mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 03:43:39 +00:00
Merge branch 'main' into vp-csp-2505
This commit is contained in:
Padma Jayaraman
GitHub
@ -3,7 +3,7 @@ title: Updated Windows and Microsoft 365 Copilot Chat experience
|
||||
description: Learn about changes to the Copilot in Windows experience for commercial environments and how to configure it for your organization.
|
||||
ms.topic: overview
|
||||
ms.subservice: windows-copilot
|
||||
ms.date: 01/28/2025
|
||||
ms.date: 06/09/2025
|
||||
ms.author: mstewart
|
||||
author: mestew
|
||||
ms.collection:
|
||||
@ -16,66 +16,39 @@ appliesto:
|
||||
# Updated Windows and Microsoft 365 Copilot Chat experience
|
||||
<!--8445848, 9294806-->
|
||||
|
||||
>**Looking for consumer information?** See [Welcome to Copilot on Windows](https://support.microsoft.com/topic/675708af-8c16-4675-afeb-85a5a476ccb0). **Looking for more information on Microsoft 365 Copilot Chat experiences?** See [Understanding the different Microsoft 365 Copilot Chat experiences](https://support.microsoft.com/topic/cfff4791-694a-4d90-9c9c-1eb3fb28e842).
|
||||
>**Looking for consumer information?** See [Getting started with Copilot on Windows](https://support.microsoft.com/topic/1159c61f-86c3-4755-bf83-7fbff7e0982d). **Looking for more information on Microsoft 365 Copilot Chat experiences?** See [Understanding the different Microsoft 365 Copilot Chat experiences](https://support.microsoft.com/topic/cfff4791-694a-4d90-9c9c-1eb3fb28e842).
|
||||
|
||||
## Enhanced data protection with enterprise data protection
|
||||
|
||||
The Copilot experience on Windows is changing to enhance data security, privacy, compliance, and simplify the user experience, for users signed in with a Microsoft Entra work or school account. [Microsoft 365 Copilot Chat](https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/updates-to-microsoft-copilot-to-bring-enterprise-data-protection/ba-p/4217152) is available at no additional cost and it redirects users to a new simplified interface designed for work and education. [Enterprise data protection (EDP)](/copilot/microsoft-365/enterprise-data-protection) refers to controls and commitments, under the Data Protection Addendum and Product Terms, that apply to customer data for users of Microsoft 365 Copilot and Microsoft 365 Copilot Chat. This means that security, privacy, compliance controls and commitments available for Microsoft 365 Copilot will extend to Microsoft 365 Copilot Chat prompts and responses. Prompts and responses are protected by the same terms and commitments that are widely trusted by our customers. This is an improvement on top of the previous commercial data protection (CDP) promise. This update is rolling out now. For more information, see the [Microsoft 365 Copilot Chat updates and enterprise data protection FAQ](/copilot/edpfaq).
|
||||
Starting in September 2024, the Copilot experience on Windows is changing to enhance data security, privacy, compliance, and simplify the user experience, for users signed in with a Microsoft Entra work or school account. [Microsoft 365 Copilot Chat](https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/updates-to-microsoft-copilot-to-bring-enterprise-data-protection/ba-p/4217152) is available at no additional cost and it redirects users to a new simplified interface designed for work and education. [Enterprise data protection (EDP)](/copilot/microsoft-365/enterprise-data-protection) refers to controls and commitments, under the Data Protection Addendum and Product Terms, that apply to customer data for users of Microsoft 365 Copilot and Microsoft 365 Copilot Chat. This means that security, privacy, compliance controls and commitments available for Microsoft 365 Copilot will extend to Microsoft 365 Copilot Chat prompts and responses. Prompts and responses are protected by the same terms and commitments that are widely trusted by our customers. This is an improvement on top of the previous commercial data protection (CDP) promise. For more information, see the [Microsoft 365 Copilot Chat updates and enterprise data protection FAQ](/copilot/edpfaq).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> To streamline the user experience, updates to the Copilot entry points in Windows are being made for users. **Copilot in Windows (preview) will be removed from Windows**. The experience will slightly vary depending on whether your organization has already opted into using Copilot in Windows (preview) or not.
