AB-730, AI, Generative AI, Microsoft Certification

Understand How Copilot Works to Keep Your Organization’s Information Private and Secure (AB-730 Exam Prep Hub)

 
This post is a part of the AB-730: AI Business Professional Exam Prep Hub.
This topic falls under these sections:
Understand generative AI fundamentals (25–30%)
   --> Understand generative AI capabilities across Microsoft 365 experiences
      --> Understand how Copilot works to keep your organization’s information private and secure

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 2 practice tests with 60 questions each available from the hub's main page below the exam topics section.

Introduction

One of the most common concerns organizations have when adopting generative AI is data privacy and security. Business leaders want to take advantage of AI-powered productivity tools such as Microsoft 365 Copilot while ensuring that sensitive company information remains protected.

For the AB-730 exam, it is important to understand that Microsoft 365 Copilot was designed with enterprise security, privacy, compliance, and responsible AI principles in mind. Rather than creating a separate data repository or granting itself unrestricted access to organizational information, Copilot works within the existing Microsoft 365 security framework and respects the permissions already in place. (Microsoft Learn)

Why Security and Privacy Matter in Generative AI

Generative AI systems can access and process large amounts of information to generate useful responses. Without proper controls, this could potentially expose confidential business information.

Organizations must ensure that:

  • Employees only see information they are authorized to access.
  • Sensitive content remains protected.
  • Regulatory and compliance requirements are met.
  • Company data is not used to train public AI models.
  • AI-generated content follows existing governance policies.

Microsoft 365 Copilot addresses these concerns by building on the same security infrastructure that already protects Microsoft 365 services. (Microsoft Learn)

How Microsoft 365 Copilot Works

When a user submits a prompt, Microsoft 365 Copilot performs several steps:

  1. Receives the user’s prompt.
  2. Retrieves relevant information from approved data sources.
  3. Uses AI models to generate a response.
  4. Returns the response to the user.

A key concept is grounding.

Grounding means Copilot uses relevant business information—such as emails, documents, meetings, chats, and files—to provide responses that are accurate and relevant to the user’s work context. Rather than relying solely on general AI training data, Copilot grounds responses in organizational information and current context. (Microsoft Support)

Examples of grounding sources include:

  • Outlook emails
  • Teams chats
  • Meeting transcripts
  • Word documents
  • Excel workbooks
  • SharePoint sites
  • OneDrive files
  • Public web content (when enabled)

However, Copilot can only use information the user is already permitted to access. (Microsoft Support)

Copilot Respects Existing Permissions

One of the most important exam concepts is:

Copilot does not grant additional permissions.

Microsoft 365 Copilot operates using the identity of the signed-in user. If a user cannot access a file manually, Copilot cannot access that file on the user’s behalf. (Microsoft Learn)

For example:

Scenario 1

A sales manager asks:

“Summarize our Q3 sales strategy.”

Copilot can access documents the manager already has permission to view and generate a summary.

Scenario 2

The same manager asks:

“Show me confidential HR salary information.”

If the manager lacks access to those HR documents, Copilot cannot retrieve or display them. (Microsoft Learn)

This permission model is one of the most important safeguards in Microsoft 365 Copilot.

Microsoft Graph and Copilot

Microsoft 365 Copilot uses the Microsoft Graph to retrieve organizational information.

Microsoft Graph acts as a secure gateway to Microsoft 365 data and includes information from:

  • Outlook
  • Teams
  • SharePoint
  • OneDrive
  • Calendar data
  • Contacts
  • Meetings

When Copilot gathers information, it uses Microsoft Graph while enforcing the same access controls already configured within Microsoft 365. (Microsoft Learn)

For exam purposes, remember:

Copilot accesses organizational information through Microsoft Graph and honors existing user permissions.

Your Organization’s Data Is Not Used to Train Public AI Models

Another frequently tested concept is how Microsoft handles customer data.

Microsoft states that:

  • Organizational data is not used to train public foundation models.
  • Prompts and responses remain within the Microsoft 365 service boundary.
  • Customer content is not shared across tenants.
  • Data remains isolated between organizations. (Microsoft Support)

This means that if an employee uploads a confidential business document and uses Copilot to summarize it, that document is not added to a public AI training dataset. (Microsoft Support)

Enterprise Data Protection

Microsoft 365 Copilot includes enterprise-grade protections designed specifically for business environments.

These protections include:

  • Data encryption
  • Identity management
  • Access controls
  • Tenant isolation
  • Compliance controls
  • Audit capabilities
  • Threat detection

Microsoft refers to these protections as part of its enterprise data protection approach. (Microsoft Learn)

Key principle:

Business data remains protected by the same security controls already used throughout Microsoft 365.

Encryption and Data Protection

Microsoft encrypts data:

  • At rest (stored data)
  • In transit (data moving across networks)

This helps prevent unauthorized access while information is stored or transmitted. Microsoft also supports advanced encryption technologies and integrates with Microsoft Purview protection capabilities. (Microsoft Learn)

Microsoft Purview and Compliance Controls

Organizations often use Microsoft Purview to classify, protect, and govern sensitive information.

