Ask Downloads
Domain 2 β€” Module 6 of 10 60%
16 of 28 overall
Domain 2: Data Protection & Governance Free ⏱ ~12 min read

How Copilot Accesses Your Data

Copilot is powered by Microsoft Graph. It reads your emails, files, chats, and calendar β€” but only what YOU can see. Understanding this connection is the most important concept for the exam.

The Graph connection β€” Copilot’s data pipeline

Simple explanation

Imagine a librarian who knows every book in the library and who’s allowed to borrow what.

When you ask Copilot a question, it goes to the librarian (Microsoft Graph) and says: β€œThis person wants to know about Project Phoenix. What can they see?” The librarian checks your library card (permissions) and brings back only the books you’re allowed to read.

If you don’t have access to the Finance section, the librarian won’t show you Finance books β€” even if they contain information about Project Phoenix.

This is the most important thing to understand for the exam: Copilot sees exactly what you see. No more, no less.

How Copilot processes a prompt

StepWhat HappensWho Controls It
1. User prompts”What’s the latest on Project Phoenix?”The user
2. OrchestrationCopilot’s orchestration service prepares the queryMicrosoft (backend)
3. Graph queryQuery sent to Microsoft Graph using the user’s access tokenM365 permissions
4. Data retrievalGraph returns relevant emails, files, chats, meetings β€” filtered by user’s permissionsSharePoint, Exchange, Teams permissions
5. GroundingRetrieved data is combined with the user’s prompt and sent to the LLMMicrosoft (backend)
6. ResponseLLM generates a response grounded in the user’s organisational dataCopilot

Key exam concept: At Step 4, the Graph ONLY returns data the user already has permission to access. This is called permission-trimmed access. If the user can’t see a SharePoint file directly, Copilot can’t use it either.

What Copilot CAN and CANNOT see

Copilot's access boundary = your access boundary
Featureβœ… Copilot CAN See❌ Copilot CANNOT See
Your email
Files you have access to in SharePoint/OneDrive
Teams chats and channels you're a member of
Your calendar and meetings
Files in SharePoint sites you DON'T have access to
Other people's private OneDrive files
Private channels you're NOT a member of
Email from other people's mailboxes

Why this matters β€” the oversharing problem

Here’s the exam scenario that trips everyone up:

β€œAfter deploying Copilot, employees discover they can ask Copilot about documents they didn’t know existed but technically had access to.”

This is NOT a Copilot bug. It’s a permissions problem. Copilot didn’t grant them new access β€” it just made their EXISTING access more discoverable. The files were always accessible; Copilot just made them easier to find.

The oversharing scenario β€” exam favourite

Northwave deploys Copilot. An intern asks: β€œShow me the latest board meeting notes.”

Before Copilot: The intern technically had read access to the Board SharePoint site (permissions were too broad), but never navigated there directly. No one noticed.

After Copilot: Copilot finds and summarises the board notes because the intern has permission. The CISO panics.

Root cause: SharePoint permissions were too broad β€” NOT a Copilot issue.

Fix:

  1. Restrict SharePoint permissions on the Board site (break inheritance, owner-only access)
  2. Run a SharePoint data access governance report to find other overshared sites
  3. Apply sensitivity labels to board documents (add encryption for extra protection)

Exam answer: β€œFix the permissions, not Copilot.”

How M365 controls protect Copilot

ControlHow It Protects Copilot
SharePoint permissionsCopilot can only access files the user can access
Sensitivity labelsLabels restrict what can be done with content (encrypt, block external sharing)
DLP policiesPrevent Copilot-surfaced content from being shared inappropriately
Conditional AccessControl which devices/locations can use Copilot
Microsoft DefenderMonitor for suspicious AI-related activity
DSPM for AIVisibility into how sensitive data interacts with Copilot

Web grounding vs Graph grounding

ModeData SourceAdmin Control
Graph groundingYour organisation’s M365 data (emails, files, chats)Controlled by M365 permissions
Web groundingPublic internet via BingCan be DISABLED by admin in M365 admin center

Exam tip: Some organisations disable web grounding for compliance β€” they only want Copilot to use internal data. Admins can toggle this in the M365 admin center.

🎬 Video walkthrough

Flashcards

Question

How does Copilot access your organisation's data?

Click or press Enter to reveal answer

Answer

Through the Microsoft Graph API, using the signed-in user's own access token. Copilot respects all existing M365 permissions β€” it can only access data the user already has permission to see.

Click to flip back
Question

Does Copilot have its own separate data store or admin permissions?

Click or press Enter to reveal answer

Answer

No. Copilot does NOT maintain a separate data store, does NOT have elevated permissions, and does NOT bypass any security controls. Its access boundary is identical to the user's.

Click to flip back
Question

If Copilot surfaces sensitive data to a user, what is the root cause?

Click or press Enter to reveal answer

Answer

The user already had permission to access that data β€” Copilot just made it more discoverable. The fix is to correct the overly broad permissions in SharePoint/Exchange/Teams, NOT to configure Copilot differently.

Click to flip back

Knowledge Check

Knowledge Check

After Copilot deployment, Northwave's HR team discovers that Copilot is summarising salary data for users outside HR. What is the MOST LIKELY root cause?

Next up: Responsible AI Principles β€” the ethical framework that governs how Microsoft builds and deploys AI, and what the exam expects you to know.