Microsoft Copilot

Ten-plus distinct products under one brand

By April 2026, “Copilot” is a family of at least ten distinct SKUs. Mixing them up is the most common mistake SMBs make when shopping the platform.

• Microsoft 365 Copilot (flagship add-on)

  Lives inside Word, Excel, PowerPoint, Outlook, Teams, Loop, OneNote, Whiteboard, and Forms. Draft, summarize, explain, triage — grounded in Microsoft Graph so every response ties back to your own emails, files, meetings, and chats. Knowledge workers on a qualifying base license.

  LicensingRequires M365 E3/E5 or Business Basic/Standard/Premium base. Enterprise add-on US$30/user/month. New SMB (<300 seats) Business SKU at US$21/user/month (promotional US$18 through June 30, 2026). Bundled with Business Premium at US$32/user/month on annual commit.

• Microsoft 365 Copilot Chat (free + paid)

  Two things share this name. Free tier: web-grounded chat with enterprise data protection, no Graph access, no in-app Copilot. Paid tier: the Copilot add-on above — Graph grounding, in-app Copilot, priority model access, agents. Ignite 2025 announced in-app Copilot Chat previews to non-licensed users in Outlook/Word/Excel/PowerPoint rolling out through early 2026.

  LicensingFree tier included with any M365 business license. Paid tier requires the Copilot add-on.

• Copilot Studio (build your own agents)

  Low-code maker environment for custom AI agents and multi-agent systems. 1,400+ system connectors via MCP, Power Platform, and Microsoft Graph. Agents surface inside Microsoft 365 Copilot Chat, Teams, websites, or standalone. September 2025 shifted to Copilot Credits currency.

  LicensingCapacity-based. Prepaid at US$200/month per 25,000 Credits, or pay-as-you-go at US$0.01/Credit via Azure. Credit Pre-Purchase Plan (annual) saves 5–20%. No per-agent fee — capacity pools across tenant.

• GitHub Copilot (code completion + agents)

  The original Copilot. Five tiers. 2025–2026 additions: Agent mode, MCP server support across all tiers, cloud-hosted coding agents, Copilot CLI, Copilot code review on pull requests. Copilot Workspace for Enterprise.

  LicensingFree ($0, 50 agent requests + 2,000 completions/mo); Pro ($10/mo); Pro+ ($39/mo, Claude Opus 4.7 + GitHub Spark); Business (~$19/user/mo, policy controls + IP indemnity); Enterprise (~$39/user/mo, Copilot Workspace + org knowledge bases).

• Microsoft Security Copilot (SOC augmentation)

  Generative AI for security analysts. Investigates incidents, writes KQL, explains threats, reverse-engineers malware, drafts incident reports. Plugs into Defender XDR, Sentinel, Entra, Intune, Purview, and third-party tools.

  LicensingProvisioned Security Compute Units at US$4/SCU/hr; overage US$6/hr. Microsoft 365 E5 customers get 400 SCUs/month per 1,000 licenses free (capped at 10,000 SCUs) — effectively standard for E5 shops. A single 24/7 SCU costs ~$2,920/mo; real SOC usage typically 3–5 SCUs.

• Copilot for Sales

  Embedded in Outlook and Teams for sellers. Meeting prep briefs, opportunity history summaries, contextual reply drafts, CRM field updates from email content, lead scoring. Works with Dynamics 365 Sales and Salesforce. 2026 release wave 1 upgraded to a "daily command center" with chat and mobile enhancements.

  LicensingNow included in the Microsoft 365 Copilot add-on. The separate $20/user/month Dynamics 365 Copilot SKU has been folded in.

• Copilot for Service

  Suggests replies, recommends next actions, summarizes cases, deflects common tickets in the agent desktop. Integrates with ServiceNow, Salesforce Service Cloud, Zendesk.

  LicensingIncluded in the Microsoft 365 Copilot add-on.

• Copilot for Finance

  Lives in Excel and Outlook for finance pros. Automates variance analysis, accelerates reconciliations, drafts collections emails, investigates anomalies. 2026 wave 1 upgraded as a "Finance Agent" daily command center.

  LicensingIncluded in the Microsoft 365 Copilot add-on.

• Microsoft Agent 365 (new — GA May 1, 2026)

  The governance control plane for agents. Treats agents like identities: tenant-wide registry, access controls, monitoring, Entra/Purview/Defender policy enforcement. Announced at Ignite 2025 via the Frontier program; GA May 1, 2026.

  LicensingUS$15/user/month standalone, or bundled in the new E7 Frontier Suite.

