This chapter covers the Microsoft Copilot Ecosystem, a key topic under Generative AI for the AI-900 exam. Understanding Copilot's architecture, capabilities, and limitations is crucial because questions on this topic appear in approximately 10-15% of the exam. We will dissect how Copilot integrates with Microsoft 365, Azure, and third-party services, its security model, and the differences between Copilot for Microsoft 365, GitHub Copilot, and Azure AI Studio copilots. By the end, you will be able to answer scenario-based questions about which Copilot to use and how it processes prompts.
Jump to a section
Imagine a large corporation where employees (users) need to access various departments (Microsoft 365 apps, Azure services, web, etc.). The CEO (user) has a personal assistant (Microsoft Copilot) who is exceptionally skilled and has direct access to every department's internal systems (Microsoft Graph, Bing, Azure OpenAI). When the CEO asks, 'Summarize this morning's emails and find the latest sales report in SharePoint,' the assistant doesn't just fetch documents; it uses its deep integration to log into the email system (Exchange Online), read and summarize the emails, then navigate to the SharePoint site, locate the report, and even analyze its content. The assistant can also draft a response based on the CEO's style and send it via email. Crucially, the assistant cannot access anything outside the corporation's network (no external data sources unless explicitly connected via plugins). The assistant's actions are governed by the CEO's permissions—if the CEO has no access to finance data, the assistant cannot retrieve it. The assistant also logs every action for audit. This mirrors how Microsoft Copilot works: it uses a centralized orchestration layer (Copilot system) that calls Microsoft Graph APIs, Bing search, and Azure OpenAI models, all within the tenant's security boundaries, to generate responses grounded in user data and the web. The 'plugins' act as additional departments the assistant can visit, but only if the CEO (admin) grants permission.
What is the Microsoft Copilot Ecosystem?
The Microsoft Copilot Ecosystem refers to the family of AI-powered assistants built on Azure OpenAI Service and integrated into Microsoft products. The core concept is a conversational interface that uses large language models (LLMs) to help users accomplish tasks across Microsoft 365 apps, Windows, Azure, and the web. Copilot is not a single product but a platform: it includes Copilot for Microsoft 365, GitHub Copilot, Windows Copilot, and custom copilots built with Azure AI Studio. On the AI-900 exam, you must understand the shared underlying architecture and the specific capabilities of each variant.
How Copilot Works Internally
When a user submits a prompt in Copilot (e.g., in Microsoft Teams), the following steps occur:
Prompt Ingestion: The prompt is sent to the Copilot backend, which runs in the Microsoft 365 service boundary. The prompt is preprocessed to remove any sensitive information (like credit card numbers) using Microsoft's data loss prevention (DLP) policies.
Grounding: Copilot uses Microsoft Graph to retrieve relevant data from the user's Microsoft 365 tenant. For example, if the prompt is 'Summarize my emails about the Q3 project,' Copilot calls Graph API to fetch emails from Exchange Online that match the criteria. This data is called 'grounding data' because it grounds the LLM response in real user data.
Orchestration: The Copilot orchestration layer combines the user prompt, the grounding data, and any plugin instructions into a single prompt for the LLM. This orchestration also applies Microsoft's Responsible AI filters (content moderation, jailbreak detection) and tenant-specific policies.
LLM Inference: The composed prompt is sent to an Azure OpenAI Service endpoint (specifically a GPT-4 model). The model generates a response. Importantly, Microsoft does not use user data to retrain the base models; the data is processed only for the specific request and not stored beyond the session.
Post-processing: The response is filtered again for safety, and any citations (e.g., links to specific emails or documents) are added. The final response is returned to the user's app.
Key Components and Defaults
Microsoft Graph: The API gateway that provides access to Microsoft 365 data (emails, files, calendar, etc.). Copilot uses Graph with the user's delegated permissions.
Bing Search: Used for grounding on web data when the prompt requires real-time information (e.g., 'What is the weather today?'). Copilot can optionally search the web; this is controlled by admin policies.
Azure OpenAI Service: The underlying LLM. Microsoft uses a dedicated instance per tenant to ensure data isolation. The default model is GPT-4 with a context window of 32K tokens (approximately 24,000 words).
