Lawyers often talk about “Copilot” as if it is a single tool. It is not. Microsoft uses the same name across multiple products that behave very differently from a confidentiality and governance standpoint. For lawyers, the meaningful dividing line is whether Copilot is operating inside your organization’s Microsoft 365 tenant or outside it.
Everything else flows from that.
Four Different Copilot Contexts Lawyers Encounter
From a legal risk perspective, there are four distinct Copilot environments. They may look similar. They are not governed the same way.
- Two operate inside your Microsoft 365 tenant.
- Two operate outside your tenant as web-based services.
Understanding which one you are in is not technical trivia. It is the foundation of responsible risk assessment.
1. Copilot for Microsoft 365 in Desktop Applications
(Enterprise, Inside Your Tenant)
This is the Copilot experience embedded directly into the installed versions of Outlook, Word, Excel, PowerPoint, Teams, and other Microsoft 365 applications. It operates within your organization’s Microsoft 365 environment and follows the same identity, access, and compliance controls that govern those applications.
Key characteristics
- Permissions inheritance: Copilot only works with data the user is already authorized to access.
- Processing within the Microsoft 365 environment: Prompts and responses are handled within the Microsoft 365 environment, subject to your organization’s policies and contractual commitments.
- Enterprise compliance controls: Retention, auditing, and governance tools apply in the same way they do for the underlying application.
This is the version most firms mean when they refer to “Copilot for Microsoft 365.”
2. Copilot for Microsoft 365 in Web Applications
(Enterprise, Inside Your Tenant)
This is the same enterprise Copilot, accessed through Outlook on the web, Word on the web, Excel on the web, PowerPoint on the web, or Teams in the browser.
The fact that it appears in a browser does not change its governance model. You are still inside your tenant.
Key characteristics
- Enterprise identity: You are authenticated with your work account.
- Organizational controls apply: DLP, retention, auditing, and compliance policies are enforced.
- Same boundaries as desktop: The browser does not convert enterprise Copilot into a consumer service.
Browser-based does not mean consumer. Architecture does.
3. Copilot on the Web While Signed In
(Hybrid, Consumer Platform with Enterprise Data Protections for Work Accounts)
This is the Copilot experience at copilot.microsoft.com, in Bing, Edge’s sidebar, or another web browser.
The governance model depends on which account you use.
- If you sign in with a personal Microsoft account, you are in a consumer environment.
- If you sign in with a work or school account (Entra ID), Microsoft applies enterprise data protections, but you are still outside your tenant.
This hybrid environment has:
- enterprise data protections for work accounts, such as prompts and responses not being used for model training,
- operation on Microsoft’s consumer Copilot services rather than within the Microsoft 365 tenant boundary, and
- reduced administrative control compared to Copilot for Microsoft 365.
It is not unsafe, but it is not equivalent to tenant-bound Copilot. Lawyers should treat it as a distinct risk category.
4. Copilot on the Web Without Signing In
(Consumer, Anonymous)
This is the public, anonymous Copilot experience. It is governed by Microsoft’s consumer terms and privacy policies. It is entirely outside any organizational environment.
Key characteristics
- no enterprise controls
- no tenant governance
- highest-risk context for client information from a legal confidentiality perspective
What Lawyers Usually Get Wrong
Many lawyers assume that if something says “Microsoft” and they are signed in, it must be appropriate for client work. That is not how this works.
The dividing line is not:
- desktop versus browser, or
- signed in versus not signed in
The dividing line is:
- inside your tenant versus outside your tenant
Key Legal Distinctions
Permissions Inheritance
Copilot for Microsoft 365 does not bypass access controls. It works only with data the user can already access.
- no independent system-wide access
- no scanning beyond user permissions
- no elevation of privilege
This is consistent with how Microsoft 365 applications operate generally.
Tenant-Bound vs Non-Tenant-Bound Processing
Enterprise Copilot processes data within the Microsoft 365 environment, which is governed by your organization’s policies and contractual commitments.
This avoids over-claiming about storage location or residency and stays aligned with what Microsoft publicly documents.
Cross-Tenant Isolation
Enterprise Copilot sessions are isolated per organization and are not used to train foundation models.
This reflects Microsoft’s public statements without implying internal access or visibility.
Browser-Based Does Not Equal Consumer
Enterprise Copilot can appear in a browser.
Consumer Copilot can also appear in a browser.
The difference is identity and environment, not the interface.
Hand-Off Scenarios
Sometimes Outlook, Edge, or other tools open a separate Copilot window. This is where lawyers often misclassify the environment.
- Embedded Copilot inside a Microsoft 365 application is enterprise.
- A standalone Copilot window or panel is hybrid or consumer.
If you are not sure which environment you are in, assume it is not enterprise until you confirm otherwise.
Two Quick Examples
You open Word Online from your firm account and use Copilot to summarize a draft brief.
That is enterprise Copilot. You are inside your tenant.
You click a Copilot icon in Edge while logged into Outlook and start asking questions about a client matter.
That is hybrid or consumer Copilot. You are outside your tenant.
Same brand. Very different risk profile.
Why Copilot’s Environment Matters
Once you understand the four environments, the ethical implications become clear.
Copilot’s privacy story is not in the chat window. It is in:
- tenant configuration
- Microsoft 365 security architecture
- contractual commitments
- compliance tooling
Copilot is designed to be part of that ecosystem. Consumer AI tools are not.
Evaluating Copilot in isolation misses the point. The real risk analysis is architectural.
Ethics Takeaways for Lawyers
- Avoid sharing confidential client information outside tenant-bound Copilot.
- Review outputs critically.
- Verify citations and legal reasoning.
- Follow firm policies on AI use.
- Treat Copilot as a nonlawyer assistant requiring supervision.
Copilot can support legal work. As with all artificial intelligence, it does not replace legal judgment.
Quick Privacy Checklist for Lawyers Using Microsoft Copilot
- Confirm you are in Enterprise Copilot.
- Ensure documents live inside your Microsoft 365 tenant, not in personal or consumer storage.
- Check that your permissions match the data you want Copilot to use.
- Never paste client-identifiable information into consumer AI tools.
- Provide only the minimum necessary facts in prompts.
- Treat Copilot as a supervised assistant under Rule 5.3.
- Verify all citations, summaries, and legal conclusions.
- Follow your firm’s DLP, retention, and deletion policies (Copilot inherits them).
- Remember: Copilot for Microsoft 365 does not train on your data.
- If unsure which Copilot you’re in, assume it’s consumer and avoid client material.
Bottom Line
- Copilot for Microsoft 365 in desktop and web applications is enterprise and tenant bound.
- Copilot on the web with a work account is hybrid and protected but not tenant bound.
- Copilot on the web with a personal account or no account is consumer.
Same name. Four environments. Different obligations.
If you do not know which one you are using, you cannot assess your ethical risk.
And in law, that is not a good place to be.