Copilot Surfaces
Where Microsoft 365 Copilot appears across M365 applications, with governance considerations for each surface.
Overview
Microsoft 365 Copilot is not a single application -- it is an AI capability embedded across more than 20 M365 applications. Each surface accesses different data sources, generates different output types, and presents unique governance considerations for financial services.
This document catalogs every Copilot surface, the data it accesses, and the governance controls that apply.
Surface Categories
| Category |
Applications |
Primary Risk |
Key Controls |
| Productivity |
Word, Excel, PowerPoint, OneNote, Loop, Whiteboard, Forms |
Content generation from grounded data |
2.1, 2.2, 3.1 |
| Communication |
Outlook, Teams |
Customer communication drafting, meeting exposure |
3.4, 3.5, 3.6 |
| Collaboration |
SharePoint, OneDrive, Planner, Stream |
Data discovery amplification, sharing |
1.1, 1.2, 4.8 |
| Intelligence |
Viva Insights, Viva Engage, Viva Learning, Viva Pulse, Viva Goals |
Employee data analysis, behavioral insights |
3.10, 4.3 |
| AI-Native |
Microsoft 365 Copilot Chat, Copilot Pages |
Cross-tenant data retrieval, new content surfaces |
1.4, 3.2, 4.8 |
| Extensibility |
Plugins, Graph connectors, declarative agents |
Extended data reach, external data flow |
2.8, 4.10 |
Productivity Surfaces
Word
| Attribute |
Details |
| Copilot Capabilities |
Draft documents, rewrite text, summarize, generate from prompts, transform existing content |
| Data Sources |
Current document, referenced files, Microsoft Graph (user's accessible content) |
| Governance Considerations |
Copilot-generated content inherits the sensitivity label of the current document. Content generated from grounded data may surface information from other documents the user can access. Output may contain hallucinated content that appears authoritative in document form. |
| Key Controls |
2.2 (Sensitivity labels), 2.1 (DLP), 3.1 (Audit logging), 3.5 (Communication review for client-facing documents) |
Excel
| Attribute |
Details |
| Copilot Capabilities |
Analyze data, generate formulas, create charts, identify trends, generate Python code for analysis |
| Data Sources |
Current workbook data, referenced tables |
| Governance Considerations |
Copilot can analyze financial data and generate insights that may inform investment decisions or financial reporting. Formula suggestions may be incorrect. Python code generation creates executable content. Data analysis outputs may be used without independent verification. |
| Key Controls |
3.1 (Audit logging), 3.8 (Model risk -- if outputs inform regulated decisions), 2.1 (DLP for financial data) |
PowerPoint
| Attribute |
Details |
| Copilot Capabilities |
Create presentations from prompts or documents, add slides, redesign, summarize |
| Data Sources |
Referenced documents, current presentation, Microsoft Graph |
| Governance Considerations |
Presentations generated from grounded data may incorporate content from multiple sources, potentially combining information with different classification levels. Client-facing presentations may require review before distribution. |
| Key Controls |
2.2 (Sensitivity labels), 3.5 (Communication review), 3.1 (Audit logging) |
OneNote
| Attribute |
Details |
| Copilot Capabilities |
Summarize notes, generate to-do lists, rewrite, draft content |
| Data Sources |
Current notebook/section, Microsoft Graph |
| Governance Considerations |
OneNote notebooks may contain unstructured meeting notes, client information, or deal notes. Copilot can surface and synthesize this content. OneNote content is indexed by the Semantic Index. |
| Key Controls |
3.1 (Audit logging), 2.2 (Sensitivity labels), 1.1 (Oversharing assessment) |
Loop
| Attribute |
Details |
| Copilot Capabilities |
Generate content in Loop components, draft, summarize, brainstorm |
| Data Sources |
Current Loop workspace, Microsoft Graph |
| Governance Considerations |
Loop components are portable (can be embedded in Teams, Outlook, etc.) and may be shared broadly. Content generated by Copilot in Loop can propagate across multiple surfaces. Loop content is stored in the creator's OneDrive and is indexed by the Semantic Index. |
