// Trust & Security Report

    Microsoft Corporation logo

    Microsoft Corporation

    Microsoft Copilot (consumer Copilot at copilot.microsoft.com, Microsoft 365 Copilot, Copilot Studio, Security Copilot, GitHub Copilot)

    Certifications held

    11

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Microsoft Copilot Studio has been audited to be compliant with SOC. SOC audit reports are available from the Microsoft Service Trust Portal.

    Verify on learn.microsoft.com
    ISO/IEC 27001
    HELD

    Microsoft Copilot Studio is compliant with the ISO standards listed in the following table. ... ISO 27001:2013 ... Audit reports for each are available from the Microsoft Service Trust Portal.

    Verify on learn.microsoft.com
    ISO/IEC 27017 (cloud security controls)
    HELD

    Microsoft Copilot Studio is compliant with the ISO standards listed in the following table. ... ISO 27017:2015 ... Audit reports for each are available from the Microsoft Service Trust Portal.

    Verify on learn.microsoft.com
    ISO/IEC 27018 (cloud privacy)
    HELD

    Microsoft Copilot Studio is compliant with the ISO standards listed in the following table. ... ISO 27018:2019 ... Audit reports for each are available from the Microsoft Service Trust Portal.

    Verify on learn.microsoft.com
    ISO/IEC 27701 (privacy information management)
    HELD

    Microsoft Copilot Studio is compliant with the ISO standards listed in the following table. ... ISO 27701:2019 ... Audit reports for each are available from the Microsoft Service Trust Portal.

    Verify on learn.microsoft.com
    HIPAA Business Associate Agreement (BAA)
    HELD

    Microsoft Copilot Studio is covered under the Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA).

    Verify on learn.microsoft.com
    HITRUST CSF
    HELD

    Copilot Studio is designed with compliance at its core ... It is compliant with or covered by: ... Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)

    Verify on learn.microsoft.com
    PCI DSS
    HELD

    Copilot Studio is designed with compliance at its core ... It is compliant with or covered by: ... Payment Card Industry (PCI) Data Security Standard (DSS)

    Verify on learn.microsoft.com
    CSA STAR
    HELD

    Microsoft Copilot Studio has been audited to be compliant with CSA STAR.

    Verify on learn.microsoft.com
    FedRAMP (government cloud offerings)
    HELD

    Microsoft's government cloud services meet the requirements of FedRAMP. By deploying protected services including Azure Government, Office 365 US Government, and Dynamics 365 Government, federal and defense agencies can use a rich array of compliant services.

    Verify on learn.microsoft.com
    GDPR alignment
    HELD

    The cited Microsoft Trust Center text ('We adhere to rigorous compliance standards... We offer comprehensive tools and certifications for simplified compliance management') is generic marketing copy that does not specifically attest GDPR compliance. GDPR is a regulation rather than an audited certification; Microsoft does provide a GDPR-aligned Data Processing Addendum (see privacy.dpa = true), but no per-product GDPR certification quote was located.

    Verify on microsoft.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Enterprise Microsoft 365 Copilot data residency follows the tenant/Microsoft 365 commitments (Azure regions, EU Data Boundary for EU tenants). Consumer Copilot is governed by the Microsoft Privacy Statement with no per-user residency guarantee; certain countries are excluded from training.

    CRITICAL MULTI-PRODUCT DISTINCTION. Consumer Copilot (copilot.microsoft.com) DOES train generative AI models on signed-in users' conversations BY DEFAULT, with an opt-out. Microsoft Support states: 'Microsoft uses data from Bing, MSN, Copilot, and interactions with ads on Microsoft for AI training' and 'You can control whether your conversation activity is used for training Microsoft's generative AI models.' Users automatically EXCLUDED from training: those signed in with an organizational Entra ID account, users of Copilot within Microsoft 365 apps with Personal or Family subscriptions, users NOT signed in (unauthenticated), signed-in users under age 18, and users in Brazil, China (excl. Hong Kong), Israel, Nigeria, South Korea, and Vietnam. For ENTERPRISE Microsoft 365 Copilot and Copilot Chat, Microsoft Learn confirms: 'Prompts and responses aren't used to train the underlying foundation models.' So: consumer-signed-in = trains by default (opt-out); enterprise/M365 = does NOT train.

