All You Need to Know About Microsoft 365 Copilot

Are you ready to revolutionise your productivity with Microsoft 365 Copilot? Imagine having a virtual assistant at your fingertips, seamlessly integrated into your favourite Microsoft tools like Word, Teams, PowerPoint, Excel, and Outlook. Sounds incredible, right?  

But hold on—with great innovation comes great responsibility. As exciting as it is, deploying Microsoft 365 Copilot also brings significant data security risks. How do you balance the benefits with the potential pitfalls? And what steps can you take to safeguard your sensitive information? In this article, we’ll delve into all these questions and more. 

In this article, we cover:

How does Microsoft 365 Copilot work?

If you’re new to Copilot and wondering how it works, it basically allows you to use natural language prompts to interact with your organisation’s data. It generates personalised content and responses with relevant insights tailored to your work context. 

While you only see the generated response in your original prompt, Copilot interprets your request behind the scenes. It finds information you have access to within your organisation, like your work files in SharePoint and OneDrive, as well as email and calendar data via the Microsoft Graph. Then, it presents this information along with your original prompt to generate a personalised and informed response.

Copilot in Word

Copilot in Word works alongside you to transform your productivity. You can summarise a lengthy document, add content to an existing document, or start with a new blank document. 

In the “Draft with Copilot” box, type or paste your prompt. For example, “Summarise this document” or “Write a job offer letter for an engineer position at Company X.” Then, select “Generate,” and Copilot will draft new content for you. 

Often, the first response isn’t perfect. Artificial intelligence (AI) works best with a little back-and-forth conversation. So keep fine-tuning the result by modifying your prompt and adding specific details. For even better results, give Copilot more context to work with. For example, who’s the content for? Why do you need it? How do you plan to use it? 

The more you tell it, the more detailed and specific Copilot can be with the draft. For example, if you have “job responsibilities” or a list that Copilot can work from, go ahead and add that to your prompt. 

You can also base your new document on a file you already have; you can tell it to do that. In the “Draft with Copilot” dialogue, select “Reference a file” to choose up to 3 files that you have permission to access in your organisation’s SharePoint or OneDrive. These files can be either Word or PowerPoint files. Copilot is currently limited to processing a maximum of around 18,000 to 20,000 words for a single query or prompt. 

  Copilot in Word - Sereno IT

Copilot for Teams 

Microsoft Copilot for Teams comes with a lot of features that enhance collaboration and take the work out of working together. Copilot in Teams uses your team chat and meeting content to generate insights and actionable suggestions alongside your most important team touch points. 

  • Copilot is available for the following meetings and calls: 
  • One-on-one and group calls 
  • Single meetings or scheduled private meetings 
  • Instances or occurrences of meetings in a series 
  • Channel meetings 
  • Meet Now 


To use Copilot in team meetings and calls, the meeting needs to be created by someone in your organisation, and transcription must be turned on. You can access Copilot during a meeting or call to capture action items, different perspectives, or unresolved questions. 

For instance, if you’re late to a meeting and want a recap of what you’ve missed while still in the meeting, go to the meeting controls and select Copilot. It will appear on the right side of the meeting window. Then type your prompt into the compose box. Copilot will process content from the meeting transcript to generate a response, for example, “Summarise what I’ve missed in the first 10 minutes of the meeting.” 

You can also use it after calls and meetings to summarise key points or catch up on any discussions you have missed. Go to Calls on the left side of Teams. From there, go to your team’s call history, select “Ask about this call,” and open Copilot. For meetings, select the meeting in your Teams calendar. From there, select the Recap tab in your meeting details. For example, “What opinions did team members have about this campaign?” 

Copilot in Teams can also help you get up to speed on conversations in team chats by synthesising key information from your chat threads and quickly reviewing the main points, action items, and decisions. To get started, go to Chat on the left side of Teams, then select a specific chat from the list. Then select “Open Copilot” in the upper-right corner of the chat. Then, in the chat, you can input your questions about the conversation. 