| Key Controls |
2.2 (Sensitivity labels), 1.11 (External sharing audit), 3.2 (Retention) |
Whiteboard
| Attribute |
Details |
| Copilot Capabilities |
Generate ideas, categorize content, summarize board content |
| Data Sources |
Current whiteboard content |
| Governance Considerations |
Whiteboard content from brainstorming sessions may contain sensitive strategic information. Copilot-generated suggestions are based on board content only (limited grounding). Whiteboard files are stored in OneDrive. |
| Key Controls |
3.1 (Audit logging), 2.2 (Sensitivity labels) |
| Attribute |
Details |
| Copilot Capabilities |
Generate survey questions, analyze responses |
| Data Sources |
Current form and responses |
| Governance Considerations |
Forms used for customer feedback or internal surveys may contain PII. Copilot-generated questions may inadvertently collect regulated information. Response analysis outputs should be reviewed before use in decision-making. |
| Key Controls |
3.10 (Privacy), 2.1 (DLP), 3.1 (Audit logging) |
Communication Surfaces
Outlook
| Attribute |
Details |
| Copilot Capabilities |
Draft emails, summarize threads, coaching (tone/clarity), reply suggestions, schedule management |
| Data Sources |
Current email thread, user's mailbox, calendar, Microsoft Graph |
| Governance Considerations |
Highest-risk communication surface for FSI. Copilot-drafted emails sent to clients may constitute "correspondence" under FINRA Rule 2210. Draft suggestions may contain hallucinated information, incorrect client details, or inappropriate language. Auto-generated replies may not meet supervisory standards. Email content generated from grounded data may surface information from other sources. |
| Key Controls |
3.5 (FINRA 2210 review), 3.4 (Communication compliance), 3.6 (Supervisory review), 2.1 (DLP), 3.1 (Audit logging) |
FINRA Rule 2210 Applicability
Copilot-drafted customer communications in Outlook are subject to the same FINRA Rule 2210 requirements as any other written communication. The fact that content is AI-generated does not change the supervisory obligation. Organizations should implement pre-send review workflows or post-send sampling programs for Copilot-assisted customer emails.
Teams
| Attribute |
Details |
| Copilot Capabilities |
Chat summarization, meeting recap, meeting transcription analysis, compose messages, action item extraction, meeting notes generation |
| Data Sources |
Chat messages, meeting transcripts, meeting recordings, shared files, Teams channel content |
| Governance Considerations |
Multiple unique governance challenges. Meeting transcription captures spoken content (including off-the-record remarks, informal statements, preliminary opinions) and makes it searchable by Copilot. Meeting recap may include content participants did not intend to be recorded. Chat summaries may surface information shared in confidence within a group. Teams channels may contain regulated communications requiring supervision. |
| Key Controls |
1.5 (Teams meeting governance), 4.6 (Teams-specific controls), 3.4 (Communication compliance), 3.2 (Retention), 3.1 (Audit logging) |
Teams-Specific Governance Concerns:
| Feature |
Governance Issue |
Recommended Action |
| Meeting transcription |
All spoken content becomes indexed and searchable by Copilot |
Consider disabling transcription for sensitive meetings; implement retention policies for transcripts |
| Meeting recap |
Copilot generates summaries of meeting content |
Review meeting recap access permissions; train users on sensitivity |
| Teams chat Copilot |
Summarizes chat history, which may include informal communications |
Communication compliance monitoring for Teams chats |
| Teams channel summaries |
Surfaces content across channels the user can access |
Channel governance and access reviews |
| Teams Phone / Queues |
Copilot may assist with call handling |
Evaluate applicability of FINRA/SEC supervision requirements |
Collaboration Surfaces
SharePoint
| Attribute |
Details |
| Copilot Capabilities |
Site search and summarization (via Copilot Chat grounding), declarative agents from SharePoint sites |
| Data Sources |
SharePoint sites, lists, document libraries (user's accessible content) |