|
||||
|
||||
## Copilot in Windows (preview) isn't enabled
|
||||
|
||||
If your organization hasn't enabled Copilot in Windows (preview), your existing preferences are respected. Neither Microsoft 365 Copilot Chat or the Microsoft 365 Copilot app (formerly the Microsoft 365 app) are pinned to the taskbar. To prepare for the eventual removal of the [Copilot in Windows policy](/windows/client-management/mdm/policy-csp-windowsai#turnoffwindowscopilot), admins should [set pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center.
|
||||
|
||||
> [!NOTE]
|
||||
> Although we won't be pinning any app to the taskbar by default, IT has the capability to use policies to enforce their preferred app pinning.
|
||||
|
||||
## Copilot in Windows (preview) is enabled
|
||||
|
||||
If you had previously activated Copilot in Windows (in preview) for your workforce, we want to thank you for your enthusiasm. To provide the best Copilot experience for your users moving forward, and support greater efficiency and productivity, we won't automatically pin the Microsoft 365 Copilot app to the taskbar in Windows. Rather, we ensure that you have control over how you enable the Copilot experience within your organization. Our focus remains on empowering IT to seamlessly manage AI experiences and adopt those experiences at a pace that suits your organizational needs.
|
||||
|
||||
If you have already activated Copilot in Windows (preview) - and want your users to have uninterrupted access to Copilot on the taskbar after the update - use the [configuration options](/windows/configuration/taskbar/?pivots=windows-11) to pin the Microsoft 365 Copilot app to the taskbar as Copilot in Windows (preview) icon will be removed from the taskbar.
|
||||
|
||||
## Users signing in to new PCs with Microsoft Entra accounts
|
||||
|
||||
For users signing in to new PCs with work or school accounts, the following experience occurs:
|
||||
|
||||
- The Microsoft 365 Copilot app is pinned to the taskbar - this is the app comes preinstalled with Windows and includes convenient access to Office apps such as Word, PowerPoint, etc.
|
||||
- The Microsoft 365 Copilot app is pinned to the taskbar - this is the app that typically comes preinstalled with Windows and includes convenient access to Office apps such as Word, PowerPoint, etc.
|
||||
- Users that have the Microsoft 365 Copilot license have Microsoft 365 Copilot Chat pinned by default inside the Microsoft 365 Copilot app.
|
||||
- Within the Microsoft 365 Copilot app, the Microsoft 365 Copilot Chat icon is situated next to the home button.
|
||||
- Microsoft 365 Copilot Chat (`web` grounding chat) isn't the same as Microsoft 365 Copilot (`web` and `work` scope), which is a separate add-on license.
|
||||
- Microsoft 365 Copilot Chat is available at no additional cost to customers with a Microsoft Entra account. Microsoft 365 Copilot Chat is the entry point for Copilot at work. While the Copilot chat experience helps users ground their conversations in web data, Microsoft 365 Copilot allows users to incorporate both web and work data they have access to into their conversations by switching between work and web modes in Business Chat.
|
||||
- For users with the Microsoft 365 Copilot license, they can toggle between the web grounding-based chat capabilities of Microsoft 365 Copilot Chat and the work scoped chat capabilities of Microsoft 365 Copilot.
|
||||
- Customers that don't have a license for Microsoft 365 Copilot are asked if they want to pin Microsoft 365 Copilot Chat to ensure they have easy access to Copilot. To set the default behavior, admins should [set taskbar pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center.
|
||||
- Customers that don't have a license for Microsoft 365 Copilot are asked if they want to pin Microsoft 365 Copilot Chat to ensure they have easy access to Copilot. To set the default behavior, admins should [set pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center.
|
||||
- If admins elect not to pin Copilot and indicate that users can be asked, users will be asked to pin it themselves in the Microsoft 365 Copilot app, Outlook, and Teams.
|
||||
- If admins elect not to pin Microsoft 365 Copilot Chat and indicate that users can't be asked, Microsoft 365 Copilot Chat won't be available via the Microsoft 365 Copilot app, Outlook, or Teams. Users have access to Microsoft 365 Copilot Chat from <www.microsoft.com/copilot> unless that URL is blocked by the IT admin.