Plugins: Connectors to third-party services (e.g., Jira, Salesforce). Plugins must be enabled by an admin and are subject to the same data governance policies.
Copilot Studio: A low-code tool to build custom copilots that can be published to Microsoft Teams or other channels. These custom copilots can use Azure AI Studio for more advanced AI orchestration.
Configuration and Verification
Admins configure Copilot in the Microsoft 365 admin center under 'Copilot settings'. Key settings include: - Data access: Which Microsoft 365 services Copilot can query (e.g., Exchange, SharePoint). - Web grounding: Enable or disable Bing search. - Plugins: Allow or block specific plugins. - Audit logging: Copilot interactions are logged in the Microsoft Purview compliance portal for DLP and eDiscovery.
To verify Copilot is working, an admin can test a prompt in the Microsoft 365 admin center using the 'Test Copilot' feature. For custom copilots built with Copilot Studio, the 'Test' pane allows real-time interaction.
Interaction with Related Technologies
Azure OpenAI Service: Copilot for Microsoft 365 uses Azure OpenAI under the hood, but customers cannot directly access the model endpoints. In contrast, Azure OpenAI Service allows custom deployments of GPT models for building your own applications.
Bing Chat Enterprise: This is a separate product that provides AI chat with commercial data protection. It uses the same underlying technology as Copilot but is focused on web search and does not integrate with Microsoft 365 data.
Microsoft 365 Copilot vs. GitHub Copilot: GitHub Copilot is specifically for code generation in IDEs like VS Code, using a different model (Codex-based) and does not access Microsoft 365 data.
Licensing and Availability
Copilot for Microsoft 365 requires a license (currently $30/user/month) on top of an eligible Microsoft 365 subscription (E3, E5, Business Standard, etc.). GitHub Copilot is $10/user/month for individuals. Custom copilots built with Copilot Studio require an Azure subscription and consumption of Azure OpenAI resources.
Security and Compliance
All Copilot interactions are processed within the Microsoft 365 compliance boundary. Data is encrypted in transit and at rest. Copilot adheres to the same compliance certifications as Microsoft 365 (ISO 27001, SOC 2, etc.). The 'no training on customer data' policy is enforced contractually. Admins can use Microsoft Purview to audit Copilot usage and set data loss prevention policies that apply to Copilot prompts and responses.
Exam-Relevant Numbers and Terms
Context window: 32K tokens (GPT-4)
License cost: $30/user/month for Microsoft 365 Copilot
Key integration: Microsoft Graph
Grounding: The process of augmenting prompts with real data from the user's environment
Plugins: Extend Copilot to third-party services
Copilot Studio: For building custom copilots without coding
Azure AI Studio: For building advanced copilots with custom AI orchestration
Common Exam Scenarios
Scenario: A user asks Copilot to 'Find the Q2 budget spreadsheet.' Correct answer: Copilot uses Microsoft Graph to search SharePoint. Wrong answer: Copilot searches the web.
Scenario: A company wants to build an internal FAQ bot. Correct answer: Use Copilot Studio or Azure AI Studio. Wrong answer: Use GitHub Copilot.
Scenario: An admin wants to ensure Copilot does not access external data. Correct answer: Disable web grounding in Copilot settings. Wrong answer: Disable the internet for all users.
Summary of Architecture
User Prompt -> Copilot Orchestrator -> Microsoft Graph (grounding) -> Azure OpenAI (LLM) -> Response with citationsThe orchestrator is the critical component that manages grounding, safety filters, and plugin execution. This architecture ensures that responses are accurate, secure, and compliant.
User Submits Prompt
The user types a prompt in a Copilot-enabled application (e.g., Microsoft Teams, Word, or the standalone copilot.microsoft.com). The prompt is sent over HTTPS to the Copilot backend. The backend immediately applies Microsoft's Data Loss Prevention (DLP) policies to scan for sensitive information like credit card numbers or passwords. If DLP triggers, the prompt may be blocked or redacted. The prompt is also checked against tenant-specific content filters (e.g., custom sensitive information types). This step happens in milliseconds and is transparent to the user.