| Governance Considerations |
SharePoint is the primary content repository for most organizations and the primary source of oversharing risk. Copilot's Semantic Index indexes all SharePoint content the user can access. Permissions inherited through site hierarchies create broad access patterns. Declarative agents from SharePoint extend Copilot capabilities with site-scoped knowledge. |
| Key Controls |
1.1 (Oversharing assessment), 1.2 (Permissions remediation), 1.4 (Restricted SharePoint Search), 4.10 (Declarative agents), 2.2 (Sensitivity labels) |
OneDrive
| Attribute |
Details |
| Copilot Capabilities |
File search, summarization, content generation from personal files |
| Data Sources |
User's OneDrive files, shared files |
| Governance Considerations |
OneDrive is the default storage location for many M365 outputs including Copilot Pages, Loop components, and Whiteboard files. Files shared from OneDrive may not have sensitivity labels applied. "Shared with me" content is accessible to Copilot. |
| Key Controls |
1.12 (OneDrive governance), 2.2 (Sensitivity labels), 3.2 (Retention) |
Planner
| Attribute |
Details |
| Copilot Capabilities |
Generate task plans, break down goals into tasks, suggest assignments |
| Data Sources |
Current plan, user's Planner data |
| Governance Considerations |
Copilot-generated task plans may reference sensitive project information. Task descriptions may contain client names or deal details. Limited governance exposure compared to communication surfaces. |
| Key Controls |
3.1 (Audit logging), 2.2 (Sensitivity labels) |
Stream
| Attribute |
Details |
| Copilot Capabilities |
Video summarization, transcript search, chapter generation |
| Data Sources |
Video content, transcripts, metadata |
| Governance Considerations |
Stream video transcripts are indexed by the Semantic Index. Recorded meetings, presentations, and training videos become searchable by Copilot. Transcripts may contain sensitive spoken content. |
| Key Controls |
3.2 (Retention), 3.1 (Audit logging), 1.5 (Meeting governance) |
Intelligence Surfaces (Viva Suite)
Viva Insights
| Attribute |
Details |
| Copilot Capabilities |
Productivity insights, work pattern analysis, meeting effectiveness, focus time recommendations |
| Data Sources |
Exchange, Teams, and calendar metadata (not content); aggregated organizational data |
| Governance Considerations |
Viva Insights processes behavioral metadata (meeting frequency, email volume, collaboration patterns). While it does not access content, aggregated insights could reveal organizational dynamics. Personal insights are visible only to the individual. Manager/leader insights are aggregated and de-identified. |
| Key Controls |
3.10 (Privacy), 4.3 (Usage analytics) |
Viva Engage
| Attribute |
Details |
| Copilot Capabilities |
Draft posts, summarize threads, generate responses |
| Data Sources |
Viva Engage communities and conversations |
| Governance Considerations |
Viva Engage content is indexed by the Semantic Index. Posts may contain informal communications, internal opinions, or company announcements. Copilot-drafted posts in company-wide communities should be reviewed for tone and accuracy. |
| Key Controls |
3.4 (Communication compliance), 3.1 (Audit logging) |
Viva Learning
| Attribute |
Details |
| Copilot Capabilities |
Learning content recommendations, skill gap analysis |
| Data Sources |
Learning content catalog, user learning history |
| Governance Considerations |
Lower governance risk. Primary consideration is accuracy of AI-generated learning recommendations. Training completion data is HR-sensitive. |
| Key Controls |
3.10 (Privacy), 3.1 (Audit logging) |
Viva Pulse
| Attribute |
Details |
| Copilot Capabilities |
Survey question suggestions, results analysis |
| Data Sources |
Survey responses, organizational data |
| Governance Considerations |
Survey data may contain employee sentiment about sensitive topics. Results analysis should be reviewed before sharing with leadership. Anonymity protections must be maintained. |
| Key Controls |
3.10 (Privacy), 2.1 (DLP) |
Viva Goals
Retired
Viva Goals was retired December 31, 2025 and is no longer a Copilot surface.
