Copilot! Isn’t this my favorite topic? Of course it is. Microsoft 365 Copilot was built to help you work smarter, faster, and with more context. But as with any powerful tool, its usage needs oversight. Main question I’ve asked myself here? How much can admins actually see from my interactions with M365 Copilot? I’ve had this question in the back of my mind for some time, but I never had a clear answer until now.
Turns out, there are several tools that offer different levels of visibility into how Copilot is being used across the org. Some give high-level stats, others can go surprisingly deep (yes, even down to prompt-level activity in the right setup). I’ll break those down shortly.
But the one that really caught my eye (because it can get as granular as prompt-level activity in the right conditions) is Microsoft Purview. With its audit capabilities (especially when using Audit Premium), you can track Copilot interactions across supported apps. It doesn’t always log the full prompt text, but it gets impressively close. Enough to keep things accountable 😉
Yes, your friendly neighborhood IT admin has a digital paper trail of nearly everything you do with Microsoft 365 Copilot. They know when, where, and which files were involved. But they do this for keeping the system safe, for you and everyone else. What to know more? Then by all means, read on 😊
Which are the tools that admins can use to gain insights about your M365 Copilot usage?
Handful of tools, each giving a different level of usage insight across the organization.
Let’s break it down:
| Tool Name | Primary Use | Copilot Usage Insights | Prompt Content Visibility | Notes |
|---|---|---|---|---|
| Copilot Dashboard | Copilot adoption & usage metrics | ✅ High-level (apps used, frequency) | ❌ | Best for understanding engagement across the org |
| Microsoft 365 Admin Center | User management, licensing, basic reporting | ✅ Basic usage | ❌ | Shows who has Copilot and if it’s being accessed |
| Microsoft Purview – Communication Compliance | Monitor policy violations in messages | ⚠️ Indirect (monitored channels only) | ✅ If shared in comms | Alerts on risky or inappropriate Copilot-generated messages |
| Microsoft Purview – eDiscovery | Legal investigations, content search/export | ⚠️ Indirect (if saved) | ✅ If in mail/files | Part of formal legal review; content must be stored or retained |
| Microsoft Viva Insights | Employee productivity & behavior analytics | ⚠️ Indirect (productivity impact) | ❌ | May show how Copilot affects collaboration and focus time |
| Microsoft Graph API / Data Connect | Custom activity data & telemetry | ✅ (customizable) | ⚠️ If configured | Developer-level access; requires coding or Power BI setup |
| Teams Admin Center | Teams usage management | ✅ For Copilot in meetings | ⚠️ Transcript-based | Shows engagement with Teams meeting features like recaps/summaries |
| Microsoft Purview – Compliance Manager | Compliance audit and control assessment | ⚠️ Indirect (setup validation) | ❌ | Helps ensure Copilot follows regulatory and organizational policies |
| Microsoft Defender for Cloud Apps | Security and data protection across cloud apps | ⚠️ Indirect (policy-based) | ✅ If monitored | Alerts on abnormal or risky usage patterns involving Copilot |
Legend:
✅ Available, ❌ Not Available, ⚠️ Conditional (depends on setup/data retention/policies)
What caught my eye here, is that if your organization has strict compliance policies, they may have visibility into certain interactions within Microsoft 365.
So I researched and researched and…
What’s Actually Logged When You Use microsoft 365 Copilot?
If your organization has Microsoft Purview auditing enabled (and most do), every interaction with Copilot and other AI applications is automatically logged. No extra configuration is needed.
These logs, accessible via Microsoft Purview, provide granular detail about your interaction, including:
-
- Who used Copilot (your user ID)
-
- When and where it happened (timestamp and region)
-
- Which application hosted the interaction (Word, Teams, Edge, etc)
-
- Which files or data Copilot accessed on your behalf (files, chats, emails, etc)
-
- What plugins or models were used to generate the response
These entries appear under record types like:
-
CopilotInteraction
-
ConnectedAIAppInteraction
-
AIAppInteraction
They help distinguish between Microsoft-native, custom, or third-party AI usage.
What About the Prompts Themselves?
Audit logs also contain metadata about the conversation flow between the user and Copilot. That includes key context like:
-
- Prompt and response IDs
-
- Flags for potential jailbreak attempts
-
- A list of resources Copilot accessed to construct the answer (SharePoint files, Teams chats, Outlook messages)
-
- Sensitivity labels applied to those resources
While the content of your prompt isn’t necessarily visible in plain text within the audit logs, the structure and context around it are available, including which documents were referenced and whether sensitive data may have been involved.
Third-Party and Custom Copilot Applications
If your organization integrates other AI applications — such as a custom Copilot built in Copilot Studio, or a third-party generative AI solution (ChatGPT, Grok, etc 😁) those interactions are also auditable, but under a pay-as-you-go model. With the right tools and policies in place, admins can monitor or restrict usage of external GenAI tools, especially in corporate environments.
These interactions include:
-
- App identity
-
- Plugins or extensions used
-
- AI model provider details
-
- Retention for up to 180 days
Organizations must explicitly enable these features, and billing is based on the number of audit records ingested.
| Can Microsoft Purview DLP… | Yes / No |
|---|---|
| Block or warn on pasting sensitive data into external AI platforms (ChatGPT, Deepseek, etc) | ✅ Yes |
| Log attempts to paste/upload sensitive info to external AI platforms | ✅ Yes |
| See full external AI platforms prompt history or chat contents | ❌ No |
| Monitor uploads with sensitive info to external AI platforms | ✅ Yes |
| Block or restrict external AI platforms websites entirely | ✅ Yes |
Web-Based AI Activity? Also Tracked.
Did M365 Copilot source its answer from the web? If web search was used, admins can see it marked in the audit log. This shows if Copilot referenced public web content. Good for admins to distinguish between company files vs. outside information.
Why This Matters
For users, understanding this level of transparency is essential. Responsibility and risk management are important especially when linked with AI tools, and how and where you use them now sits within a broader compliance ecosystem.
For organizations, these audit logs are vital for:
-
- Data protection
-
- Regulatory compliance
-
- Internal accountability
-
- Incident investigation
-
- Detecting misuse or security risks
They form the invisible framework around responsible AI use.
Final thoughts
So… Can your admin actually see what you’re typing into Copilot? Short answer?
Yeah, kind of. If your organization is using Microsoft Purview with Audit Premium (and many are), then yes — they can see quite a bit.
Not necessarily the full, word-for-word prompt every time, but they can often get close enough to understand what you asked, what Copilot did with it, and which files were involved.
Will they pursue this on a user basis and dig into all your Copilot interactions? Relax. I think we’re safe to say no to that. Not unless there’s a reason, such as a breach, legal hold, or flagged activity. Unless you’re doing something shady (don’t do that), you’re on the safe side.
Just remember. Your work Microsoft 365 Copilot is exactly that: a work Copilot. It’s a powerful productivity assistant. It’s not your personal assistant for answering life’s weirdest questions. Keep it focused on work tasks. For life advice and easy delicious recipes, we have our own devices. Quite literally. Let’s just keep the eggs in separate baskets. 😉
***disclaimer: I was curious about this topic, so I researched a bit 🙂 Do your own research as well. Below you have my sources (and make sure to check out the links in the table above as well):
https://learn.microsoft.com/en-us/purview/audit-copilot
https://learn.microsoft.com/en-us/viva/insights/org-team-insights/copilot-dashboard
Microsoft 365 Copilot data protection and auditing architecture | Microsoft Learn
https://sharegate.com/blog/microsoft-purview-deep-dive-into-sensitive-information-types