Microsoft Copilot can access data across multiple Microsoft 365 tenants when user identities or guest accounts are misconfigured. This cross-tenant data flow creates security risks if Copilot pulls data from tenants the user does not own or manage. The core problem is that Copilot uses Microsoft Graph to retrieve data, and Graph permissions can span tenants when external sharing or guest access is enabled. This article explains the technical causes of cross-tenant data leakage, the specific risks for business users, and how to audit and restrict Copilot access to prevent unauthorized data exposure.
Key Takeaways: Microsoft Copilot Cross-Tenant Access Risks
- Microsoft Entra ID > External Identities > Cross-tenant access settings: Controls whether Copilot can access data from external tenants when a user signs in as a guest.
- Microsoft 365 admin center > Settings > Org settings > Security & privacy > Copilot for Microsoft 365: Lets you restrict data access to only the user’s home tenant and block cross-tenant Graph queries.
- Microsoft Purview > Data loss prevention > Copilot for Microsoft 365 policies: Enables you to block Copilot from processing data that originates from a different tenant than the user’s primary tenant.
Why Cross-Tenant Data Access Happens in Copilot
Copilot for Microsoft 365 uses Microsoft Graph to retrieve data from files, emails, calendars, and chats. When a user has guest accounts in other tenants or when cross-tenant collaboration is enabled, Copilot can query data from those external tenants if the user’s identity token includes the necessary scope. The root cause is the way Microsoft Entra ID handles guest user tokens. When a guest user accesses a resource in a tenant, Microsoft Entra ID issues a token that includes the tenant ID of that resource. Copilot then uses this token to call Graph APIs in that tenant. If the user has access to multiple tenants, Copilot can aggregate data from all of them, creating a data spillover risk.
Another cause is the default configuration of cross-tenant access settings in Microsoft Entra ID. By default, inbound and outbound trust settings allow users to access external tenants without explicit restrictions. If an administrator has not configured cross-tenant access policies, Copilot can freely query any tenant where the user has a guest account. This includes tenants that are not managed by the user’s organization, such as partner or customer tenants. The result is that a user could ask Copilot to summarize files from Tenant A and then ask it to compare those files with data from Tenant B, even if Tenant B is not owned by the same organization.
How Copilot Authenticates Across Tenants
Copilot authenticates using the Microsoft Entra ID token of the signed-in user. When the user accesses a resource in a different tenant, Copilot requests a token for that tenant’s Graph endpoint. This token is issued only if the user has a guest account in that tenant and if the tenant’s cross-tenant access policy allows it. The token does not include any indication that the user is from a different home tenant. Copilot treats the data from the external tenant as if it were from the user’s home tenant. This means that Copilot can combine data from multiple tenants in a single response, potentially exposing confidential information from one tenant to users of another tenant.
Steps to Audit and Restrict Cross-Tenant Copilot Access
To reduce the risk of cross-tenant data leakage, you must audit current guest access and configure Copilot-specific restrictions. The following steps assume you have Microsoft Entra ID P1 or P2 licenses and Copilot for Microsoft 365 licenses assigned to users.
