configure before rollout.

What You’ll Learn

• Settings Locations: Where to find Copilot configuration across the admin center
• Organizational Defaults: Web grounding, data access, and model improvement controls
• App-Specific Settings: Teams, Outlook, Word, Excel, PowerPoint, and SharePoint controls
• Privacy Controls: Audit logging, feedback settings, and government-specific privacy commitments

Script

Hook: configuration is where governance meets the product

Default settings are not government settings.

When Microsoft ships Copilot, the defaults are optimized for the broadest possible audience—commercial organizations with moderate security requirements. Government environments have different requirements. Web grounding may need to be disabled. Model improvement must be opted out. Certain features may need to be restricted based on your compliance posture.

Review every Copilot configuration setting before you enable your first user. Don’t assume the defaults are appropriate. In government, the right configuration is a deliberate configuration.

Finding Copilot settings in the admin center

Copilot settings are not all in one place. Here’s the map.

The primary location is the Microsoft 365 admin center. Navigate to Settings, then look for Copilot. This is the main Copilot configuration page where you’ll find organizational-level settings including web grounding, data access controls, and app enablement.

But that’s not the only location. Some settings live in app-specific admin centers. Teams Copilot settings are in the Teams admin center. SharePoint Copilot settings are in the SharePoint admin center. Compliance-related settings are in the Microsoft Purview portal.

To access and modify these settings, you need the right permissions. Global Admin can access everything. The Copilot Admin role, if available in your tenant, provides focused access to Copilot-specific settings without full Global Admin privileges. For government tenants, use the least-privileged role that meets your needs.

One important note: the admin center URLs differ by cloud environment. GCC uses admin.microsoft.com. GCC High and DoD use environment-specific URLs. Make sure you’re signed in to the correct admin center for your tenant—cross-environment confusion is a real risk when admins manage multiple tenants.

Organizational Copilot settings

Let’s walk through the settings on the main Copilot configuration page.

Web grounding and web search controls. This is the most important policy decision for government organizations. Web grounding allows Copilot to access the internet to supplement responses with current web information. In commercial environments, this is typically enabled. In government environments, you need to decide.

For GCC, web grounding may be acceptable depending on your acceptable use policies. For GCC High and DoD, you’ll likely want to disable it—having an AI tool reach into the public internet in a CUI or IL5 environment creates complications you can avoid by simply turning it off.

Find this setting on the Copilot page and set it according to your policy decision. Document the decision and the rationale.

Microsoft data access and model improvement. This setting controls whether Microsoft can use your organization’s interactions with Copilot to improve AI models. In government environments, the answer is no. Verify that this is disabled. In government clouds, it should be disabled by default, but verify explicitly and document the setting.

Copilot app enablement. You can enable or disable Copilot in specific Microsoft 365 applications. If you want to start your pilot with Copilot only in Teams and Outlook but not in Word or Excel, you can configure that here. This gives you granular control over which Copilot experiences your users access during the pilot.

Plugin and extension controls. Copilot can be extended with plugins and connectors. For your initial deployment, especially in government, the conservative approach is to restrict third-party plugins and allow only Microsoft-provided capabilities. You can open this up later as you validate each extension against your security requirements.

Data access scope. Review how Copilot accesses organizational data. The default behavior is that Copilot accesses data through the signed-in user’s permissions. There are additional settings that control whether Copilot can access web content, file attachments, and other data sources. Review each setting and align it with your data handling policies.

App-specific configuration

Beyond the organizational settings, each M365 app has its own Copilot configuration.

Teams is where Copilot configuration gets the most granular. In the Teams admin center, you control whether Copilot is available in meetings, chats, and channels. Meeting recap—one of Copilot’s most popular features—requires meeting transcription to be enabled. If transcription is disabled in your Teams policies, meeting Copilot won’t function.

Review your Teams meeting policies. Enable transcription for the user groups that should have meeting Copilot. Be deliberate about which meetings are transcribed—you may want to enable transcription for standard meetings but not for classified or sensitive discussions.

Outlook Copilot settings control whether Copilot appears in the email reading pane and composition window. In the Microsoft 365 admin center or through Exchange admin center policies, you can configure whether Copilot can summarize emails, draft replies, and coach users on tone and clarity. For most government deployments, these features are valuable and low-risk.

Word, Excel, and PowerPoint Copilot settings are generally managed through the main Copilot configuration page rather than separate app admin centers. You enable or disable Copilot in these apps at the organizational level. For Excel specifically, Copilot’s ability to analyze data and generate formulas depends on the data being in an accessible format—verify that your Excel usage patterns align with Copilot’s capabilities.

SharePoint has Copilot-related settings in the SharePoint admin center, particularly around Copilot agents and content access. If you’re planning to use Copilot agents that surface content from specific SharePoint sites, review the agent settings and ensure they align with your content governance policies.

For each app, the question is the same: does enabling Copilot in this app align with our security and governance requirements? If yes, enable it. If you’re not sure, disable it during the pilot and evaluate it separately.

Privacy and data controls

Privacy controls for Copilot are critical in government environments.

Model improvement opt-out. We’ve covered this, but it bears repeating: verify that your tenant is opted out of Microsoft using organizational data to improve AI models. Check this in the admin center under Copilot settings and in the Microsoft Purview portal. Document the setting.

Audit logging. Copilot interactions should be captured in your unified audit log. In the Microsoft Purview compliance portal, verify that audit logging is enabled for your tenant and that Copilot-specific activities are being captured. Set appropriate log retention periods—in government, this typically means at least one year of retention for audit logs.

User consent and feedback settings. Copilot includes features that let users provide feedback on responses—thumbs up/down, written feedback. Decide whether to enable this for your organization. In some government environments, the concern is that feedback could inadvertently include sensitive content. Review the feedback data flow and decide accordingly.

Government cloud privacy commitments. Microsoft’s privacy commitments for government clouds apply to Copilot. Your data stays within your cloud boundary. Processing occurs within government infrastructure. No data is shared with commercial cloud services. These commitments are documented in Microsoft’s government compliance materials—reference them in your ATO documentation.

Close: configuration review checklist

Here’s your configuration review checklist.

Organizational settings: web grounding decision made and configured. Model improvement opted out and verified. App enablement configured per your pilot plan. Plugin and extension policies set to your security baseline.

App-specific settings: Teams transcription and meeting Copilot policies configured. Outlook Copilot enabled or disabled per policy. Word, Excel, PowerPoint enablement confirmed. SharePoint agent settings reviewed.

Privacy controls: audit logging enabled and retention configured. User feedback settings reviewed. Government privacy commitments documented.

Document every setting. For each configuration, record the current value, the date it was set, who made the decision, and the rationale. Store this documentation with your governance records.

Schedule a periodic review. Microsoft adds new Copilot settings regularly. Set a quarterly calendar reminder to revisit the Copilot configuration page and review any new settings that have appeared since your last review. New defaults may not align with your government requirements.

Configuration is governance made real. Every setting you review and deliberately configure is a control you can defend to your authorizing official, your auditors, and your users.

Sources & References

• Microsoft 365 Copilot setup — Setup and configuration guidance
• Copilot page in Microsoft 365 admin center — Admin center Copilot settings reference
• Enable users for Microsoft 365 Copilot — User enablement and admin configuration