Copilot works alongside Microsoft Purview features such as:

  • Sensitivity labels
  • Data Loss Prevention (DLP)
  • Information Protection
  • eDiscovery
  • Records Management
  • Compliance monitoring

If a document is protected by sensitivity labels or other compliance controls, Copilot honors those protections during content generation. (Microsoft Learn)

Tenant Isolation

Microsoft 365 customers operate within separate tenants.

A tenant can be thought of as a secure organizational boundary.

Copilot maintains tenant isolation by ensuring:

  • One organization’s data is not exposed to another organization.
  • Data remains within the customer’s Microsoft 365 environment.
  • Access is limited to authorized users. (Microsoft Learn)

For example, employees at one company cannot use Copilot to access documents belonging to another company’s Microsoft 365 tenant.

Protection Against Prompt Injection and Malicious Content

Prompt injection attacks attempt to manipulate AI systems into ignoring rules or revealing information.

Microsoft uses multiple layers of protection, including:

  • Content filtering
  • Prompt injection detection
  • Security monitoring
  • Threat intelligence
  • AI-specific security controls

These protections help reduce risks associated with malicious prompts and attempts to extract unauthorized information. (Microsoft Learn)

Shared Responsibility

Although Microsoft provides extensive security controls, organizations also have responsibilities.

Organizations should:

  • Review permissions regularly.
  • Protect sensitive content.
  • Apply appropriate sensitivity labels.
  • Configure compliance policies.
  • Train employees on responsible AI usage.

A common misunderstanding is that Copilot creates security problems. In reality, Copilot often exposes existing permission issues that were already present within the organization. If users already have access to content, Copilot may make that content easier to find and summarize. Therefore, proper governance remains essential. (Microsoft Learn)

Key Exam Takeaways

Remember these points for the AB-730 exam:

  • Copilot respects existing Microsoft 365 permissions.
  • Copilot only accesses content users are authorized to view.
  • Microsoft Graph provides access to organizational data.
  • Grounding improves response relevance using organizational context.
  • Customer data is not used to train public AI models.
  • Prompts and responses remain within Microsoft’s enterprise-protected environment.
  • Encryption protects data both in transit and at rest.
  • Microsoft Purview compliance controls are honored by Copilot.
  • Tenant isolation prevents cross-organization data exposure.
  • Organizations remain responsible for proper governance and permissions management.

Practice Exam Questions

Question 1

What is the primary purpose of grounding in Microsoft 365 Copilot?

A. Encrypt organizational data

B. Replace Microsoft Graph

C. Improve responses by using relevant contextual information

D. Create new permissions for users

Answer: C

Question 2

Which statement best describes how Copilot accesses organizational information?

A. Through Microsoft Graph while honoring existing permissions

B. Through a separate AI database that stores all company information

C. By granting itself administrative access

D. By scanning all tenants globally

Answer: A

Question 3

A user asks Copilot to summarize a confidential HR document that they cannot access manually. What will happen?

A. Copilot displays the document because it is AI-powered

B. Copilot requests administrator approval automatically

C. Copilot generates a partial summary

D. Copilot cannot access the document

Answer: D

Question 4

Which Microsoft technology serves as the secure gateway to Microsoft 365 organizational data used by Copilot?

A. Microsoft Defender

B. Microsoft Graph

C. Microsoft Fabric

D. Azure AI Foundry

Answer: B

Question 5

How does Microsoft use customer organizational data submitted to Microsoft 365 Copilot?

A. It is used to train public AI models.

B. It is shared across Microsoft tenants.

C. It is not used to train public foundation models.

D. It is automatically published to Microsoft Graph.

Answer: C

Question 6

Which feature helps classify and protect sensitive information that Copilot respects during content generation?

A. Microsoft Purview

B. Microsoft Edge

C. Microsoft Stream

D. Microsoft Planner

Answer: A

Question 7

What does tenant isolation help ensure?

A. Users can share information across organizations.

B. Data is automatically replicated between tenants.

C. Every employee receives administrator permissions.

D. One organization’s data remains separate from another organization’s data.

Answer: D

Question 8

Which statement is true regarding Copilot and permissions?

A. Copilot creates temporary permissions when needed.

B. Copilot only accesses information that the user is already authorized to view.

C. Copilot bypasses SharePoint security controls.

D. Copilot can view all files within a tenant.

Answer: B

Question 9

Which security capability helps protect data while it is being transmitted across networks?

A. Grounding

B. Tenant isolation

C. Encryption in transit

D. Prompt engineering

Answer: C

Question 10

Who shares responsibility for protecting organizational information when using Microsoft 365 Copilot?

A. Only Microsoft

B. Only end users

C. Only IT administrators

D. Microsoft and the organization

Answer: D

Go to the AB-730 Exam Prep Hub main page

Leave a comment