Skip to content

All You Need to Know About Microsoft 365 Copilot

Microsoft 365 Copilot puts a virtual assistant inside Word, Teams, PowerPoint, Excel and Outlook. Here's how it works, and how to deploy it without exposing your sensitive data.

Sahaj Arrora
Talk to us
· Updated ·6 min read
Visual collage of the Microsoft 365 Copilot interface showing summarising, data-insight and presentation-creation features.

Are you ready to revolutionise your productivity with Microsoft 365 Copilot? Imagine a virtual assistant at your fingertips, seamlessly integrated into your favourite Microsoft tools. Word, Teams, PowerPoint, Excel and Outlook. Sounds incredible, right?

But hold on, with great innovation comes great responsibility. As exciting as it is, deploying Microsoft 365 Copilot also brings significant data-security risks. How do you balance the benefits with the pitfalls, and what steps protect your sensitive information? Let’s dig in.

How does Microsoft 365 Copilot work?

If you’re new to Copilot, it lets you use natural-language prompts to interact with your organisation’s data, generating personalised content with insights tailored to your work context.

You only see the generated response, but behind the scenes Copilot interprets your request, finds information you have access to, work files in SharePoint and OneDrive, plus email and calendar data via the Microsoft Graph, and combines it with your prompt to produce an informed answer.

1. Copilot in Word

Copilot works alongside you to summarise a long document, add to an existing one, or draft from scratch. In the “Draft with Copilot” box, type a prompt like “Summarise this document” or “Write a job-offer letter for an engineer at Company X”, then select Generate.

The first response is rarely perfect. AI works best with a little back-and-forth, so keep refining your prompt and adding context (who’s it for, why, how will you use it). You can also base a draft on existing files: select Reference a file to pull from up to 3 Word or PowerPoint files you can access in SharePoint or OneDrive. Copilot currently handles around 18,000–20,000 words per query.

Microsoft Copilot drafting in Word

2. Copilot for Teams

Copilot in Teams uses your chat and meeting content to generate insights and actionable suggestions across your most important touch points, available in one-on-one and group calls, scheduled private meetings, channel meetings, meeting series and Meet Now.

The meeting must be created by someone in your organisation, with transcription turned on. Late to a meeting? Open Copilot from the meeting controls and ask “Summarise what I’ve missed in the first 10 minutes.” After a call, use Ask about this call or the Recap tab to catch up. In chats, Open Copilot to synthesise threads, “Summarise what I’ve missed in the last 7 days”, with numbered citations linking back to the source message (30-day history; it won’t reference images, loop components or shared files).

Microsoft Copilot summarising in Teams

3. Copilot in PowerPoint

Copilot turns inspiration into polished presentations, create, edit and reorganise decks. Give it a topic like “Create a presentation about reducing our business carbon footprint” and it drafts designed slides using your templates, branding and animation. You can build a deck straight from a Word document, restructure slides, or get a quick bulleted summary of a long deck.

Microsoft Copilot building a deck in PowerPoint

4. Copilot in Excel

Copilot helps you analyse and visualise data in Excel tables, suggesting formula columns, highlighting key data, surfacing insights and answering follow-up questions like “Add a graph showing total advertising costs per region last quarter.” The file must live on OneDrive or SharePoint; format your data as a table, select the Copilot button, and describe what you want (“Bold the top 10 values in the Expenses column”).

Always check the output

Copilot presents formulas and insights fluently and confidently, but it can’t truly comprehend meaning or assess accuracy, so its output may be wrong. Review everything, exercise your judgment, and be specific in your prompts (name the exact column headers for formatting or analysis).

Microsoft Copilot analysing data in Excel

5. Copilot in Outlook

For heavy emailers, Copilot can turn hours of replies into minutes. It triages your inbox by highlighting and organising your most important emails, drafts and revises messages, adds context, signs off and even replicates your tone. Select the Copilot icon → Draft with Copilot, type your prompt (“Let the team know we’ve postponed the town hall”) and choose a length and tone (direct, casual, formal). It can also summarise long threads with numbered citations.

Currently Copilot in Outlook supports work or school accounts and Microsoft accounts on outlook.com, hotmail.com, live.com and msn.com. Third-party providers like Gmail, Yahoo or iCloud can still use Outlook, but without Copilot features.

Microsoft Copilot drafting email in Outlook

Is your data protected when using Microsoft Copilot?

None of the data Copilot uses is retained by the language model, but to use generative AI securely you should protect data at every stage, from the user prompt to the retrieved information and the generated response. That’s why it’s crucial to secure your Microsoft 365 tenant before deploying Microsoft 365 Copilot. Here’s what could happen if you don’t:

To prevent breaches, review and adjust folder permissions so only authorised people can reach sensitive folders, and keep membership lists up to date so someone like George can’t access confidential data. The good news is that controls for security and privacy over your data exist at every stage, and they leverage the sensitivity labels and policies you already have in place.

Basic steps to protect your data

  1. Check who can access your data

    Review your access permissions and apply just-enough-access and “least privilege” across your entire data estate, people should only have as much access as they genuinely need.

  2. Review who can see what in SharePoint

    If you have admin tools, review SharePoint access, prioritising the most sensitive sites. Find sites set to public (discoverable by all employees) and require owners to verify ownership, members and visitors.

  3. Bring in advanced controls

    Talk to your IT support team about auto-labelling and data loss prevention, tools that automatically find and protect sensitive information like bank numbers or addresses.

  4. Apply sensitivity labels in Microsoft Purview

    Setting and applying labels in Microsoft Purview can automatically discover data, limit its sharing radius and apply encryption via policy, combined with data loss prevention (DLP) policies for sensitive information types.

  5. Limit what devices can do

    Endpoint DLP policies can stop users copying sensitive data to their clipboard and onto places it shouldn’t go, like unapproved websites and AI assistant tools.

How Sereno can help

Ready to make the most of Microsoft 365 Copilot while keeping your data safe? Let’s chat, take advantage of our free IT consultation, where our experts address all your questions and concerns. We also provide pre-Copilot assessment projects: a comprehensive audit to make sure you’ll get the most out of Copilot before you invest, plus a review of every permission type across your Microsoft ecosystem.

Deploying Copilot is like a golden grenade, full of potential, but it could blow up your business if it isn’t handled properly.

So make sure you’re equipped with the knowledge and safeguards to make the most of this transformative tool without risking unintended consequences. Contact us today to schedule your assessment.

Share this article

Written by

Sahaj Arrora

Part of the Sereno IT team helping growing UK businesses make confident, jargon-free technology decisions. Read more ai & productivity guidance in our AI & Productivity library.

Getting More from Microsoft 365

Ready to take the next step?

Friendly, no-jargon guidance from the Sereno team. Tell us what's going on with your IT, we'll tell you what to do about it.

Talk to a Microsoft 365 specialist