• Microsoft 365 E7 Frontier Suite (new — GA May 1, 2026)

  New super-SKU announced March 9, 2026. Bundles M365 E5 + Microsoft 365 Copilot + Entra Suite + Agent 365 at a ~15% bundle discount versus component pricing.

  LicensingUS$99/user/month.

How Copilot actually works

When a user types a prompt in Word, Outlook, or the Copilot app, the request never just goes "to ChatGPT." It takes a defined path inside the Microsoft 365 service boundary — the logical wall that contains your tenant's data. Copilot pre-processes the prompt through a step Microsoft calls grounding: it queries Microsoft Graph (the unified API over your emails, files, chats, meetings, calendar, and identity) and the semantic index (a per-user vector index that understands your content lexically and semantically). Grounding pulls only what the signed-in user has permission to access — Copilot inherits the user's Entra ID identity, Conditional Access policies, MFA state, and every SharePoint/OneDrive/Exchange ACL already on the data. If the user can't open it, Copilot can't see it.

The grounded prompt is then sent to a large language model hosted inside Microsoft's Azure-managed inference environment. As of 2026 that includes OpenAI GPT-5, GPT-5.1, and — following Microsoft's onboarding of Anthropic as a subprocessor in late 2025 — Anthropic models as well. Data is encrypted in transit; inference runs inside Microsoft's service boundary; and per Microsoft's commercial data protection commitment, prompts, responses, and Graph-grounded data are never used to train the foundation models. The EU Data Boundary and Advanced Data Residency commitments pin processing geography. Multi-tenant isolation is enforced at the Azure layer — other tenants cannot see your prompts or responses.

After the model returns a response, Copilot post-processes: responsible-AI filters (hate/violence/self-harm/PII), citation assembly (every answer links back to Graph documents that grounded it), and compliance hooks — Microsoft Purview can apply sensitivity labels to Copilot output, log the interaction for audit, and enforce DLP on both prompt and response. Critically, Copilot does not create new access — it surfaces existing access. That sounds innocuous until you realize every piece of incidental oversharing in SharePoint becomes instantly, conversationally discoverable. Which is why prerequisite #4 matters more than the license itself.

Prerequisites

A Copilot rollout that skips any of these will either leak data, underdeliver ROI, or both. In that order of cost.

• 01

  Base licensing

  Microsoft 365 Copilot requires a qualifying base: E3, E5, F3, or Business Basic/Standard/Premium. Business Premium + Copilot at $32/user/month (annual) is the sweet spot for most BC SMBs.

• 02

  Entra ID in a healthy state

  Cloud-identity or hybrid-identity only — on-prem-only AD doesn't work. Conditional Access enforced, MFA enabled, guest accounts reviewed. Copilot honors guest access; your external auditor's guest account can ground responses in your content.

• 03

  SharePoint / OneDrive permissions hygiene

  The #1 blocker, full stop. Broken inheritance, "anyone with the link" sharing, stale site access, and orphaned Teams sites all become Copilot surface area. SharePoint Advanced Management (SAM — included with Copilot) surfaces oversharing; Restricted SharePoint Search (RSS) whitelists reviewed sites; the new SharePoint Admin Agent automates remediation.

• 04

  Microsoft Purview foundation

  Sensitivity label taxonomy (Public / Internal / Confidential / Highly Confidential), auto-labeling on top 5 sensitive data types (SIN, credit cards, PHIPA/PIPEDA categories), DLP on Exchange/SharePoint/Teams, Insider Risk policies on. Copilot responses inherit the highest sensitivity label of any source.

• 05

  Teams + Exchange Online + OneDrive active

  Copilot needs Exchange Online (not on-prem hybrid with mailboxes still on-prem), OneDrive provisioned, and Teams active. Skype for Business is out — it's Teams only.

• 06

  Network

  No special firewall rules for most tenants. For SD-WAN / zero-trust / proxy setups, validate *.office.com, *.microsoft.com, *.cloud.microsoft, *.office365.com on the optimize/allow list without TLS inspection. Copilot is latency-sensitive.

• 07

  Microsoft 365 Apps current channel

  Copilot requires recent Microsoft 365 Apps builds. Outlook needs New Outlook for full parity. Semi-Annual Enterprise lags features; Current Channel or Monthly Enterprise recommended during rollout.

• 08

  Audit and backup

  Purview Audit (Standard or Premium) on, ideally Premium's 1-year retention. Microsoft 365 Backup (or Veeam) recommended — Copilot generates, and agents modify, content at machine speed; undo-by-restore matters.