For example, “Summarise what I’ve missed in the last 7 days” or “What did [a member of the chat] say?” It will generate key takeaways with numbered citations next to each statement in the response, which will take you to the transcript so you can see which particular message Copilot drew these conclusions from. Copilot references information from the message thread in which it is opened, with a 30-day history, but won’t be able to reference images, loop components, or files shared in the chat thread. 

With Copilot, you can also opt to follow a meeting. After the meeting ends, Copilot will summarise what you missed. You’ll get a notification in Teams when the recap is ready. This recap will highlight content that was shared, summarise notes, and provide any action items for you or others whose names were mentioned. 


Copilot in Teams - Sereno IT

CoPilot in PowerPoint 

CoPilot in PowerPoint helps turn your inspiration into stunning and professional presentations. It helps you create, edit, and organise your presentations, whether you want to create a new one, summarise an existing one, or reorganise it. 

The chat opens easily on the right, where you can input and write prompts. You can give it a topic, for example, “Create a presentation about reducing business carbon footprint,” and it will start drafting the entire presentation in nicely designed slides or existing templates with your company branding as well as animation. 

With CoPilot in PowerPoint, you can create a presentation from an existing Word document. You just have to add the link to your Word document, and it will generate slides, apply layouts, and choose a theme for you. Then, you can further ask to restructure your slides or add other slides about additional points and make the changes work for you. 

And should you need a quick summary from a long slide deck and need to get to the gist of the main points quickly, CoPilot in PowerPoint can read through the deck and give you a bulleted summary so you can understand the key points. 

  Copilot in PowerPoint - Sereno IT

Copilot in Excel 

Microsoft Copilot in Excel helps you analyse and visualise your data in Excel tables. It can generate formula column suggestions, highlight important portions of data, show insights, and even answer specific follow-up questions you ask about your data. For example, “Add a graph that shows the total advertising costs for each region last quarter.” 

In order to work with Copilot in Excel, the file has to be stored on OneDrive or SharePoint. To get started, you format your data as a table, then select the Copilot button in the ribbon. Then, in the chat pane, tell Copilot how you’d like to manipulate the table. You can type in your own words or use the suggested prompts. You will be able to sort and filter your data, as well as apply simple conditional formatting to quickly call attention to what matters to you. For instance, you can ask, “Bold the top 10 values in the Expenses column.” 

As with any AI-generated content, Copilot for Microsoft 365 generates insights and formulas, presenting them in a fluent, grammatically correct manner. However, its generated content may be inaccurate or inappropriate, as it lacks the ability to comprehend meaning or assess accuracy. Therefore, it’s essential to review its output and exercise your judgment. Be specific in your questions, providing detailed information to enable Copilot to offer better assistance. This involves clearly specifying column headers for formatting or analysis queries. 

Copilot in Excel - Sereno IT

Copilot in Outlook 

For those who email a lot, Outlook in Microsoft 365 Copilot can turn hours of answering emails into minutes, making Copilot and Outlook a total game changer. Microsoft 365 Copilot can help you triage your inbox by highlighting and organising your most important emails and understanding email conversations. It can also revise emails to add more context, sign them off, and replicate your tone to become a digital version of you, leaving you just needing to review your email and send it off. 

To start a new message, select the Copilot icon from the toolbar, then select “Draft with Copilot” from the drop-down menu. In the copilot box, type your prompt. For example, “Let the team know we decided to postpone the company’s town hall meeting,” and finally choose your desired length and tone, e.g., direct, casual, or formal, etc. 

Copilot in Outlook can also help you catch up on your email quickly. You pick the conversation you want, and Copilot will scan it for key points, creating a summary for you that includes numbered citations. When selected, these citations take you to the corresponding email in the thread. 

Currently, Copilot in Outlook only supports work or school accounts and Microsoft accounts using,,, and email addresses at this time. Any Microsoft account using an account from a third-party email provider, such as Gmail, Yahoo, or iCloud, can still use Outlook but won’t have access to the Copilot features in Outlook. 

  Copilot in Outlook - Sereno IT

Is your data protected when using Microsoft Copilot?

