| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| microsoft-365-copilot-privacy | Microsoft 365 Copilot Privacy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-privacy.md | Microsoft 365 Copilot provides value by connecting LLMs to your organizational d Microsoft 365 Copilot only surfaces organizational data to which individual users have at least view permissions. It's important that you're using the permission models available in Microsoft 365 services, such as SharePoint, to help ensure the right users or groups have the right access to the right content within your organization. This includes permissions you give to users outside your organization through inter-tenant collaboration solutions, such as [shared channels in Microsoft Teams](/microsoftteams/shared-channels). -When you enter prompts using Microsoft 365 Copilot, the information contained within your prompts, the data they retrieve, and the generated responses remain within the Microsoft 365 service boundary, in keeping with our current privacy, security, and compliance commitments. Microsoft 365 Copilot uses Azure OpenAI services for processing, not OpenAIΓÇÖs publicly available services. Azure OpenAI doesn't cache customer content and Copilot modified prompts for Microsoft 365 Copilot. +When you enter prompts using Microsoft 365 Copilot, the information contained within your prompts, the data they retrieve, and the generated responses remain within the Microsoft 365 service boundary, in keeping with our current privacy, security, and compliance commitments. Microsoft 365 Copilot uses Azure OpenAI services for processing, not OpenAIΓÇÖs publicly available services. Azure OpenAI doesn't cache customer content and Copilot modified prompts for Microsoft 365 Copilot. For more information, see the [Data stored about user interactions with Microsoft 365 Copilot](#data-stored-about-user-interactions-with-microsoft-365-copilot) section later in this article. > [!NOTE] > - When youΓÇÖre using plugins to help Microsoft 365 Copilot to provide more relevant information, check the privacy statement and terms of use of the plugin to determine how it will handle your organizationΓÇÖs data. For more information, see [Extensibility of Microsoft 365 Copilot](#extensibility-of-microsoft-365-copilot). > - When youΓÇÖre using the web content plugin, Microsoft 365 Copilot parses the userΓÇÖs prompt and identifies terms where web grounding would improve the quality of the response. Based on these terms, Copilot generates a search query that it sends to the Bing Search service. For more information, [Data, privacy, and security for web queries in Microsoft 365 Copilot and Microsoft Copilot](/microsoft-365-copilot/manage-public-web-access). -Abuse monitoring for Microsoft 365 Copilot occurs in real-time, without providing Microsoft any standing access to customer data, either for human or for automated review. While abuse moderation, which includes human review of content, is available in Azure OpenAI, Microsoft 365 Copilot services have opted out of it. Microsoft 365 data isnΓÇÖt collected or stored by Azure OpenAI. +While abuse monitoring, which includes human review of content, is available in Azure OpenAI, Microsoft 365 Copilot services have opted out of it. For information about content filtering, see the [How does Copilot block harmful content?](#how-does-copilot-block-harmful-content) section later in this article. > [!NOTE] > We may use customer feedback, which is optional, to improve Microsoft 365 Copilot, just like we use customer feedback to improve other Microsoft 365 services and Microsoft 365 productivity apps. We don't use this feedback to train the foundation LLMs used by Microsoft 365 Copilot. Customers can manage feedback through admin controls. For more information, see [Manage Microsoft feedback for your organization](/microsoft-365/admin/manage/manage-feedback-ms-org) and [Providing feedback about Microsoft Copilot with Microsoft 365 apps](https://support.microsoft.com/topic/c481c26a-e01a-4be3-bdd0-aee0b0b2a423). ## Data stored about user interactions with Microsoft 365 Copilot -When a user interacts with Microsoft 365 Copilot (using apps such as Word, PowerPoint, Excel, OneNote, Loop, or Whiteboard), we store data about these interactions. The stored data includes the user's prompt and Copilot's response, including citations to any information used to ground Copilot's response. We refer to the userΓÇÖs prompt and CopilotΓÇÖs response to that prompt as the ΓÇ£content of interactionsΓÇ¥ and the record of those interactions is the userΓÇÖs Copilot interaction history. For example, this stored data provides users with Copilot interaction history in [Business Chat](https://support.microsoft.com/topic/5b00a52d-7296-48ee-b938-b95b7209f737) and [meetings in Microsoft Teams](https://support.microsoft.com/office/0bf9dd3c-96f7-44e2-8bb8-790bedf066b1). This data is processed and stored in alignment with contractual commitments with your organizationΓÇÖs other content in Microsoft 365. The data is encrypted while it's stored and isn't used to train foundation LLMs, including those used by Microsoft 365 Copilot. +When a user interacts with Microsoft 365 Copilot (using apps such as Word, PowerPoint, Excel, OneNote, Loop, or Whiteboard), we