Who it’s for

• A 60-person Vancouver law firm wanting to cut matter-summary and client-communication drafting time by 30-40%, with sensitivity labels keeping privileged client content out of the wrong summaries.
• A 120-person professional services firm buying E5 — getting the bundled 400 SCUs of Security Copilot for free and wanting a partner to actually enable it for the SOC.
• A mid-market finance or operations team with a messy SharePoint tenant that needs oversharing remediation before any Copilot license gets issued.

Governance & compliance

• PIPEDA + BC PIPA + FOIPPA

  Canadian federal and BC provincial privacy laws. Copilot outputs processing PII trigger PIPEDA/PIPA obligations; sensitivity labeling and DLP are how we prove we meet them. FOIPPA (public bodies, health authorities, school districts) requires Canadian residency.

• Purview sensitivity labels + auto-labeling

  Label taxonomy (Public / Internal / Confidential / Highly Confidential) with auto-labeling on PII, SIN, health identifiers, and financial data. Copilot responses inherit the highest label of any grounding document.

• Purview DSPM for AI (AI Hub)

  Purpose-built dashboard for Copilot and agent activity. Shows which users are using Copilot, what sensitive data appeared in prompts, which responses referenced labeled content. This is the control pane we watch.

• Conditional Access for Copilot

  The new 'Protect AI with Conditional Access' policy template enforces compliant-device and MFA before Copilot access. Integrates with Entra ID P1/P2 already present in Business Premium or E3/E5.

• Compliance Manager + Purview Audit Premium

  PIPEDA, ISO 27001, SOC 2 templates track control coverage. Premium Audit provides 1-year retention and high-value event categories — evidence for regulators and cyber-insurance.

• Communication Compliance

  Policies catch inappropriate Copilot-generated content before it leaves the tenant — relevant for regulated industries and public-sector clients.

Licensing economics

• Microsoft 365 Copilot (enterprise add-on): US$30/user/month, annual commit. Requires E3, E5, Business Basic/Standard/Premium, or F3.
• Microsoft 365 Copilot Business (SMB, <300 seats): US$21/user/month; promotional US$18/user/month through June 30, 2026.
• Bundled: Business Basic + Copilot US$27/mo; Business Standard + Copilot US$22/mo; Business Premium + Copilot US$32/mo (annual commit).
• Microsoft 365 E7 Frontier Suite (GA May 1, 2026): US$99/user/mo. Bundles E5 + M365 Copilot + Entra Suite + Agent 365. ~15% savings.
• Agent 365 (standalone): US$15/user/month.
• GitHub Copilot: Free $0; Pro $10; Pro+ $39; Business ~$19; Enterprise ~$39 per user per month.
• Microsoft Security Copilot: US$4/SCU/hour provisioned; US$6/hour overage. M365 E5 gets 400 SCUs/month per 1,000 licenses free (capped at 10,000 SCUs).
• Copilot Studio: US$200/month per 25,000 Credits, or US$0.01/Credit PAYG. Annual Pre-Purchase Plan saves 5–20%. No per-agent fee.
• Copilot for Sales / Service / Finance: now included in the Microsoft 365 Copilot add-on.
• July 2026 price hike: Microsoft announced across-the-board Office suite increases effective July 1, 2026. Annual commitments locked before that date keep current pricing.

What Kootechnikel actually does

• Copilot Readiness Assessment

  Two-week engagement producing a written go/no-go, a remediation backlog with effort estimates, and a business case the client brings to finance. Fixed fee.

• SharePoint oversharing remediation

  Using SharePoint Advanced Management, Restricted SharePoint Search, and the SharePoint Admin Agent to clean up before the first prompt is typed.

• Purview foundation buildout

  Sensitivity label taxonomy, auto-labeling rules, DLP policies, AI Hub (DSPM for AI), Compliance Manager PIPEDA/SOC 2 templates.

• Pilot program operation

  Champion identification, prompt library curation, weekly coaching, adoption telemetry instrumentation.

• License optimization and CSP procurement

  Resell Microsoft 365 Copilot through our CSP channel with quarterly right-sizing. Most BC SMBs save 10–15% vs. direct MCA retail.

• Copilot Studio agent development

  Low-code agent builds for specific workflows (ticket triage, proposal generation, finance close helpers), with MCP integration and Agent 365 governance.

• Security Copilot enablement for SOC

  Stand up Security Compute Units, connect Defender/Sentinel/Entra plugins, build analyst playbooks — especially important for E5 shops with 400 free SCUs they're not using.

• Ongoing governance & Quarterly Business Reviews

  Adoption telemetry, utilization reclaim, governance drift detection, agent registry hygiene, roadmap alignment with Microsoft's release waves.