Orchestrator Prepares Context
The Copilot orchestration layer analyzes the prompt to determine which data sources are needed. It uses a built-in intent classifier to decide whether the prompt requires Microsoft 365 data (e.g., 'Show my calendar'), web data (e.g., 'What's the weather?'), or both. If Microsoft 365 data is needed, the orchestrator calls Microsoft Graph API with the user's OAuth token. Graph returns relevant items (e.g., emails, files) based on the user's permissions. The orchestrator also checks if any enabled plugins (e.g., Jira, ServiceNow) match the intent. It then constructs a 'meta-prompt' that includes the original user prompt, the retrieved data, and system instructions (e.g., 'Be concise, cite sources').
LLM Generates Response
The meta-prompt is sent to an Azure OpenAI Service endpoint running a GPT-4 model. The model processes the prompt and generates a text response. This step uses the model's 32K token context window. The response is generated token by token, with each token being a word or subword. The model's inference can take several seconds depending on the complexity and length of the response. During generation, the model cannot access any external data; it relies solely on the context provided in the meta-prompt. This ensures that no new data is leaked.
Safety Filters Applied
Before the response is returned to the user, it passes through Microsoft's Responsible AI filters. These include content moderation (detecting hate speech, violence, etc.), jailbreak detection (prompts attempting to bypass safety rules), and citation validation (ensuring that cited sources actually exist and are accessible to the user). If the response violates any policy, it may be blocked, truncated, or replaced with a generic message. Additionally, the response is checked against the tenant's custom DLP policies. This step is critical for compliance and is a key exam topic.
Response Delivered to User
The final filtered response is sent back to the application. The response includes the generated text and, where applicable, inline citations (e.g., 'Based on the email from John Doe on March 15'). The user can interact further by asking follow-up questions, which will be processed as a new prompt (the conversation history is maintained for the session). Copilot also logs the entire interaction in the Microsoft 365 audit log for compliance purposes. The log includes the original prompt, the response, and any data sources accessed. Admins can review these logs in the Microsoft Purview compliance portal.
Scenario 1: Enterprise Email Summarization
A large law firm with 5,000 users deploys Microsoft 365 Copilot to help lawyers summarize email threads and draft responses. The problem: lawyers spend 2-3 hours daily reading and replying to emails. Copilot is configured with Exchange Online access and web grounding disabled to prevent external data leaks. Lawyers use Copilot in Outlook with prompts like 'Summarize the latest email thread from client X regarding contract revisions.' Copilot uses Microsoft Graph to fetch the relevant thread, then GPT-4 generates a concise summary. The firm reports a 30% reduction in email processing time. However, a common misconfiguration is forgetting to enable DLP policies for confidential client information; without it, Copilot might inadvertently include sensitive data in its response. The firm uses Microsoft Purview to audit all Copilot interactions and set up alerts for any prompt containing 'confidential'.
Scenario 2: Custom Copilot for IT Support
A mid-sized tech company uses Copilot Studio to build an internal IT support bot. The bot is integrated with the company's ServiceNow instance via a plugin. Employees can ask 'Reset my password' or 'How do I connect to VPN?' The bot retrieves knowledge base articles from SharePoint and can create ServiceNow tickets. The bot is published to Microsoft Teams. Scale: 2,000 employees. Performance considerations: The bot uses a GPT-4 model with a 32K context window; for very long knowledge base articles, the bot may truncate content. The company mitigates this by splitting articles into smaller chunks. A common failure: if the plugin connection to ServiceNow fails, the bot cannot create tickets; the company implements a fallback that tells the user to email the help desk. The bot's interactions are logged for continuous improvement.
Scenario 3: GitHub Copilot for Development
A software development team uses GitHub Copilot in Visual Studio Code to accelerate coding. The team of 50 developers uses the $10/user/month license. GitHub Copilot suggests code completions based on the current file and project context. It uses a Codex model (a descendant of GPT-3) that is different from the GPT-4 used in Microsoft 365 Copilot. The team observes a 40% increase in coding speed. However, they must be careful about code licensing: GitHub Copilot may suggest code that resembles open-source code. The company enforces a policy that all AI-generated code must be reviewed for license compliance. A common mistake is assuming GitHub Copilot can access Microsoft 365 data; it cannot—it only sees the code in the IDE.