|
||||
- If admins elect not to pin Microsoft 365 Copilot Chat and indicate that users can't be asked, Microsoft 365 Copilot Chat won't be available via the Microsoft 365 Copilot app, Outlook, or Teams. Users have access to Microsoft 365 Copilot Chat from [https://www.microsoft.com/copilot](https://www.microsoft.com/copilot) unless that URL is blocked by the IT admin.
|
||||
- If the admins make no selection, users will be asked to pin Microsoft 365 Copilot Chat by themselves for easy access.
|
||||
|
||||
IT admins can pin the Microsoft 365 Copilot app to the Windows taskbar to enable easy and seamless access for users. This can be managed using policies to [configure applications pinned to the Windows taskbar](/windows/configuration/taskbar/pinned-apps).
|
||||
|
||||
## When will this happen?
|
||||
|
||||
The update to Microsoft 365 Copilot Chat to offer enterprise data protection is rolling out now.
|
||||
The shift to Microsoft 365 Copilot Chat is coming soon. Changes will be rolled out to managed PCs starting with the September 2024 optional nonsecurity preview release, and following with the October 2024 monthly security update for all supported versions of Windows 11. These changes will be applied to Windows 10 PCs the month after. This update is replacing the current Copilot in Windows experience.
|
||||
The update to Microsoft 365 Copilot Chat to offer enterprise data protection roll out started in September 2024. Changes were rolled out to managed PCs starting with the September 2024 optional nonsecurity preview release, and then the October 2024 monthly security update for all supported versions of Windows 11. These changes were applied to Windows 10 PCs in November 2024. This update replaced the legacy Copilot in Windows experience.
|
||||
|
||||
The Copilot app will be automatically enabled after you install the Windows updates listed above if you haven't previously enabled a group policy to prevent the installation of Copilot. The [AppLocker policy](/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview) is available to control this Copilot experience before installing these Windows updates mentioned above or any subsequent Windows updates.
|
||||
The Copilot app is automatically enabled after you install the Windows updates listed above if you haven't previously enabled a group policy to prevent the installation of Copilot. The [AppLocker policy](/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview) is available to control this Copilot experience before installing these Windows updates mentioned above or any subsequent Windows updates.
|
||||
|
||||
Note that the Copilot app, which is a consumer experience, doesn't support Microsoft Entra authentication and users trying to sign in to the app using a Microsoft Entra account will be redirected to https://copilot.cloud.microsoft/ in their default browser. For users authenticating with a Microsoft Entra account, they should access Copilot through the Microsoft 365 Copilot app as the entry point. We recommend you pin Copilot to the navigation bar of the Microsoft 365 Copilot app to enable easy access.
|
||||
|
||||
|
||||
## Policy information for previous Copilot in Windows (preview) experience
|
||||
|
||||
Admins should configure the [pinning options](/copilot/microsoft-365/pin-copilot) to enable access to Microsoft 365 Copilot Chat within the Microsoft 365 Copilot app in the Microsoft 365 admin center.
|
||||
|
||||
The following policy to manage Copilot in Windows (preview) will be removed in the future and is considered a legacy policy:
|
||||
|
||||
|
||||
| | Setting |
|
||||
|---|---|
|
||||
| **CSP** | ./User/Vendor/MSFT/Policy/Config/WindowsAI/[TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) |
|
||||
| **Group policy** | User Configuration > Administrative Templates > Windows Components > Windows Copilot > **Turn off Windows Copilot** |
|
||||
|
||||
## Remove or prevent installation of the Copilot app
|
||||
|
||||
You can remove or uninstall the Copilot app from your device by using one of the following methods:
|
||||
@ -102,28 +75,15 @@ You can remove or uninstall the Copilot app from your device by using one of the
|
||||
|
||||
|
||||
## Implications for the Copilot hardware key
|
||||
<!--9598546-->
|
||||
The Microsoft 365 Copilot app is now available only to consumer users authenticating with a Microsoft account and won't work for commercial users authenticating with a Microsoft Entra account. With this change, IT admins need to take steps to ensure users authenticating with a Microsoft Entra account can still access Copilot with the Copilot key. Users attempting to sign in to the Copilot app with their Microsoft Entra account will be redirected to the browser version of Microsoft 365 Copilot Chat for work (https://copilot.cloud.microsoft).