store data about these interactions. The stored data includes the user's prompt and Copilot's response, including citations to any information used to ground Copilot's response. We refer to the userΓÇÖs prompt and CopilotΓÇÖs response to that prompt as the "content of interactions" and the record of those interactions is the userΓÇÖs Copilot interaction history. For example, this stored data provides users with Copilot interaction history in [Business Chat](https://support.microsoft.com/topic/5b00a52d-7296-48ee-b938-b95b7209f737) and [meetings in Microsoft Teams](https://support.microsoft.com/office/0bf9dd3c-96f7-44e2-8bb8-790bedf066b1). This data is processed and stored in alignment with contractual commitments with your organizationΓÇÖs other content in Microsoft 365. The data is encrypted while it's stored and isn't used to train foundation LLMs, including those used by Microsoft 365 Copilot. To view and manage this stored data, admins can use Content search or Microsoft Purview. Admins can also use Microsoft Purview to set retention policies for the data related to chat interactions with Copilot. For more information, see the following articles: We already implement multiple forms of protection to help prevent customers from - Microsoft uses rigorous physical security, background screening, and a multi-layered encryption strategy to protect the confidentiality and integrity of customer content. -- Microsoft 365 uses service-side technologies that encrypt customer content at rest and in transit, including BitLocker, per-file encryption, Transport Layer Security (TLS) and Internet Protocol Security (IPsec). For specific details about encryption in Microsoft 365, see [Encryption in the Microsoft Cloud](/microsoft-365/compliance/office-365-encryption-in-the-microsoft-cloud-overview).+- Microsoft 365 uses service-side technologies that encrypt customer content at rest and in transit, including BitLocker, per-file encryption, Transport Layer Security (TLS), and Internet Protocol Security (IPsec). For specific details about encryption in Microsoft 365, see [Encryption in the Microsoft Cloud](/microsoft-365/compliance/office-365-encryption-in-the-microsoft-cloud-overview). - Your control over your data is reinforced by Microsoft's commitment to comply with broadly applicable privacy laws, such as the GDPR, and privacy standards, such as ISO/IEC 27018, the worldΓÇÖs first international code of practice for cloud privacy. |
| microsoft-365-copilot-setup | Microsoft 365 Copilot Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-setup.md | For business-critical sites, there are features in SharePoint Advanced Managemen > [!NOTE] > SharePoint Advanced Management has more features to help you get ready for Copilot fast and at scale. To learn more, see [Get ready for Copilot for Microsoft 365 with SharePoint Advanced Management (SAM)](/sharepoint/get-ready-copilot-sharepoint-advanced-management). -### Copilot and multiple account access --✅ **Can use tenant restrictions and MDM policies to block personal accounts** --For users with multiple Microsoft accounts (work/school account or personal account), Copilot features work seamlessly in Excel, Word, PowerPoint, and OneNote when: --- One of those accounts signs into a Windows session, and-- One of those accounts has a Copilot Pro or Microsoft 365 Copilot license assigned--For example: --- A user has a Microsoft 365 Copilot license and is on their work machine. On the work machine, the user can open a document from their personal OneDrive, and use Copilot in the personal document.-- A user has a Copilot Pro license and signs in to their work device with their personal Microsoft account (MSA). On the work device, the user can use Copilot with Office files stored on their OneDrive (work or personal) or in SharePoint document libraries.--As an admin, you can: --- Use a [Microsoft Entra tenant restriction](/entra/external-id/tenant-restrictions-v2) that blocks users from adding a personal Microsoft account to their work device. This feature prevents users with Copilot Pro from seeing and using Copilot features in their personal Microsoft 365 apps on their work device.-- You need to create tenant restriction policies for each Microsoft 365 app. To learn more, see [Set up tenant restrictions](/entra/external-id/tenant-restrictions-v2). --- Prevent Microsoft 365 apps from using your work/school Microsoft Entra accounts on end users personally owned devices that use Copilot. Specifically, you can use compliance and Conditional Access policies that prevent users from accessing resources on noncompliant devices.-- For more information on using Microsoft Intune for these policies, see: -- - [Use compliance policies to set rules for devices you manage with Intune](/mem/intune/protect/device-compliance-get-started) - - [Common ways to use Conditional Access with Intune](/mem/intune/protect/conditional-access-intune-common-ways-use) --> [!NOTE] -> In sovereign tenants where Microsoft 365 Copilot is not available, users are blocked from using Copilot features. They're blocked even if a device has multiple accounts signed in and one of those accounts has Copilot. - ### Sensitivity labels from Microsoft Purview ✅ **Use sensitivity labels to protect your data** |
