Body
Microsoft Copilot Chat: Enterprise Data Protection (EDP) refers to controls and commitments, under the Data Protection Addendum (DPA) and Product Terms, that apply to customer data for users of Microsoft 365 Copilot Chat. These commitments include:
- Securing your data: Encryption at rest and in transit, rigorous physical security controls, and data isolation between tenants.
-
Ensuring your data is private: Microsoft or Villanova won’t use your data except as you instruct. Privacy commitments include support for GDPR, ISO/IEC 27018, and Data Protection Addendum.
-
Access controls and policies apply to Copilot: Copilot respects permissions of files, sensitivity labels, retention policies, audit log, etc.
-
You are protected against AI security and copyright risks: Microsoft helps safeguard against AI-focused risks such as harmful content and prompt injections. For content copyright concerns, Microsoft provides protected material detection per the Customer Copyright Commitment.
-
Your data isn’t used to train foundation models: Prompts, responses, and data accessed through Microsoft Graph aren’t used to train foundation models.