|
||||
<!--9598546, 10050561-->
|
||||
The updated Copilot hardware key experience on Windows 11 devices offers a more streamlined and context-aware interaction model for both consumer and commercial users. For commercial customers, pressing the Copilot key now opens a lightweight prompt box for quick access to Microsoft 365 Copilot, allowing users to stay in their workflow without switching apps or screens. This prompt can be expanded into the full Microsoft 365 Copilot app for more functionality. This change started rolling out in the May 2025 optional nonsecurity preview release. It addressed feedback from enterprise users who found the key defaulted to a consumer experience on managed devices. IT admins can configure or remap the key using [group policy or CSP settings](#policies-to-manage-the-copilot-key) to meet organizational needs.
|
||||
|
||||
For the optimal experience, enterprise customers should go to Windows client policies, such as Group Policy or Configuration Service Provider (CSP) policies to update the target of the key to the Microsoft 365 Copilot app so that users can access Copilot within the Microsoft 365 Copilot app. End users can also configure this from the **Settings** page.
|
||||
|
||||
The Microsoft 365 Copilot app comes preinstalled on all Windows 11 PCs. If your organization uninstalled the Microsoft 365 Copilot app, we suggest you reinstall it from the Microsoft Store or your preferred application management solution so that the Copilot key can be remapped to the Microsoft 365 Copilot app. We also suggest you [Pin Microsoft 365 Copilot Chat](/copilot/microsoft-365/pin-copilot) to the navigation bar of the Microsoft 365 Copilot app.
|
||||
|
||||
To avoid confusion for users as to which entry point for Microsoft 365 Copilot Chat to use, we recommend you uninstall the Copilot app.
|
||||
|
||||
Use the table below to help determine the experience for your managed organization:
|
||||
|
||||
| Configuration | Copilot experience | Copilot key invokes |
|
||||
| ---| --- | --- |
|
||||
| Copilot **not enabled** in environment | Neither Copilot in Windows (preview) nor the Microsoft 365 Copilot app are present. | Windows Search |
|
||||
| Copilot **enabled** + **do not authenticate** with Microsoft Entra | Copilot in Windows (preview) is removed and replaced by the Microsoft 365 Copilot app, which is not pinned to the taskbar unless you elect to do so. | Microsoft 365 Copilot app |
|
||||
| Copilot **enabled** + **authenticate** with Microsoft Entra + **new device** | Copilot in Windows (preview) is not present. Microsoft 365 Copilot Chat is accessed through the Microsoft 365 Copilot app (after post-setup update). | Microsoft 365 Copilot Chat within the Microsoft 365 Copilot app (after post-setup update). |
|
||||
| Copilot **enabled** + **authenticate** with Microsoft Entra + **existing device** | Copilot in Windows (preview) is removed. Existing users with Copilot enabled on their devices will still see the Microsoft 365 Copilot app. | IT admins should use policy to remap the Copilot key to the Microsoft 365 Copilot app, or prompt users to choose. |
|
||||
If you're a software developer, you'll need to register your app as a [Microsoft Copilot hardware key provider](/windows/apps/develop/windows-integration/microsoft-copliot-key-provider) to allow users to remap the Copilot key to your app. This is done by adding `com.microsoft.windows.copilotkeyprovider` as the **Name** within the [uap3:AppExtension](/uwp/schemas/appxpackage/uapmanifestschema/element-uap3-appextension-manual) for your app's package manifest file.
|
||||
|
||||
|
||||
## Policies to manage the Copilot key
|
||||
|
||||
Policies are available to configure the target app of the Copilot hardware key. For more information, see [WindowsAI Policy CSP](mdm/policy-csp-windowsai.md).
|
||||
Policies are available so admins can configure the target app of the Copilot hardware key. For more information, see [WindowsAI Policy CSP](mdm/policy-csp-windowsai.md).
