If your organization handles credit card data and uses Microsoft Copilot, you must understand how Copilot interacts with that data under PCI DSS rules. Copilot can access and process cardholder data through Microsoft 365 services, but it has specific limitations that prevent it from storing or transmitting that data in ways that violate compliance. This article explains what Copilot can and cannot do with cardholder data, where the boundaries are, and how to configure your environment to stay compliant.
Key Takeaways: Copilot PCI DSS Cardholder Data Limits
- Copilot does not store cardholder data: Copilot processes queries in memory only and does not persist raw data from Microsoft Graph or external sources.
- Data sources must be scoped: Use Microsoft 365 admin center > Copilot > Data sources to control which SharePoint sites and Exchange mailboxes Copilot can access.
- No credit card number generation: Copilot cannot generate or output full Primary Account Numbers even if trained on PCI-scoped data.
How Copilot Handles Cardholder Data Under PCI DSS
PCI DSS requires strict controls over cardholder data, including encryption, access logging, and data retention limits. Copilot operates as a generative AI service that retrieves information from Microsoft Graph, which includes SharePoint, OneDrive, Exchange, and Teams. When a user asks Copilot a question about cardholder data, Copilot searches the indexed content, retrieves relevant snippets, and generates a response. It does not store the retrieved data in a separate database. The response is generated in real time and discarded after the session ends.
Copilot uses the same data residency and encryption policies as the underlying Microsoft 365 services. If your tenant is configured to store data in a specific geographic region, Copilot respects that boundary. Copilot also inherits the access controls you have already set. If a user does not have permission to view a SharePoint site containing cardholder data, Copilot cannot retrieve it.
What Copilot Cannot Do With Cardholder Data
Copilot cannot output a full Primary Account Number. Even if a document contains a complete credit card number, Copilot will not reproduce it in a response. Microsoft applies content filters that block the display of sensitive patterns such as credit card numbers, social security numbers, and bank account numbers. This filter is applied at the output generation stage and is not configurable by administrators.
Copilot also cannot retain cardholder data across sessions. Each query is independent. The model does not learn from previous queries or store user-specific data in a training corpus. This behavior is by design and is documented in the Microsoft Data Privacy and Security whitepaper for Copilot.
Steps to Configure Copilot for PCI DSS Compliance
To ensure Copilot does not expose cardholder data inappropriately, follow these configuration steps. Each step assumes you have administrative access to the Microsoft 365 admin center and the Copilot settings.
- Restrict data sources for Copilot
Go to Microsoft 365 admin center > Copilot > Data sources. Remove any SharePoint sites or Exchange mailboxes that contain cardholder data from the included sources. Add them to the excluded list. This prevents Copilot from indexing those locations entirely. - Apply sensitivity labels to cardholder data
In Microsoft Purview compliance portal, create a sensitivity label named “Cardholder Data” with the encryption and access control settings required by PCI DSS. Apply this label to all documents and emails that contain PAN. Copilot respects sensitivity labels and will not include labeled content in responses unless the user has explicit rights to view it. - Enable audit logging for Copilot queries
In Microsoft 365 admin center > Compliance > Audit, enable audit logging for Copilot interactions. This records which users asked what queries and which data sources were accessed. Retain logs for at least 12 months as required by PCI DSS requirement 10. - Test Copilot responses with sample data
Create a test SharePoint site with dummy credit card numbers that follow the Luhn algorithm. Ask Copilot questions about that data. Verify that Copilot does not output the full PAN. If it does, check your content filters and contact Microsoft support. - Review Copilot plugin permissions
In Copilot pane > Settings > Plugins, review each plugin that connects to external data sources. Disable any plugin that does not have a signed data processing agreement compliant with PCI DSS. Common plugins to review include Salesforce, ServiceNow, and Jira.
If Copilot Still Shows Cardholder Data After Configuration
Even after following the steps above, some administrators report that Copilot can still reference cardholder data in responses. This typically occurs because the data exists in an unlabeled location or because a user has broad access permissions.
Copilot Returns a Response Containing a Partial PAN
Copilot may return the first six and last four digits of a credit card number. This is allowed under PCI DSS because those digits are not considered cardholder data. However, if your policy requires masking all digits, apply a data loss prevention rule in Microsoft Purview that blocks the display of any PAN pattern. Go to Microsoft Purview > Data Loss Prevention > Create policy > Templates > Financial > Credit Card Numbers. Set the action to block and notify.
Copilot Accesses a SharePoint Site That Was Excluded
If Copilot still retrieves data from a site you excluded, check that the exclusion was saved and that there are no site collections or subsites with the same name. In the admin center, verify that the excluded site does not appear in the included sources list. If the issue persists, remove the site from the SharePoint search index entirely using the SharePoint admin center > Search > Remove from index.
Copilot Generates a Fictional Credit Card Number
Copilot may generate a fictional credit card number as part of a sample or example. This is not a violation of PCI DSS because the number is synthetic. However, to prevent confusion, add a prompt instruction in Copilot Studio that says “Do not generate any credit card numbers, even as examples.” This instruction is applied to all Copilot interactions in your tenant.
Copilot Free vs Copilot for Microsoft 365: PCI DSS Differences
| Item | Copilot Free | Copilot for Microsoft 365 |
|---|---|---|
| Data source access | Public web only | Microsoft Graph data including SharePoint, OneDrive, Exchange, Teams |
| Cardholder data exposure risk | Low — no access to internal documents | Medium — can access internal documents if permissions allow |
| Content filter for PAN | Yes — blocks full PAN output | Yes — blocks full PAN output |
| Admin control over data sources | None | Full control via admin center and sensitivity labels |
| Audit logging | Not available | Available via Microsoft 365 audit log |
Copilot for Microsoft 365 carries more responsibility because it can access internal cardholder data. Copilot Free only queries the public web, so it cannot expose your internal cardholder data. For PCI DSS compliance, use Copilot for Microsoft 365 only after you have scoped data sources and applied sensitivity labels.
You can now configure Copilot to handle cardholder data within PCI DSS limits by restricting data sources, applying sensitivity labels, and enabling audit logging. Test your configuration with sample data to confirm Copilot does not output full PANs. For advanced protection, deploy a custom DLP rule in Microsoft Purview that blocks any response containing a credit card number pattern.