Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Microsoft 365 Copilot configuration and planning guide is intended for sensitive and regulated customers in Australia and New Zealand sensitive. This guide aligns with the Australian Signals Directorate (ASD) Blueprint for Secure Cloud configuration guidance for Microsoft 365.
This section refers to a required configuration. Required elements have clear, specific configuration requirements that are mandatory for Copilot to function.
Network connectivity
A network configuration that complies with the supported Microsoft 365 networking practices detailed in the Microsoft online documentation helps Microsoft 365 Copilot work effectively. Configure networks to ensure secure, direct connectivity to Microsoft 365 services.
The primary objective of Microsoft 365 networking is to enhance the user experience by providing the least restrictive access to the nearest Microsoft 365 endpoints. The user experience quality is closely linked to the application’s performance and responsiveness. The key aim in network design should be to minimize latency by reducing the round-trip time from client devices to the Microsoft Global Network.
To optimize Microsoft 365 network performance, consider these principles:
- Identify Microsoft network traffic: Recognize and categorize network traffic associated with Microsoft 365 to manage it effectively.
- Local branch egress: Allow Microsoft 365 network traffic to directly access the internet from user locations, bypassing central routing.
- Bypass proxies and packet inspection: Enable Microsoft 365 traffic to avoid proxies and packet inspection as these can introduce latency and potentially interfere with data integrity and security.
A common failure mode for Microsoft 365 Copilot occurs when a network blocks web sockets connectivity to the service. For more information about the latest Copilot-specific required network configurations, see network requirements. Also review the additional Microsoft 365 endpoint requirements, which enable proper function of Microsoft 365 components.
Connected experiences
Microsoft 365 Copilot requires the Analyze Content connected experience category in Office to be enabled for Copilot to work in Microsoft 365 Apps, including Microsoft Teams. For more information, review the connected experiences guidance for Microsoft Office.
While you can configure this setting with Group Policy in Active Directory Domain connected environments, you must configure it in the Cloud Policy of Microsoft 365 at a minimum. The web experiences and modern apps are controlled exclusively by the Cloud Policy. Rich client Office applications (Win32 apps) are controlled by both Group Policy and Cloud Policy, with Group Policy taking precedence where both are in use. For organizations that use a combination of Group Policy and Cloud Policy, keep these policies aligned to avoid confusion.
Disable Allow the use of additional optional connected experiences in Office in sensitive environments. These services are covered by consumer product terms and don't offer the same contractual commitments or security and compliance features as enterprise Microsoft 365 services.
Enable both the general Allow the use of connected experiences in Office and the specific Allow the use of connected experiences in Office that analyze content settings.
For information on Connected experiences, including configuration documentation, see Copilot connected experiences.
Important
Both Group Policy and Cloud Policy mechanisms control the feedback policy.
Third party cookies
Note
The term third party in this article doesn't refer to a separate organization or entity providing this functionality. It's a term to describe browser cookies that don't originate from the same service domain. This functionality is presently required to facilitate authentication flow for Copilot.
To ensure full functionality of Microsoft 365 Copilot within the web versions of Office apps, such as Word Online, Excel Online, and PowerPoint Online, the browser must have third-party cookies enabled. This setting allows the authentication tokens to be properly exchanged with the Microsoft services that power the Copilot experience.
Therefore, when using these applications, the browser settings on end-users’ devices must permit third-party cookies on sharepoint.com to facilitate this process.
You should periodically check the requirements for Microsoft 365 Copilot online documentation and actively monitor the Microsoft 365 Message Center for changes to this and other requirements over time.
License assignment
The Microsoft 365 Copilot user subscription license (License ID: 639dec6b-bb19-468b-871c-c5c441c4b0cb) contains eight separate components, which you can enable or disable for individual users. Copilot is only available to users with a license assigned. If you remove the license from a user, the user loses access to Copilot.
Copilot Studio in Microsoft 365 Copilot
License ID: fe6c28b3-d468-44ea-bbd0-a10a5167435c
Copilot Studio is an extensibility feature that lets users configure tailored Copilot experiences and create Agents within Microsoft.
This license item is Optional. Enable it if you use Copilot Studio. To take advantage of the Agents functionality within your organization, Microsoft recommends enabling this item.
Graph connectors in Microsoft 365 Copilot
License ID: 82d30987-df9b-4486-b146-198b21d164c7
If your organization enables Graph connectors, you need to enable this feature for users who access data from those connectors. For more information, see guidance on connectors and service architecture.
This license item is Optional. Enable it if you enable Graph Connectors.
Intelligent search
License ID: 931e4a88-a67f-48b5-814f-16a5f1e6028d
These search enhancements are a core value inclusion in Microsoft 365 Copilot.
Enable this license item.
Microsoft 365 Copilot in SharePoint
License ID: 0aedf20c-091d-420b-aadf-30c042609612
Integration with SharePoint in Microsoft 365 and OneDrive is a core feature in Microsoft 365 Copilot.
Enable this license item unless you disable SharePoint in Microsoft 365 and OneDrive.
Microsoft 365 Copilot in Microsoft Teams
License ID: b95945de-b3bd-46db-8437-f2beb6ea2347
Integration with Microsoft Teams is a core feature in Microsoft 365 Copilot.
Enable this license item unless you disable Microsoft Teams.
Microsoft 365 Copilot in productivity apps
License ID: a62f8878-de10-42f3-b68f-6149a25ceb97
Integration into the Office apps is a core feature of Microsoft 365 Copilot.
Enable this license item unless you don't use Microsoft 365 Apps (Office).
Microsoft Copilot with Graph-grounded chat
License ID: 3f30311c-6b1e-48a4-ab79-725b469da960 Graph-grounded chat connects Copilot Chat experiences with Microsoft 365 content through the Microsoft Graph. For more information, see Microsoft Graph service architecture.
Enable this license item.
Power Platform connectors in Microsoft 365 Copilot
License ID: 89f1c4c8-0878-40f7-804d-869c9128ab5d Power Platform Connectors enable integration of data from Power Platform into Microsoft 365 Copilot Connectors and Plugins services. This integration affects the availability of Power Platform Connector Plugins, Power Automate Flow Plugins, and Dynamics 365 Plugins.
This license item is Optional. Enable it if you use Power Platform Connectors.