| Attribute |
Details |
| Copilot Capabilities |
Goal drafting, progress analysis, alignment suggestions |
| Data Sources |
Goals, OKRs, organizational hierarchy |
| Governance Considerations |
Goals may reference strategic initiatives, financial targets, or M&A activity. Copilot-generated goal suggestions should be reviewed for sensitivity. |
| Key Controls |
2.2 (Sensitivity labels), 3.1 (Audit logging) |
AI-Native Surfaces
Microsoft 365 Copilot Chat
| Attribute |
Details |
| Copilot Capabilities |
Cross-application conversational AI: ask questions about any M365 content, generate content, analyze data, summarize across sources |
| Data Sources |
All M365 content accessible to the user -- SharePoint, OneDrive, Exchange, Teams, Semantic Index, web search (if enabled) |
| Governance Considerations |
Highest-risk surface for discovery amplification. Microsoft 365 Copilot Chat is the primary surface where Copilot searches across all of a user's M365 content simultaneously. A single prompt can surface documents from multiple SharePoint sites, emails, Teams chats, and meeting transcripts. This is where oversharing risk is most acute. Restricted SharePoint Search directly limits Copilot Chat's grounding scope. |
| Key Controls |
1.1-1.4 (All oversharing controls), 1.4 (Restricted SharePoint Search), 2.7 (Web search controls), 3.1 (Audit logging), 3.2 (Retention) |
Microsoft 365 Copilot Chat and Restricted SharePoint Search
For Regulated environments, Restricted SharePoint Search (RSS) is the primary mechanism for controlling which SharePoint sites Copilot Chat uses for grounding. Without RSS, Copilot Chat will ground responses using content from any SharePoint site the user can access. RSS limits grounding to an approved site list.
Copilot Pages
| Attribute |
Details |
| Copilot Capabilities |
Collaborative AI-generated content surface; users can promote Copilot responses to shareable Pages; real-time co-authoring with Copilot assistance |
| Data Sources |
User's M365 content (via Copilot Chat), page content, collaborator inputs |
| Governance Considerations |
Pages create new content objects that may duplicate regulated data outside original governance boundaries. Pages are stored in user-owned SharePoint Embedded containers and may be shared broadly if not governed. Pages require sensitivity labeling, SharePoint retention coverage, eDiscovery procedures, and explicit Cloud Policy decisions for creation. Pages represent a new data sprawl vector that did not exist before Copilot. |
| Key Controls |
2.11 (Copilot Pages governance), 2.2 (Sensitivity labels), 3.2 (Retention), 3.3 (eDiscovery), 1.11 (Sharing governance) |
Copilot Notebooks
| Attribute |
Details |
| Copilot Capabilities |
AI-generated interactive content stored as .pod files; rich canvas for Copilot-assisted research and drafting |
| Data Sources |
User's M365 content (via Copilot Chat), notebook content, SharePoint Embedded storage |
| Governance Considerations |
Notebooks are stored in SharePoint Embedded containers. Governance requires sensitivity labeling, retention policies covering SharePoint Embedded, eDiscovery inclusion, and sharing controls analogous to Copilot Pages. |
| Key Controls |
2.11 (Copilot Pages governance — applies similarly), 2.2 (Sensitivity labels), 3.2 (Retention), 1.11 (Sharing governance) |
Microsoft 365 Copilot Search
| Attribute |
Details |
| Copilot Capabilities |
AI-powered search from within the Microsoft 365 Copilot app — returns enriched, contextual results from organizational data with Copilot-generated summaries and follow-up suggestions |
| Data Sources |
Microsoft Graph (SharePoint, OneDrive, Exchange, Teams), Semantic Index, tenant-scoped organizational content |
| Governance Considerations |
Copilot Search operates within the Copilot app and uses the user's Microsoft Graph permissions to surface organizational content. Like Copilot Chat, it amplifies discovery of content the user already has access to, but the search-focused interface may encourage more targeted data retrieval. Restricted SharePoint Search limits the grounding scope. DLP applies to content returned by Copilot Search but does not inspect data at the search source — source-level DLP should be configured separately. |
| Key Controls |
1.1 (Oversharing assessment), 1.4 (Restricted SharePoint Search), 2.1 (DLP), 2.2 (Sensitivity labels), 3.1 (Audit logging) |
| Access |
Premium only (requires Copilot license). |
Agent Mode / Edit with Copilot
| Attribute |
Details |
| Copilot Capabilities |
Iterative, multi-step document creation and editing in Word, Excel, and PowerPoint. Copilot acts as an in-context collaborator that can plan, draft, revise, and refine documents through multiple turns without leaving the application. |
| Data Sources |
Current document, referenced files, Microsoft Graph (user's accessible content), web data (for unlicensed Basic users) |
| Governance Considerations |