| admin | Give Mailbox Permissions To Another User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/give-mailbox-permissions-to-another-user.md | f1.keywords: Previously updated : 09/12/2023 Last updated : 09/30/2024 audience: Admin There are a few different ways to access a mailbox once you've given permission ::: moniker range="o365-21vianet" -1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=850628" target="_blank">Active users</a> page. +1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=850628" target="_blank">Active users</a> page. 2. Select the user you want, expand **Mail Settings**, and then select **Edit** next to **Mailbox permissions**.- -3. Next to **Read and manage**, select **Edit**. - ++3. Next to **Read and manage**, select **Edit**. + 4. Select **Add permissions**, then choose the name of the user or users that you want to allow to read email from this mailbox. 5. Select **Add**. |
| admin | Remove Former Employee Step 5 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-5.md | f1.keywords: Previously updated : 08/09/2023 Last updated : 09/30/2024 audience: Admin |
| admin | Set Password To Never Expire | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md | f1.keywords: Previously updated : 07/06/2023 Last updated : 09/30/2024 audience: Admin |
| admin | Organizational Messages | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/organizational-messages.md | description: "Learn how to send messages to your organization in Microsoft 365 u Organizational messages enable IT admins to deliver clear, actionable messages in-product and in a targeted way, while maintaining user-level privacy. Organizational messages in Adoption Score use targeted in-product notifications to advise on Microsoft 365 recommended practices based on Adoption Score insights. Users can be reminded to use products that have recently been deployed, encouraged to try a product on a different surface, or to recommend new ways of working, such as using @mentions to improve response rates in communications. Templated messages are delivered to users in their flow of work through surfaces including Outlook, Excel, PowerPoint, Word, and new Teams. Authorized professionals can use the organizational messages wizard in Adoption Score to choose from up to three templated message types, define when and how often a message can be displayed, and exclude groups or priority accounts from receiving the message. -Organizational messages for Adoption Score will initially roll out to Communication, Content Collaboration, Mobility, and more to follow to support all People Experience categories. Check out the [2022 Ignite session](https://ignite.microsoft.com/en-US/sessions/ff17a80f-2fa6-4e52-b92c-745f0ca8d574?source=sessions) for a detailed demonstration and feature description. +Organizational messages for Adoption Score will initially roll out to Communication, Content Collaboration, Mobility, and more to follow to support all People Experience categories. > [!NOTE] > The feature is currently in preview. If you encounter any bugs or have any suggestions, give us feedback in the Microsoft 365 admin center. We appreciate your feedback and will reach out to you as fast as we can. |
| admin | Enroll Your Mobile Device | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device.md | description: "Before you can use Microsoft 365 services with your device, you mi # Enroll your mobile device using Basic Mobility and Security Using your phone, tablet, and other mobile devices for work is a great way to stay informed and work on business projects while youΓÇÖre away from the office. Before you can use Microsoft 365 services with your device, you might need to first enroll it in Basic Mobility and Security for Microsoft 365 using Microsoft Intune Company Portal.- -Organizations choose Basic Mobility and Security so that employees can use their mobile devices to securely access work email, calendars, and documents while the business secures important data and meets their compliance requirements. To learn more, see [Overview of Basic Mobility and Security for Microsoft 365](overview.md). For more info, see [What information can my organization see when I enroll my device?](/intune-user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune). ++Organizations choose Basic Mobility and Security so that employees can use their mobile devices to securely access work email, calendars, and documents while the business secures important data and meets their compliance requirements. To learn more, see [Overview of Basic Mobility and Security for Microsoft 365](overview.md). For more info, see [What information can my organization see when I enroll my device?](/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune). > [!IMPORTANT] > When you enroll your device in Basic Mobility and Security for Microsoft 365, you might be required to set up a password, together with allowing the option for your work organization to wipe the device. A device wipe can be performed from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, for example, to remove all data from the device if the password is entered incorrectly too many times or if usage terms are broken. Go to the Google Play store, and download and install Intune Company Portal. To connect and configure your Android phone or tablet with the Company portal to Microsoft 365, see [Enroll your device with Company Portal](/mem/intune/user-help/enroll-device-android-company-portal). -### Windows 8.1 and Windows 10 --Go to the Microsoft Store, and download and install Intune Company Portal +### Windows 10 and Windows 11 -To connect and configure your Windows phone or PC with the Company portal to Microsoft 365, see [Windows device enrollment in Intune Company Portal](/intune-user-help/windows-enrollment-company-portal). +To connect and configure your Windows phone or PC with the Company portal to Microsoft 365, see [Enroll Windows 10/11 devices in Intune](/mem/intune/user-help/enroll-windows-10-device). ## Next steps |