Even though none of the information and data used by Copilot is retained by the large language model, to securely take full advantage of generative AI, you can and should protect data at every stage, from the information contained in the user prompt to the information retrieved based on user access permissions and the generated response itself. This ensures that sensitive data is not inadvertently exposed when it shouldn’t be. That’s why it’s crucial to ensure the security of your Office 365 tenant before deploying Microsoft 365 Copilot. Here is what could happen if you don’t… 


Example 1: 

Let’s say Michael and George co-own a company and have access to the owner folder containing sensitive files like accounting and payroll documents. However, George later transitions to a sales role, but his access to the owner folder isn’t revoked by IT support. 

George then installs Microsoft 365 Copilot, allowing him to search every document in the owner folder despite no longer being an owner. This poses a significant security risk as he could access sensitive information he’s not authorised to see. 


Example 2 

Imagine that an employee at a financial institution needs to compile a report on recent client transactions for an audit. They have access to the necessary documents stored in SharePoint but are not familiar with the specific details within each document. Instead of carefully searching and reviewing the documents themselves, they decide to use Copilot to retrieve the information quickly. 

The employee inputs a vague prompt into Copilot, requesting details on recent client transactions. Copilot, without understanding the sensitivity of the information or the need for confidentiality, generates a detailed summary of the transactions, including client names, account numbers, and transaction amounts. 

Unaware of the potential risks, the employee incorporates this information into their report without thoroughly reviewing it. However, they inadvertently shared the report with unauthorised individuals outside the organisation due to an oversight in the distribution list. 

As a result, sensitive client information is exposed to unauthorised parties, leading to a data breach.  


To prevent such breaches, it’s essential to review and adjust folder permissions. For instance, ensuring that only authorised personnel have access to sensitive folders. Additionally, membership lists should be regularly checked and updated to prevent unauthorised users like George from accessing confidential data. Otherwise, tools like Microsoft 365 Copilot could inadvertently expose sensitive information, leading to data breaches and compromising security. 

The good news is that controls for security and privacy over your data exist at every stage and will leverage the sensitivity labels and corresponding policies that you already have in place. 

So what are some basic steps that you can take to protect your data?

First, check who can access your data and make sure they only have as much access as they need. Look at your data access permissions and apply the principles of “just enough access” as well as “least privileged” for information across your entire data estate. 

If you have access to Microsoft 365 administrator tools, one of the first recommended steps you can take is to review who can see what in SharePoint. Look at SharePoint site access, prioritising the sites containing the most sensitive information. Start by looking for sites that have their privacy set to public, meaning all employees can discover and access them. From there, you can require that site owners verify ownership, as well as who should be members or visitors of these sites, to limit access. 

You can also talk to your IT support team about more ways and more advanced controls to protect your data. They can help with things like auto-labelling and data loss prevention. These tools can automatically find and protect sensitive information in your documents, like bank numbers or addresses. 

Setting and applying labels in Microsoft Purview, for instance, can automatically help you discover, limit the sharing radius, and apply encryption directly using policies. These can also be applied based on the content within the documents using data loss prevention or DLP policies with sensitive information types, like banking numbers, addresses, identification types, tax information, and more. 

It’s also important to limit what people can do with their devices. Your IT support team can set up rules, such as endpoint DLP policies, to prevent users from copying sensitive data to their clipboards and then onto places it shouldn’t be, for example, unapproved websites and AI assistance sites. 

How Sereno Can Help

So, are you ready to make the most of Microsoft 365 Copilot while keeping your data safe? Let’s chat and take advantage of our free IT consultation, where our experts will address all your questions and concerns. 

We also provide pre-Copilot assessment projects, where we conduct a comprehensive audit to ensure you are able to make the most out of Copilot before you invest, and also review all permission types you have without your Microsoft ecosystems.  

Deploying Copilot is like a golden grenade—full of potential opportunities, but it could also blowup your business if not handled properly. So, ensure you’re equipped with the knowledge and safeguards necessary to make the most of this transformative tool without risking unintended consequences. Contact us today to schedule your assessment! 

Share this post on

Got a specific IT support use case to discuss?

We’re here to answer any question you might have. Get in touch today!

Grow Your Cyber Security Awareness

Join our quarterly newsletter to receive our experts’ insights, best practices, tips and market updates to help grow your business IT security.

You can unsubscribe anytime. For more details, review our Privacy Policy.