CapitalGuard Observatory · Tool record
Microsoft Copilot
Microsoft · connected assistant
Microsoft Copilot spans consumer chat and Microsoft 365 experiences, where prompts, files, history, connected services, and organizational controls can differ substantially.
Public-Control Score
69
Partial public control coverage
Measures publicly documented control coverage as of the review date. It is not a breach rate, penetration test, endorsement, or guarantee of safety.
Scored dimensions
The documented control surface.
This record is reviewed against the same five-dimension rubric used across every scored product.
Read MethodologyAccess and scope transparency
15/20Official material names concrete controls and meaningful boundaries for access and scope transparency.
Data and retention controls
15/20Official material names concrete controls and meaningful boundaries for data and retention controls.
Connector and permission controls
14/20Official material names concrete controls and meaningful boundaries for connector and permission controls.
Action, approval, and isolation controls
12/20Official material documents user-facing controls, with some enforcement or audit detail still limited.
Audit and administrative evidence
13/20Official material documents user-facing controls, with some enforcement or audit detail still limited.
Documented access points
uploaded files and conversation history
the active Microsoft 365 document
optional connectors and synced browser data
Settings to verify now
Model training and personalization choices
Copilot activity history
Connected services, recent files, and Microsoft 365 privacy settings
Primary sources
Inspect the evidence directly.
Linked evidence
Ten practical Microsoft Copilot checks.
Private file access
Microsoft Copilot Private File Access: What to Check
Credential exposure
Microsoft Copilot API Key Exposure: Check Before You Share
Client confidentiality
Microsoft Copilot Client Data Safety for Freelancers
Prompt injection
Microsoft Copilot Prompt Injection: A Practical Defense
Connector permissions
Microsoft Copilot Connector Permissions: Review the Real Scope
Command execution
Microsoft Copilot Command Execution: Keep Control
Unsafe generated code
Microsoft Copilot Generated Code Risks: Review Before You Run
History and sharing
Microsoft Copilot Chat History and Shared Links: Privacy Check
Accidental oversharing
Microsoft Copilot Sensitive Data: What Not to Paste
Autonomous actions
Microsoft Copilot Autonomous Actions: Approval Safety Guide