Agent Mode extends Copilot's interaction pattern from single-turn to multi-step within productivity apps. Basic (unlicensed) users can access Agent Mode with web-only grounding, while Premium (licensed) users access organizational data via Microsoft Graph. Multi-step editing may combine content from multiple sources, increasing the risk of mixing sensitivity levels within a single document. Organizations should verify that sensitivity labels are applied consistently to documents created or modified through Agent Mode. |
| Key Controls |
2.2 (Sensitivity labels), 2.1 (DLP), 3.1 (Audit logging), 3.5 (Communication review for client-facing documents) |
| Access |
Basic: web data only (available to all M365 users). Premium: organizational data via Microsoft Graph (requires Copilot license). |
Copilot Cowork
| Attribute |
Details |
| Copilot Capabilities |
Multi-step task delegation — users assign complex business workflows to Copilot for autonomous execution with periodic checkpoints for monitoring and intervention |
| Data Sources |
All M365 content accessible to the user — SharePoint, OneDrive, Exchange, Teams, Semantic Index |
| Governance Considerations |
Cowork introduces autonomous multi-step processing where Copilot independently accesses and combines data from multiple sources. This reduces the frequency of human review compared to single-turn interactions. Task outputs should be reviewed before distribution, particularly for client-facing or regulated content. Organizations should document which business functions are approved for Cowork delegation. |
| Key Controls |
3.1 (Audit logging), 3.5 (Communication review), 2.2 (Sensitivity labels), 1.1 (Oversharing assessment) |
| Access |
Premium only (requires Copilot license). |
Researcher and Analyst
| Attribute |
Details |
| Copilot Capabilities |
Researcher: Deep research across web and organizational data, producing comprehensive multi-source reports. Analyst: Advanced data analysis with Python code execution, chart generation, and data transformation capabilities. |
| Data Sources |
Researcher: M365 content via Microsoft Graph plus web data. Analyst: uploaded files, referenced data, M365 content. |
| Governance Considerations |
Researcher and Analyst are embedded first-party experiences within the Microsoft 365 Copilot Chat interface — they are not installable agents and are not managed through the Agent Registry. They coexist with agents and inherit Copilot Chat governance capabilities, but access decisions should be documented separately. Researcher outputs may combine web and organizational data, increasing review requirements for regulated use. Analyst generates and executes Python code, creating executable content risk similar to Excel Copilot. |
| Key Controls |
3.1 (Audit logging), 2.7 (Web search controls — Researcher), 3.8 (Model risk — if outputs inform regulated decisions), 2.1 (DLP) |
| Access |
Premium only (requires Copilot license). |
Copilot Tuning (preview)
| Attribute |
Details |
| Copilot Capabilities |
Organizations provide curated SharePoint document sets that Microsoft uses to create a tuned model snapshot, producing a custom Copilot experience that reflects institutional terminology, policies, and domain knowledge |
| Data Sources |
Admin-selected SharePoint document libraries containing the tuning corpus; tuned model outputs draw on both the tuning snapshot and the user's standard Microsoft Graph-accessible content |
| Governance Considerations |
Copilot Tuning introduces model-risk and training-data governance requirements not present in other surfaces. The tuning corpus may contain sensitive or regulated content — organizations should review sensitivity labels, DLP classification, and data-owner authorization before including documents. Tuned-model snapshots are point-in-time artifacts; updates to source documents do not automatically propagate to the tuned model. Incident scenarios unique to tuning include inadvertent inclusion of restricted data in the training set, snapshot exposure to unauthorized user populations, and drift between the tuned model's knowledge and current organizational policy. Organizations should document tuning approvals, corpus lineage, and snapshot versioning as part of their model-risk inventory (Control 3.8). |
| Key Controls |
3.8 (Model risk management), 2.2 (Sensitivity labels — review before tuning), 2.1 (DLP — source data classification), 3.1 (Audit logging), 1.1 (Oversharing assessment — tuning corpus scope) |
| Access |
Premium only — available during preview to eligible tenants with at least 5,000 Microsoft 365 Copilot licenses. |
Basic vs Premium Surface Access
Microsoft distinguishes between Basic (available to all M365 users without a Copilot license) and Premium (requires a Microsoft 365 Copilot license) surface access. Basic access provides Copilot capabilities grounded only in web data, while Premium access enables grounding in organizational data via Microsoft Graph. Governance teams should map which surfaces are available at each access tier and adjust controls accordingly — Basic users generate less organizational data risk but may still produce content requiring supervision.
