// copilot assessments / copilot-interaction-compliance
Copilot Interaction Compliance Audit
Compliance teams need to know: is Copilot leaking sensitive data? This audit samples a tenant-wide window of Copilot interactions via the Microsoft 365 Copilot Interaction Export API, PII-pattern-scans them in memory (never persisting raw text), and scores compliance posture across PII density, sensitivity-label crossover, citation hygiene, conversation mix, and retention coverage.
Single report, no commitment.
Continuous monitoring — fresh report every 30 days.
Available in AUD, USD, GBP, EUR, SGD. MSP partners get volume discounts via the partner programme.
What it scores
Volume & Cost
Interactions per surface, distinct users, heavy-user outliers (top 1%).
PII Pattern Density
Tax / SSN / credit card / health record / email pattern hits — zero-tolerance on financial identifiers.
Labelled Content Crossover
Responses citing sensitivity-labelled content above the requester’s clearance.
Citation Hygiene
Internal-citation share, external-web pollution rate.
Conversation Type Mix
BizChat vs in-app distribution; governance posture.
Retention Coverage
Confirms a Purview retention policy covers Copilot interaction artefacts.
Microsoft APIs
- Copilot Interaction Export API (aiInteractionHistory: getAllEnterpriseInteractions)
Customer prerequisites
- All 6 M365 Copilot service plans active
- AiEnterpriseInteraction.Read.All scope
Other Copilot Assessments
Pre-deployment data hygiene scoring across 7 dimensions plus live retrieval-surface measurement and an agent catalogue teaser.
Per-user, per-surface Copilot activity vs licence spend — with named-user reclaim list.
Risk-scored inventory of every Entra Agent ID (Copilot Studio etc.), the tenant-wide Copilot tool catalogue (MCP servers), and the full Copilot Package Management catalogue (third-party add-ins + Teams apps) once a probe account is connected.