- Review guest user accounts in Microsoft Entra ID
Sign in to the Microsoft Entra admin center. Go to Identity > Users > All users. Add the filter User type equals Guest. Review the list of guest accounts. Remove any guest accounts that are no longer needed. Each guest account is a potential entry point for cross-tenant Copilot queries. - Configure cross-tenant access settings for inbound and outbound access
In Microsoft Entra admin center, go to Identity > External Identities > Cross-tenant access settings. Select Default settings and set Inbound access to Block. Set Outbound access to Block. This prevents any guest user from accessing your tenant’s resources and prevents your users from accessing external tenants by default. Then create custom access policies for specific trusted tenants only. - Disable Copilot for Microsoft 365 in external tenants
In each external tenant where your users have guest accounts, sign in to the Microsoft 365 admin center. Go to Settings > Org settings > Security & privacy > Copilot for Microsoft 365. Clear the check box for Allow Copilot for Microsoft 365 to access data from this tenant for guest users. Click Save. This prevents Copilot from querying data in that tenant when a guest user signs in. - Create a data loss prevention policy for Copilot in Microsoft Purview
Sign in to the Microsoft Purview compliance portal. Go to Data loss prevention > Policies > Create policy. Select Copilot for Microsoft 365 as the location. Under Conditions, add a condition that the data source tenant ID does not equal the user’s home tenant ID. Set the action to Block. Name the policy Cross-tenant data block and click Create. This policy stops Copilot from processing any data that originates from a tenant different from the user’s home tenant. - Audit Copilot activity logs for cross-tenant queries
In Microsoft Purview, go to Audit > Search. Set the Activities filter to Copilot interaction. Add a filter for Tenant ID. Review logs where the tenant ID in the log does not match the user’s home tenant ID. If you find such logs, investigate the user’s guest access and revoke it if not needed. Run this audit weekly.
If Copilot Still Accesses Data from External Tenants After Restrictions
Copilot Returns Data from a Tenant I Did Not Authorize
If Copilot still returns data from an external tenant after you configured the restrictions above, check the user’s Microsoft 365 Groups and SharePoint sites. A user might have access to a shared team site or group that is hosted in another tenant. To fix this, go to Microsoft Entra admin center > Identity > Groups > All groups. Filter by Membership type to find groups that include guest members. Remove the user from any group that is associated with an external tenant. Then clear the user’s Copilot cache by signing out of all Microsoft 365 apps and signing back in.
Copilot Shows Data from a Former Employee’s Tenant
When a user leaves the organization, their guest accounts in external tenants might remain active. If a new user is assigned the same Microsoft 365 license, Copilot might reuse cached tokens or session data. To prevent this, always delete the user’s account from Microsoft Entra ID entirely, not just block sign-in. In Microsoft Entra admin center, go to Identity > Users > All users. Select the former user and click Delete user. Then remove any guest accounts the user had in external tenants by contacting the tenant administrators.
Copilot Queries a Tenant That Is Not Listed in Cross-Tenant Access Settings
This can happen if the user accessed the external tenant through a direct link or a shared file invitation that bypassed the cross-tenant access policy. To block this, enable Conditional Access policies that require device compliance or location-based restrictions for all external tenant access. In Microsoft Entra admin center, go to Protection > Conditional Access > Create new policy. Assign the policy to all users and set Cloud apps to All cloud apps. Under Conditions, set Locations to Any location. Under Grant, select Require device to be marked as compliant. This forces all external access to go through a managed device, reducing the chance of unmonitored cross-tenant queries.
Copilot Cross-Tenant Access Risks: Unrestricted vs Restricted Configuration
| Item | Unrestricted Configuration | Restricted Configuration |
|---|---|---|
| Guest user accounts | Any guest account remains active | Guest accounts reviewed and removed quarterly |
| Cross-tenant access settings | Default inbound and outbound access allowed | Default blocked, custom policies for trusted tenants only |
| Copilot data source restriction | No Purview DLP policy for Copilot | DLP policy blocks data from non-home tenant |
| Audit frequency | No regular audit of Copilot logs | Weekly audit of Copilot interaction logs for cross-tenant queries |
| Conditional Access for external access | No device compliance requirement | Require compliant device for all external tenant access |
Microsoft Copilot cross-tenant access risks arise from default settings that allow guest users to query data across multiple tenants. You can now audit guest accounts, configure cross-tenant access policies, and create data loss prevention rules in Microsoft Purview to block Copilot from processing external tenant data. Next, review your organization’s external sharing settings for SharePoint and OneDrive, because those also feed into Copilot’s data sources. A concrete advanced tip is to use the Microsoft Graph API to programmatically enumerate all guest accounts across your tenants and remove inactive ones weekly.