Extensibility Surfaces
Plugins
| Attribute |
Details |
| Copilot Capabilities |
Extend Copilot with third-party integrations (e.g., ServiceNow, Salesforce, Jira) via message extensions and API plugins |
| Data Sources |
External systems accessed by the plugin |
| Governance Considerations |
Plugins send data to and receive data from external services. Each plugin represents a potential data exfiltration path. Plugin data is not subject to M365 DLP policies at the plugin boundary. Organizations must evaluate each plugin for data classification, authentication, and audit requirements. |
| Key Controls |
2.8 (Plugin governance), 3.1 (Audit logging), 2.1 (DLP) |
Graph Connectors
| Attribute |
Details |
| Copilot Capabilities |
Extend Copilot's knowledge base with content from external systems ingested into Microsoft Graph |
| Data Sources |
External data ingested via connectors (file shares, databases, third-party SaaS) |
| Governance Considerations |
Ingested data becomes part of Copilot's grounding corpus. ACL (access control list) mapping must accurately reflect source system permissions. Misconfigured ACLs can expose external data to unauthorized users via Copilot. Sensitivity labels should be applied to ingested content. |
| Key Controls |
2.8 (Connector governance), 2.2 (Sensitivity labels), 1.1 (Access assessment) |
Declarative Agents from SharePoint
| Attribute |
Details |
| Copilot Capabilities |
Custom Copilot experiences scoped to specific SharePoint sites with custom instructions |
| Data Sources |
Specified SharePoint sites, plus the user's general M365 content |
| Governance Considerations |
Declarative agents from SharePoint are governed by this framework (not FSI-AgentGov). Site selection determines the agent's knowledge scope. Custom instructions can influence agent behavior and output tone. Agent publication should be restricted to authorized administrators. |
| Key Controls |
4.10 (Declarative agent governance), 1.2 (SharePoint permissions), 2.2 (Sensitivity labels), 3.1 (Audit logging) |
Governance Summary by Surface
Risk Tier Assignment
| Tier |
Risk Level |
Surfaces |
Governance Priority |
| Tier 1 (Highest) |
High |
Microsoft 365 Copilot Chat, Outlook, Teams, Copilot Cowork |
Full governance at all levels |
| Tier 2 |
Medium-High |
Word, Excel, PowerPoint, SharePoint, Copilot Pages, Copilot Search, Agent Mode / Edit with Copilot, Copilot Tuning (preview), Researcher, Analyst |
Sensitivity labels, DLP, audit |
| Tier 3 |
Medium |
OneNote, Loop, OneDrive, Stream, Plugins, Connectors |
Standard governance, monitoring |
| Tier 4 |
Lower |
Whiteboard, Forms, Planner, Viva suite |
Baseline governance, awareness |
Quick Reference: Controls by Surface
| Surface |
Audit (3.1) |
DLP (2.1) |
Labels (2.2) |
Retention (3.2) |
Comm Compliance (3.4) |
Oversharing (1.1) |
| Copilot Chat |
Required |
Required |
Required |
Required |
Recommended |
Critical |
| Outlook |
Required |
Required |
Required |
Required |
Required |
Required |
| Teams |
Required |
Required |
Required |
Required |
Required |
Required |
| Word |
Required |
Required |
Required |
Required |
If client-facing |
Required |
| Excel |
Required |
Required |
Recommended |
Required |
-- |
Recommended |
| PowerPoint |
Required |
Required |
Required |
Required |
If client-facing |
Required |
| SharePoint |
Required |
Required |
Required |
Required |
-- |
Critical |
| Copilot Pages |
Required |
Required |
Required |
Required |
-- |
Required |
| Copilot Search |
Required |
Required |
Required |
Required |
-- |
Required |
| Copilot Cowork |
Required |
Required |
Required |
Required |
Recommended |
Required |
| Copilot Tuning |
Required |
Recommended |
Recommended |
Recommended |
-- |
Recommended |
| Plugins |
Required |
Recommended |
-- |
Required |
-- |
-- |
| Viva suite |
Required |
Recommended |
-- |
Recommended |
-- |
-- |
FSI Copilot Governance Framework v1.4.0 - April 2026