What AI-900 Tests on This Topic
The AI-900 exam (Objective 5.4: Describe the Microsoft Copilot ecosystem) expects you to:
Identify the different Copilot products (Microsoft 365 Copilot, GitHub Copilot, Windows Copilot, Copilot Studio, Azure AI Studio).
Understand the role of Microsoft Graph in grounding Copilot responses.
Recognize that Copilot uses Azure OpenAI Service (GPT-4) under the hood.
Know that Copilot processes data within the Microsoft 365 compliance boundary and does not train on customer data.
Understand the licensing model (per-user subscription for Microsoft 365 Copilot).
Common Wrong Answers and Why Candidates Choose Them
1. Wrong: 'Copilot for Microsoft 365 can access any data on the internet.' - Why chosen: Candidates confuse Copilot with Bing Chat. Reality: Copilot can optionally use web grounding, but it is disabled by default for commercial data protection. The primary data source is Microsoft Graph.
2. Wrong: 'GitHub Copilot uses GPT-4.' - Why chosen: Both are 'Copilot' and both use Azure OpenAI. Reality: GitHub Copilot uses a Codex model (based on GPT-3), not GPT-4. Microsoft 365 Copilot uses GPT-4.
3. Wrong: 'Custom copilots built with Copilot Studio require coding.' - Why chosen: Candidates assume building an AI bot requires programming. Reality: Copilot Studio is a low-code/no-code tool. Azure AI Studio requires more technical skill but is not required for simple bots.
4. Wrong: 'Copilot stores user prompts to improve the model.' - Why chosen: Many cloud services use data for training. Reality: Microsoft contractually does not use customer data to train foundation models. Prompts are processed and discarded (except for audit logs).
Specific Numbers and Terms That Appear Verbatim
$30/user/month: Microsoft 365 Copilot license cost.
Microsoft Graph: The data gateway.
32K tokens: GPT-4 context window.
Copilot Studio: For building custom copilots.
Azure AI Studio: For more advanced AI orchestration.
Grounding: The process of using real data to inform LLM responses.
Edge Cases and Exceptions
Multi-geo tenants: If a tenant has data in multiple geographic locations, Copilot will only access data in the user's home region unless cross-region access is configured.
Service limits: Copilot has rate limits (e.g., 60 requests per minute per user) to prevent abuse.
Unsupported languages: Copilot works best in English; other languages may have reduced accuracy.
Guest users: External guest users cannot use Copilot because they lack the required license.
How to Eliminate Wrong Answers
If the question mentions 'code completion' or 'IDE', the answer is GitHub Copilot.
If the question mentions 'Microsoft 365 data' or 'emails', the answer is Microsoft 365 Copilot.
If the question mentions 'building a custom bot without coding', the answer is Copilot Studio.
If the question mentions 'data privacy' or 'compliance', look for answers stating 'no training on customer data' or 'Microsoft Graph'.
Microsoft Copilot is a family of AI assistants; know the differences between Microsoft 365 Copilot, GitHub Copilot, Windows Copilot, and custom copilots.
Microsoft 365 Copilot uses GPT-4 with a 32K token context window and costs $30/user/month.
Copilot grounds responses in user data via Microsoft Graph and optionally the web via Bing.
Microsoft does not use customer data to train foundation models; data is processed in the Microsoft 365 compliance boundary.
Copilot Studio is a low-code tool for building custom copilots; Azure AI Studio is for advanced AI orchestration.
GitHub Copilot uses a Codex model (not GPT-4) and is for code generation in IDEs.
Admin can disable web grounding and manage plugins via the Microsoft 365 admin center.
All Copilot interactions are auditable in Microsoft Purview for compliance.
These come up on the exam all the time. Here's how to tell them apart.
Microsoft 365 Copilot
Integrates with Microsoft 365 apps (Word, Excel, Teams, Outlook).
Uses GPT-4 model with 32K token context window.
Grounds responses in Microsoft 365 data via Microsoft Graph.
Licensed at $30/user/month on top of Microsoft 365 subscription.
Designed for general productivity tasks (email, documents, meetings).
