To stay competitive, institutions today are being encouraged to experiment with artificial intelligence, and for many organizations, the simplest place to start is Copilot.
When I first talk with an organization about Copilot, they often believe they already “have Copilot” because it seems to show up everywhere in Microsoft 365. That confusion makes sense. Microsoft uses the Copilot name across several different tools, and they do not all work the same way.
In this article, I’ll walk through the main Copilot licensing models, explain the practical differences between them, and show how organizations can monitor Copilot usage in the Microsoft Admin Center.
First, it helps to understand what is included before an organization buys any additional Copilot licenses. It may seem like not buying Copilot would remove Copilot from Microsoft 365, but that is not the case.
Base corporate Microsoft 365 licenses include Microsoft 365 Copilot Chat, which I’ll refer to as “Chat” going forward. Chat is an AI chatbot that users can use for web research, brainstorming, and writing general content. It is also the technology behind the Copilot icon that appears in Word, Excel, Outlook, and other Microsoft apps.
The important limitation is that Chat does not automatically have access to everything in a user’s Microsoft 365 environment. In apps, it is generally limited to what is currently on the user’s screen. In browser chat sessions, it is limited to what the user uploads into the chat. If users are signed in with their corporate Microsoft 365 account, data sent to Copilot is not retained by the model and is not used to train the model.
One surprise for many organizations is that users can use Chat to create simple agents and share those agents with others. These Chat-based agents are usually limited to files the user uploads and websites the agent has been instructed to access. In most cases, they do not directly access Microsoft 365 resources.
I say “most cases” because there is one exception worth knowing about. If an administrator has activated pay-as-you-go billing through Copilot Studio and made it available to a user, that user may be able to create an agent that directly accesses Microsoft 365 resources or other API-connected systems, even without a Microsoft 365 Copilot license. In that case, the organization pays for the agent based on usage.
A common question is whether Copilot Chat can be completely disabled. The short answer is yes, but I usually would not recommend it.
If organizations block Copilot Chat, users may simply find other AI tools to get the help they are looking for. That can create a bigger problem because the organization may lose visibility into what data users are submitting and may not have the same protection and monitoring options available through Microsoft 365. Attempts to block every AI site also tend to turn into a moving target as new tools appear.
The next licensing layer is Microsoft 365 Copilot, which is the paid Copilot license organizations can assign to some or all users.
This version is much more powerful than Chat because it can access much of the Microsoft 365 data the licensed user already has permission to see, including SharePoint, OneDrive, Teams, and email. Instead of manually feeding Copilot the information to analyze, the user can ask broader questions across their Microsoft 365 environment.
For example, if I remember having a meeting months ago about rate sensitivity but cannot remember when it happened or what was discussed, I could ask Copilot to find the meeting, locate the transcript, identify related documents in OneDrive, find follow-up emails, and create a summary. That is where Microsoft 365 Copilot starts to feel very different from basic Chat.
That power also introduces more risk. If a user unknowingly has access to a sensitive file, Copilot may be able to surface information from that file in response to a simple prompt. Because of that, it is best practice to tighten access controls before rolling out Microsoft 365 Copilot widely.
Users with a Microsoft 365 Copilot license can also create and share agents. These agents can use the information the creator has access to, but sharing an agent does not automatically give the recipient access to the creator’s data. The recipient still needs their own permission to the data referenced by the agent.
If you are curious about how Copilot is being used in your environment, Microsoft is making that easier to review. Your Microsoft 365 administrator can open the Microsoft 365 Admin Center and select Copilot from the menu on the left.
From there, they can see how many employees are using Microsoft Copilot Chat, Microsoft 365 Copilot, and agents. If they click Agents in the left menu, they can drill into the agents users created, see who the agents were shared with, and even review the prompts used to build them.
You may also notice that some dashboard features include “Unlock with Agent 365” notes. Agent 365 is a newer Microsoft product intended to provide broader visibility into AI usage across an organization, not just Copilot. For many organizations, it may be worth watching, but it may not be something they need to pay for right away.
Bedel Security provides vCISO services to financial institutions across the country. If your financial institution needs information security leadership and insight, contact us!