    // Security controls

    Bug bounty platform

    Self-hosted via Microsoft Security Response Center (MSRC) Researcher Portal, not HackerOne/Bugcrowd. Dedicated Microsoft Copilot (AI) Bounty Program: rewards $250 up to $30,000 for critical inference-manipulation flaws; moderate-severity now eligible up to $5,000.

    microsoft.com

    Penetration testing / red teaming

    Yes. Microsoft runs continuous internal red teaming (AI Red Team), the MSRC bounty, and the Zero Day Quest event ('more than 600 vulnerability submissions and awarding more than $1.6 million'). SOC 2 / ISO audits include independent control testing.

    microsoft.com

    Encryption

    Microsoft Trust Center states data is protected at rest and in transit: 'We secure data at rest and in transit.'

    microsoft.com

    Trust Center / Service Trust Portal

    Public Microsoft Trust Center plus Service Trust Portal hosting SOC, ISO, and other downloadable audit reports for authenticated customers.

    microsoft.com

    // Products & data scope

    Microsoft Copilot (consumer, copilot.microsoft.com)Consumer AI assistant

    data: Free/Pro consumer chat. Signed-in conversations used for generative AI model training BY DEFAULT (opt-out available); unauthenticated sessions not trained. Governed by Microsoft Privacy Statement and Microsoft Services Agreement.

    Highest privacy-risk tier of the family for default training behavior. The slug under assessment points here.

    Microsoft 365 Copilot (enterprise)Enterprise productivity AI (Word, Excel, Outlook, Teams)

    data: Grounded in tenant Microsoft Graph data; inherits Microsoft 365 enterprise compliance, EU Data Boundary, and tenant data residency. Prompts/responses NOT used to train foundation models.

    Enterprise data protection boundary; commercial data protection applies.

    Microsoft Copilot StudioLow-code copilot/agent builder

    data: SOC, ISO/IEC 27001/27017/27018/27701, and HIPAA BAA covered per Microsoft Learn certification page.

    Strongest documented certification posture in the family.

    Microsoft Security CopilotSecurity operations AI (SOC/SIEM)

    data: Achieved SOC 2 certification plus ISO 27001/27017/27018/27701/20000-1/9001/22301 and HiTrust CSF per Microsoft community announcement; does not use customer data to train models.

    Dedicated security product, separate scope.

    GitHub CopilotAI pair programmer

    data: Has its own GitHub Copilot Trust Center; Business/Enterprise tiers do not train on prompts/suggestions.

    Separate trust documentation at copilot.github.trust.page.

    // What to watch

    • SURPRISING/CONFLICTING: Consumer Microsoft Copilot trains on signed-in users' conversations BY DEFAULT (opt-out), which is the opposite of the enterprise Microsoft 365 Copilot promise that prompts are never used for training. Directory must NOT present a blanket 'does not train on your data' claim for this tool.
    • The assessed slug (copilot.microsoft.com) is the consumer product; most strong certifications (SOC 2, ISO, HIPAA BAA) are documented against the enterprise/Studio/Security Copilot variants rather than the consumer chat surface itself.
    • Bug bounty is Microsoft-self-hosted (MSRC), not HackerOne/Bugcrowd.
    • QA CORRECTION (2026-06-27): The certification list is scoped to Microsoft Copilot Studio per the Microsoft Learn certification page. The prior ISO entries used a paraphrased proof_quote that does not appear verbatim on the cited page; quotes were corrected to the page's actual wording ('Microsoft Copilot Studio is compliant with the ISO standards listed in the following table'). Missed Copilot Studio certifications were added from the same source: ISO/IEC 27017, ISO/IEC 27701, HITRUST CSF, PCI DSS, CSA STAR, and FedRAMP (government cloud offerings).
    • QA CORRECTION (2026-06-27): 'GDPR alignment' was downgraded to held = 'unknown'. Its cited proof_quote was generic Microsoft Trust Center marketing copy that does not mention GDPR. GDPR is a regulation, not an audited certification; Microsoft's GDPR-aligned DPA is captured separately under privacy.dpa = true. The non-certification 'Microsoft 90+ compliance offerings' marketing entry was removed in favor of the specific, individually sourced certifications above.

    // At a glance

    Pricing model

    Freemium. Consumer: free tier + Copilot Pro (~$20/user/mo). Enterprise: Microsoft 365 Copilot add-on (~$30/user/mo annual); Copilot Studio and Security Copilot metered/capacity-based.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Microsoft Corporation's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    microsoft.com

    > Browse all vendor trust reports