Shadow AI · Tool risk profile

Microsoft Copilot.

by Microsoft · generative ai · Verified April 19, 2026

Vendor site

Base risk

3.8/ 5

LowMediumHighCritical

Consumer Microsoft Copilot is the rebranded Bing Chat and is distinct from Microsoft 365 Copilot. Conversations on the consumer product are subject to Microsoft’s consumer Services Agreement and may be used to train models or be reviewed by humans. Employees signing in with personal Microsoft accounts get none of the M365 Copilot tenant protections, and this is one of the most common shadow AI mismatches we see in audits.

Tier comparison

Same logo. Very different risks.

  • Free

    high
    Trains on inputs
    Yes
    Retention
    540 days
    SSO
    No
    Admin controls
    No

  • Paid · consumer

    high
    Trains on inputs
    Yes
    Retention
    540 days
    SSO
    No
    Admin controls
    No

  • Enterprise · team

    medium
    Trains on inputs
    No
    Retention
    90 days
    SSO
    Yes
    Admin controls
    Yes

FAQ

Questions teams ask about Microsoft Copilot.

Is this the same as Microsoft 365 Copilot?

No. Consumer Copilot is distinct and operates under consumer terms; Microsoft 365 Copilot runs inside your tenant with EUDB-compatible data protections and no training on customer prompts.

How do we lock employees to the enterprise version?

Block copilot.microsoft.com (consumer endpoint) at the network or browser level and require Entra ID corporate sign-in for any Copilot use.

Audit your shadow AI

Is Microsoft Copilot live in your org
alongside tools IT doesn’t know about?

Run a free 12-minute audit to surface every shadow AI tool on your network, score the risk, and walk away with a block-list your IT team can import.

Start the free auditMethodology

Buzzi.ai publishes tool risk profiles for informational purposes only. Always validate terms with the vendor before operational decisions.