| admin | About Shared Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md | f1.keywords: Previously updated : 08/18/2023 Last updated : 09/30/2024 audience: Admin |
| admin | Configure A Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-a-shared-mailbox.md | f1.keywords: Previously updated : 08/21/2023 Last updated : 09/30/2024 audience: Admin To learn more about litigation hold, see [Create a Litigation Hold](../../compli 1. In the Microsoft 365 admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. -2. Select the shared mailbox you want to edit, then select **Members** > **Customize permissions**. -- Select Edit next to the permission you want to change for a member. +2. Select the shared mailbox you want to edit, then under Manage mailbox permissions, select one of the permissions. 3. Do one of the following:- - To give that permission to an additional member, select **Add permissions**, search for or select a member to add, and then select **Save**. - - To remove the permission from a member, use the Search box to search for the member if necessary, select the **X** next to the member's name, and then select **Save**. + - To give that permission to an additional member, select **Add permissions**, search for or select a member to add, and then select **Add**. + - To remove the permission from a member, select the user, and then select **Remove permissions**. ## Show or hide a shared mailbox in the global address list |
| admin | Convert User Mailbox To Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/convert-user-mailbox-to-shared-mailbox.md | f1.keywords: Previously updated : 08/18/2023 Last updated : 09/30/2024 audience: Admin When you convert a user's mailbox to a shared mailbox, all of the existing email - To put an In-Place Hold or a Litigation Hold on a shared mailbox, you must assign an Exchange Online Plan 2 license *or* an Exchange Online Plan 1 license and an Exchange Online Archiving add-on license to the shared mailbox. -## Use the Exchange admin center to convert a mailbox +## Convert a private mailbox to a shared maailbox -1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>. --2. Select **Recipients** \> **Mailboxes**. +1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a> page. -3. Select the user mailbox. In the **Others** tab, select **Convert to shared mailbox**. +2. Select the user. On the **Mail** tab, select **Convert to shared mailbox** and select **Convert**. -4. If the mailbox is smaller than 50 GB, you can [remove the license from the user](../manage/assign-licenses-to-users.md), and stop paying for it. Don't delete the user's account. The shared mailbox needs it there as an anchor. If you are converting the mailbox of an employee that is leaving your organization, you should take additional steps to make sure that they cannot log in anymore. Please see [Remove a former employee from Microsoft 365](../add-users/remove-former-employee.md). +3. If the mailbox is smaller than 50 GB, you can [remove the license from the user](../manage/assign-licenses-to-users.md), and stop paying for it. Don't delete the user's account. The shared mailbox needs it there as an anchor. If you are converting the mailbox of an employee that is leaving your organization, you should take additional steps to make sure that they cannot log in anymore. Please see [Remove a former employee from Microsoft 365](../add-users/remove-former-employee.md). For everything else you need to know about shared mailboxes, see [About shared mailboxes](about-shared-mailboxes.md) and [Create a shared mailbox](create-a-shared-mailbox.md). After deleting a user account, follow these steps to convert their old mailbox t 2. Select **Recipients** \> **Mailboxes**. -3. Select the shared mailbox. On the **Others** tab, select **Convert to regular mailbox**. +3. Select the shared mailbox. On the **Others** tab, select **Convert to regular mailbox** and select **Confirm**. 4. Select **Confirm** on the Convert mailbox from shared to regular page. |
