Overheard at the M365 Community Conference on more than one occasion:

“Copilot interactions for users with paid licenses are stored in the user's mailbox and are discoverable.”

The truth is that all user interactions with Copilot are stored in the mailbox and are discoverable. Here, let me prove it to you:

You see a screenshot from a review set that contains the results of searching for Copilot activity across my Admin mailbox in a Dev tenant. A tenant that can’t purchase Copilot licenses.

Any user logged in to a tenant account in your environment who uses Copilot Chat is subject to Enterprise Data Protection. Their copilot interactions are kept inside the tenant, stored in the mailbox, and subject to eDiscovery. Don’t fall asleep on this.

What’s more, if they upload a file to Copilot Chat, it is stored in their OneDrive in a folder named Copilot Chat Files. They are also subject to eDiscovery and other policies targeting users of OneDrive for Business accounts.

Don’t sleep on that, either. (Yes, they are collected in the Review set as modern attachments if you’ve collected the Copilot interactions.)

What’s most surprising to me is that MVPs and Microsoft employees are still making this incorrect statement when we’ve known this for, what, six months?

Side note: If you recall, a few months back, the filter for Copilot Activity in the new query builder gave me incorrect results because the KeyQL query was incorrect. This seems to have been corrected. My query this past weekend was returning accurate results.

I also wanted to touch on the new Researcher agent and its impact on eDiscovery.