|
||||
|
||||
To configure the Copilot key, use the following policy:
|
||||
|
||||
@ -133,6 +93,7 @@ To configure the Copilot key, use the following policy:
|
||||
| **Group policy** | User Configuration > Administrative Templates > Windows Components > Windows Copilot > **Set Copilot Hardware Key** |
|
||||
|
||||
|
||||
|
||||
## End user settings for the Copilot key
|
||||
|
||||
If you choose to provide users in your organization with the choice to manage their own experience, a protocol to launch the **Settings** app remap the Copilot key is available. The following can be used by apps and scripts to bring the user to the setting so they can modify it to meet their needs:
|
||||
@ -142,17 +103,16 @@ If you choose to provide users in your organization with the choice to manage th
|
||||
:::image type="content" border="true" source="./images/9598546-copilot-key-settings.png" alt-text="Screenshot of the text input page in Settings." lightbox="./images/9598546-copilot-key-settings.png":::
|
||||
|
||||
|
||||
|
||||
If a user signed in with their Microsoft Entra account doesn't already have the key mapped to the Microsoft 365 Copilot app, they can select the app by going to **Settings** > **Personalization** > **Text input**, then selecting from the dropdown menu in the setting called **Customize Copilot key on keyboard**. This dropdown has options for: **Search**, **Custom**, or a currently mapped app if one is selected.
|
||||
|
||||
To map the key to the Microsoft 365 Copilot app, the user should select **Custom** and then choose the Microsoft 365 Copilot app from the app picker. If this app picker is empty or doesn't include the Microsoft 365 Copilot app, they should reinstall it from the Microsoft Store.
|
||||
|
||||
Users can also choose to have the Copilot key launch an app that is MSIX packaged and signed, ensuring the app options the Copilot key can remap to meet security and privacy requirements.
|
||||
Users can also choose to have the Copilot key launch an app that is MSIX packaged and signed, ensuring the app configured to the Copilot key can remap to meet security and privacy requirements. If the app isn't listed in the app picker for the Copilot key, it's possible that the app provider hasn't registered it yet in their package manifest file as a [Microsoft Copilot hardware key provider](/windows/apps/develop/windows-integration/microsoft-copliot-key-provider). Check with your app provider to see if they've recently updated the app and that you have the lastest version of their app installed.
|
||||
|
||||
|
||||
## Copilot installation with Windows updates and controls
|
||||
|
||||
If you're an IT administrator and have enabled group policies to prevent the installation of Copilot, the Copilot app won't be installed on the configured devices. If you haven't enabled a group policy, you can remove the Copilot app by following one of the steps in the [Remove or prevent installation of the Copilot app](#remove-or-prevent-installation-of-the-copilot-app) section or configure the [AppLocker policy](/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview) before installing Windows updates. When the AppLocker policy for Copilot is enabled, it will:
|
||||
If you're an IT administrator, you can remove the consumer Copilot app by following one of the steps in the [Remove or prevent installation of the Copilot app](#remove-or-prevent-installation-of-the-copilot-app) section or configure the [AppLocker policy](/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview) before installing Windows updates. When the AppLocker policy for Copilot is enabled, it will:
|
||||
|
||||
- Prevent the app from being installed if it isn't already on the device.
|
||||
- Block the app from being launched if it's already installed.
|
||||
- Prevent the consumer app from being installed if it isn't already on the device.
|
||||
- Block the consumer app from being launched if it's already installed.
|
||||
@ -13,7 +13,15 @@ ms.subservice: activation
|
||||
|
||||
# Active Directory-Based Activation overview
|
||||
|
||||
Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company's domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it's distributed throughout the domain.
|
||||
Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company's domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it's distributed throughout the domain. ADBA has the following benefits
|
||||
|
||||
- No additional devices required to maintain (KMS host)
|
||||
|
||||
- No RPC requirement, uses LDAP
|
||||
|
||||
- Works with RODC
|
||||
|
||||
Note: ADBA activation only works in single forest, even if you have trust relationship setup. Each forest requires it's own ADBA object. KMS can work cross forest if the DNS SRV record is manually created under the DNS of each forest, provided 2-way trust relationship is created
|
||||
|
||||
## ADBA scenarios
|
||||
|
||||
|
||||
Reference in New Issue
Block a user