| admin | Create A Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-a-shared-mailbox.md | f1.keywords: Previously updated : 08/21/2023 Last updated : 09/30/2024 audience: Admin Before creating a shared mailbox, be sure to read [About shared mailboxes](about ::: moniker range="o365-worldwide" -2. In the admin center, go to the **Teams & Groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a> page. +2. In the admin center, go to the **Teams & Groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a> page. Select **Show all** in the left navigation pane if you don't see **Teams & Groups**. ::: moniker-end Before creating a shared mailbox, be sure to read [About shared mailboxes](about 2. In the [admin center](https://go.microsoft.com/fwlink/p/?linkid=850627), go to the **Teams & Groups** \> **Shared mailboxes** page. ::: moniker-end- + 3. On the **Shared mailboxes** page, select **+ Add a shared mailbox**. Enter a name for the shared mailbox. This chooses the email address, but you can edit it if needed. 4. Select **Save changes**. It may take a few minutes before you can add members. 5. Under **Next steps**, select **Add members to this mailbox**. Members are the people who will be able to view the incoming mail to this shared mailbox, and the outgoing replies. -6. Select the **Add members** button. Select the people who you want to use this shared mailbox, and then select **Add**. and then **Close**. +6. Select the **Add members** button. Select the people who you want to use this shared mailbox, and then select **Add**. and then close. You have a shared mailbox and it includes a shared calendar. Go on to the next step: [Block sign-in for the shared mailbox account](#block-sign-in-for-the-shared-mailbox-account). |
| admin | Manage Copilot Agents Integrated Apps | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-copilot-agents-integrated-apps.md | Admins can block or unblock Copilot agents for the complete organization or spec For detailed information about how Microsoft 365 Copilot uses, protects, and shares organizational information to power extensibility, see [Data, Privacy, and Security for Microsoft 365 Copilot](/microsoft-365-copilot/microsoft-365-copilot-privacy). +## Ensuring a secure implementation of Declarative Agents in Microsoft 365 ++Microsoft 365 customers and partners can build declarative agents that extend Microsoft 365 Copilot with custom instructions, grounding knowledge, and actions invoked via REST API descriptions configured by the declarative agent. At runtime, Microsoft 365 Copilot reasons over a combination of the userΓÇÖs prompt, custom instructions that are part of the declarative agent, and data which was provided by custom actions. All of this data might influence the behavior of the system, and such processing comes with security risks, specifically that if a custom action can provide data from untrusted sources (such as emails or support tickets), an attacker might be able to craft a message payload which causes your agent to behave in a way they control ΓÇô incorrectly answering questions or even invoking custom actions. While Microsoft takes many measures to prevent such attacks, organizations should only enable declarative agents that use trusted knowledge sources and connect to trusted REST APIs via custom actions. If the use of untrusted data sources is necessary, design the declarative agent around the possibility of breach and don't give it the ability to perform sensitive operations without careful human intervention. ++Microsoft 365 provides organizations with extensive controls governing who can acquire and use integrated apps and the specific apps enabled for groups or individuals within a Microsoft 365 tenant, including those apps that include declarative agents. Tools like Copilot Studio, which enable users to create their own declarative agents, also include extensive controls that allow admins to govern connectors used for both knowledge and custom actions. + ## Publish Copilot agents The publishing process in the Microsoft 365 admin center for Copilot agents submitted via Copilot Studio is designed to ensure governance and quality of the custom applications. It also reduces manual work by automating the submission of manifests, freeing developers and admins from tedious tasks. The simplified approval process reduces the time it takes for you to approve apps, making it easier for you to manage custom applications in the Microsoft 365 admin center. |
| admin | Use Qr Code Download Outlook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/use-qr-code-download-outlook.md | f1.keywords: Previously updated : 09/12/2023 Last updated : 09/30/2024 audience: Admin |
| admin | Customize Sign In Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-sign-in-page.md | f1.keywords: Previously updated : 09/19/2023 Last updated : 09/30/2024 audience: Admin |
| commerce | Buy Or Edit An Add On | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/buy-or-edit-an-add-on.md | |
| enterprise | Contoso Security Summary | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/contoso-security-summary.md | To follow security best practices and Microsoft 365 for enterprise deployment re - Device management with Microsoft Intune - Contoso uses [Microsoft Intune](/intune/introduction-intune) to enroll, manage, and configure access to mobile devices and the apps that run on them. Device-based Conditional Access policies also require approved apps and compliant PCs and mobile devices. + Contoso uses [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) to enroll, manage, and configure access to mobile devices and the apps that run on them. Device-based Conditional Access policies also require approved apps and compliant PCs and mobile devices. ## Security management |