AzureFeeds

With Microsoft 365 Copilot Chat now available to students aged 13 and older, we’re ushering in a new era of AI-assisted learning while maintaining a strong focus on privacy, security, and keeping administrators in control. This blog post is your admin-ready guide to ensure your organization is set up to deliver safe, compliant, and productive experiences with Copilot Chat.

Learn more and hear from K-12 institutions who participated in our private preview: Empowering teen students to achieve more with Copilot Chat and Microsoft 365 Copilot

Copilot Chat is an AI-powered assistant, offered with Microsoft 365, that helps users find answers, generate insights, and complete tasks—drawing from web-based content and, publicly available information, and limited user file uploads. Unlike Microsoft 365 Copilot, it does not have access to organizational data like emails, documents, or meetings through the Microsoft Graph. This version is ideal for institutions who are looking for a free AI chat solution while maintaining a strict boundary from internal or sensitive data sources. Review an overview of AI solutions from Microsoft Education: aka.ms/EducationAIPortfolio

🏷️ Tenant Identifier: Set the Education Segment for Proper Feature Access

We recommend all Education customers take additional steps to manage appropriate deployment:

• Validate your school type as Higher education, Primary/Secondary/K-12, or Other (research institution, academic library, etc.) to help us tailor the search and chat experience for your users.


• To do this, you will need a PowerShell script: ConfigureTenantEduType.ps1 that you can download here.


• To run the script, open PowerShell in administrator mode. Also make sure you have the username and password available of a global administrator on your tenant. On your first run, the necessary packages will be installed, hence the administrator mode.


• Usage:
  
  
  
  • .ConfigureTenantEduType.ps1 – When no parameter is used the actual setting of the tenant will be retrieved.
  
  
  • .ConfigureTenantEduType.ps1 1 – This sets the tenant identifier to K-12
  
  
  • .ConfigureTenantEduType.ps1 2 – This sets the tenant identifier to HED.
  
  
  • .ConfigureTenantEduType.ps1 3 – This sets the tenant identifier to other.
  
  
  
  

📘 Please read our Managing Copilot Chat access for Faculty and Higher Education 18+ student | Microsoft Community Hub for full details.

✅ Why AgeGroup Matters—and How to Set It

To enable Microsoft 365 Copilot Chat for students, the ageGroup attribute in Entra ID (formerly Azure AD) must be set correctly. This field ensures compliance with child privacy regulations like COPPA and FERPA by verifying whether a user is under 18.

Here’s how to check and set it:

• Use Microsoft Graph API or Microsoft Entra Admin Center to view and update the ageGroup attribute.


• Acceptable values: Minor, NotAdult, Adult


• For students aged 13 and up, use NotAdult. Any student set to NotAdult will have access to Microsoft 365 Copilot Chat.


• Use bulk update tools or provisioning solutions to automate setting this for all student accounts.

📘 Please read our AgeGroup blog post for full details.

🛠️ Managing Agents in Microsoft 365 Admin Center

Copilot now supports agent-based AI experiences that can be scoped, customized, and secured. With the Microsoft 365 admin center, you can:

• Enable/disable Copilot features for specific user groups


• Manage access to custom Copilot agents


• Use the Copilot Control System to monitor usage and enforce security policies from day one

To learn more, check out the Manage agents for Microsoft 365 Copilot in Integrated Apps – Microsoft 365 admin | Microsoft Learn and leverage the Agent Success Kit – Microsoft Adoption

🔐 Security and Data Protection You Can Trust

• Copilot Chat brings the same enterprise-grade security and compliance protections you’ve come to expect from Microsoft 365. As a part of this enterprise data protection your data stays private (we won’t use your data except as you instruct) and your data isn’t used to train foundation models.  Learn more about enterprise data protection. Highlights include:

• Built-in data residency and encryption


• Access controls and permission-based data retrieval


• Protection from prompt injection and harmful content


• Advanced reporting on readiness, usage, and security posture

One important consideration: Copilot does not change or override your existing permissions model. It respects the access a user already has in Microsoft 365—whether that’s to files, emails, chats, or other content. However, this also means that if a document is overshared or accessible more broadly than intended, Copilot may surface its content to anyone with permission to see it.

Access to the content is not caused by Copilot—it’s visibility and access that already exists in your tenant. Copilot simply makes that visibility more transparent. Admins should review and remediate over-permissioned content using tools like Microsoft Purview, SharePoint access reviews, or sensitivity labels to avoid unintended exposure of sensitive data.

Administrators can go further by using features like SharePoint Advanced Management, sensitivity labels, and Restricted SharePoint Search.

Make sure to all read our Safeguarding data with Microsoft 365 Copilot security and compliance blog post by Bill Sluss. 

🔍 Next Steps

• 🏷️ Set your tenant’s education segment (K-12/HED/Other)


• ✅ Audit and update AgeGroup attributes.


• 🛠️ Configure Microsoft 365 Admin Center to have the right settings for Agents creation and consumption.


• 🔐 Review your security and data protection settings for Copilot.


• ⚙️ Explore the Microsoft 365 Copilot technical readiness guide. Microsoft 365 Copilot Chat – Microsoft Adoption

With these steps, you’re not just enabling Copilot—you’re empowering safer, smarter learning with AI.