GitHub Copilot
Integrates with IDEs (VS Code, Visual Studio, JetBrains).
Uses Codex model (based on GPT-3) optimized for code.
Grounds responses in code context (current file, project).
Licensed at $10/user/month for individuals.
Designed for code completion and generation.
Mistake
Microsoft Copilot is a single product that works the same everywhere.
Correct
Copilot is a family of products: Microsoft 365 Copilot (for Office apps), GitHub Copilot (for code), Windows Copilot (OS level), and custom copilots built with Copilot Studio or Azure AI Studio. Each has different capabilities and data sources.
Mistake
Copilot for Microsoft 365 can access any file in the tenant, regardless of permissions.
Correct
Copilot only accesses data that the user has permission to see. It uses Microsoft Graph with the user's delegated permissions. If a user cannot access a file in SharePoint, Copilot cannot retrieve it either.
Mistake
Copilot uses customer data to retrain the underlying AI model.
Correct
Microsoft has a contractual commitment not to use customer data (prompts, responses, grounding data) to train or improve the base models. Data is processed only for the specific request and is not stored beyond the session (except for audit logs).
Mistake
GitHub Copilot and Microsoft 365 Copilot use the same AI model.
Correct
GitHub Copilot uses a Codex model (based on GPT-3) optimized for code generation. Microsoft 365 Copilot uses GPT-4, a more advanced general-purpose model. They are different models deployed on Azure OpenAI.
Mistake
You need to be a developer to build a custom copilot.
Correct
Copilot Studio is a low-code/no-code tool that allows non-developers to create copilots using a graphical interface. For more advanced scenarios, Azure AI Studio provides a code-based environment, but it is not required for basic bots.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Microsoft Copilot (Microsoft 365 Copilot) is integrated into Microsoft 365 apps and uses Microsoft Graph to access your work data (emails, files, calendar). Bing Chat Enterprise is a separate product that provides AI-powered chat with commercial data protection but focuses on web search and does not integrate with Microsoft 365 data. Both use Azure OpenAI and do not train on customer data, but they have different data sources and use cases.
No, Microsoft 365 Copilot requires an eligible Microsoft 365 subscription (E3, E5, Business Standard, Business Premium, or equivalent) plus a Copilot license ($30/user/month). Without the base subscription, you cannot use Copilot for Microsoft 365. However, you can use the free Copilot at copilot.microsoft.com with a personal Microsoft account, but that version does not access your work data.
No, Copilot for Microsoft 365 requires cloud-hosted Microsoft 365 services (Exchange Online, SharePoint Online). It cannot access on-premises Exchange or SharePoint servers because it relies on Microsoft Graph, which only connects to cloud services. For hybrid environments, you would need to migrate mailboxes and sites to the cloud.
Copilot uses Microsoft's Data Loss Prevention (DLP) policies to scan prompts and responses for sensitive information. If DLP detects a credit card number, the prompt may be blocked or the sensitive data redacted. Additionally, admins can configure custom DLP policies via Microsoft Purview. Copilot also applies Microsoft's Responsible AI filters to prevent the generation of harmful content.
Yes, using Copilot Studio or Azure AI Studio. Copilot Studio allows you to connect to data sources like SharePoint, OneDrive, and custom web content via plugins. Azure AI Studio provides more flexibility, allowing you to use Azure Cognitive Search, custom APIs, and even your own fine-tuned models. Both use the same underlying Azure OpenAI technology.
Copilot for Microsoft 365 is optimized for English and works best in that language. It supports several other languages (e.g., Spanish, French, German, Chinese) but with potentially lower accuracy. The underlying GPT-4 model is multilingual, but the grounding and orchestration layers may have limitations. Microsoft is continuously expanding language support.
Copilot has rate limits to ensure fair usage and system stability. For Microsoft 365 Copilot, the limit is approximately 60 requests per minute per user. If exceeded, the user may receive a 'Too many requests' error and need to wait before sending more prompts. Admins cannot increase this limit; it is set by Microsoft.
You've just covered Microsoft Copilot Ecosystem — now see how well it sticks with free AI-900 practice questions. Full explanations included, no account needed.
Done with this chapter?