Securing and Managing M365 Copilot: What Administrators Need to Know 

by , , , , | Feb 20, 2026 | Data Security, Microsoft 365 Copilot | 0 comments

This session provided a detailed look at how security, governance, and adoption come together in M365 Copilot. Led by Maddy Dahl, Copilot Training and Adoption Specialist at RSM, Microsoft 365 and Copilot MVP, and MCT, the session focused on how organizations can confidently enable Copilot while maintaining strong security and oversight. 

Security in Copilot Chat: Built-In by Design 

Maddy began by walking through the security features that underpin Copilot Chat. A key theme was that Copilot is designed for secure enterprise communication. 

Copilot Chat uses enterprise data protection, meaning: 

  • Conversations are protected 
  • Data is not used to train Copilot 

Microsoft’s broader commitment to safety was also highlighted, including: 

  • Authentication 
  • Encryption on both ends of the conversation 
  • Avoidance of opinion-based discussions 

Maddy emphasized that technology alone is not enough. Organizations should also configure an acceptable use policy to clearly communicate the do’s and don’ts of using M365 Copilot. 

Exploring Copilot Controls in the M365 Admin Center 

A large portion of the session focused on hands-on demonstrations within the M365 Admin Center, giving administrators visibility into how Copilot is used and managed. 

Maddy demonstrated the Copilot control system, reviewing: 

  • Recommendations related to Copilot 
  • Metrics such as license assignment and how many users leverage Copilot daily 

She also explored security metrics, including: 

  • Potential data leakage in Copilot interactions, with integration into Microsoft Purview 
  • Oversharing risks, with integration into SharePoint 

Additional insights were shown through: 

  • Health and Discover tabs with adoption metrics and licensing details 
  • Connectors 
  • Copilot Search 
  • Billing and usage 

 

Understanding and Configuring Key Settings 

The session emphasized the importance of administrators taking time to understand the many settings available in the Copilot portal. Maddy recommended reviewing: 

  • What each setting does 
  • The default configuration 
  • The impact each setting has on Copilot functionality 

Several examples were highlighted. 

One example was M365 Copilot self-service trials and purchases, which are allowed by default. Maddy noted that this carries a risk, as users may begin leveraging their own versions of Copilot with organizational content. 

Another example focused on data security and compliance, which provides links to the various settings and policies organizations can use to manage data protection and compliance when using Copilot. 

The session also covered agents, including: 

  • Who is allowed to create agents 
  • Who can access and share agents 

Our Takeaways 

This session reinforced that successful Copilot adoption depends on both strong security controls and thoughtful configuration. 

Key takeaways included: 

  • M365 Copilot is built with enterprise-grade security protections 
  • Acceptable use policies are critical for setting clear expectations 
  • The M365 Admin Center provides deep visibility into Copilot usage, security, and adoption 
  • Understanding default settings and their impact is essential for reducing risk 

A big thank you to Maddy Dahl for the clear walkthrough of how administrators can secure, manage, and govern M365 Copilot effectively. 

Authors

Submit a Comment

Your email address will not be published. Required fields are marked *