Microsoft released Wave 2 updates for Copilot in late 2024 and early 2025. These changes affect how administrators configure, secure, and monitor Copilot across Microsoft 365 tenants. If you manage Copilot for your organization, you need to understand the new admin controls for data access, plugin management, and user experience settings. This article explains the key Wave 2 features that impact your admin workflow, including changes to data grounding, Copilot Chat, and the Copilot admin center.
Key Takeaways: Copilot Wave 2 Admin Changes
- Copilot admin center > Data sources > Grounding data: New toggle to restrict Copilot from reading SharePoint sites or OneDrive folders not shared with the user.
- Microsoft 365 admin center > Copilot > Plugins: Admins can now block third-party plugins globally or allow only approved plugins per user group.
- Copilot Chat settings > Web grounding: New option to disable Bing search integration, forcing Copilot to use only tenant data.
What Wave 2 Means for Copilot Administration
Wave 2 introduces several architectural and policy changes that shift how Copilot interacts with Microsoft Graph, external data sources, and third-party services. The most significant change is the separation of Copilot Chat from the Microsoft 365 Copilot license. In Wave 1, Copilot Chat was bundled with Microsoft 365 Copilot. In Wave 2, Copilot Chat is a standalone service that can be enabled or disabled independently of the main Copilot add-on. This gives admins more granular control over which users can access chat features without granting full Copilot capabilities.
Another major shift is the introduction of data grounding policies. Wave 2 allows admins to define exactly which data sources Copilot can use to generate responses. Previously, Copilot could read any SharePoint site or OneDrive folder the user had access to. Now, admins can restrict grounding to specific SharePoint sites, exclude OneDrive folders, or disable web grounding entirely. This change directly addresses data leakage concerns in regulated industries.
Wave 2 also updates the Copilot admin center with new tabs for monitoring usage, reviewing blocked prompts, and managing plugin approvals. The admin center now shows per-user analytics for Copilot usage, including the number of prompts, average response length, and top data sources accessed. These metrics help admins identify power users and potential misuse.
New Licensing Model for Copilot Chat
Before Wave 2, Copilot Chat required a Microsoft 365 Copilot license at $30 per user per month. Wave 2 introduces a separate Copilot Chat license at $5 per user per month. This license grants access to chat features only, without the ability to generate content in Word, Excel, or PowerPoint. Admins can assign this license to users who need quick answers from tenant data but do not need full Copilot integration in Office apps.
Changes to Plugin Management
Wave 2 expands the plugin ecosystem for Copilot. Third-party developers can now submit plugins for approval through the Microsoft Partner Center. As an admin, you can review and approve or block these plugins from the Copilot admin center. This replaces the earlier model where all plugins were enabled by default. You can also create plugin policies that apply to specific security groups, allowing different plugin sets for different departments.
Steps to Configure Wave 2 Admin Settings
The following steps guide you through the key configuration changes introduced in Wave 2. Perform these steps from the Microsoft 365 admin center or the Copilot admin center.
Restrict Data Grounding to Specific SharePoint Sites
- Open the Copilot admin center
Sign in to the Microsoft 365 admin center at admin.microsoft.com. In the left navigation, select Copilot under the Settings section. If you do not see this option, confirm your admin role includes the Copilot administrator role. - Go to Data sources
In the Copilot admin center, select the Data sources tab. This tab lists all Microsoft Graph data sources that Copilot can read, including SharePoint, OneDrive, Exchange, and Teams. - Select SharePoint or OneDrive
Click SharePoint to expand the options. You will see two toggles: Allow Copilot to read all SharePoint sites and Allow Copilot to read only specific sites. Select the second option. - Add allowed sites
Click Add sites and enter the URLs of the SharePoint sites you want to allow. You can add up to 100 sites. Click Save to apply the change. Copilot will now only ground responses using data from these sites.
Disable Web Grounding for Copilot Chat
- Navigate to Copilot Chat settings
In the Copilot admin center, select the Copilot Chat tab under Settings. This tab controls the standalone Copilot Chat service. - Locate the Web grounding toggle
Scroll to the Data sources section. You will see a toggle labeled Allow Copilot Chat to use Bing for web search. By default, this is set to On. - Turn off web grounding
Set the toggle to Off. This prevents Copilot Chat from pulling information from the public web. Responses will be generated only from your tenant data, such as SharePoint, OneDrive, and Exchange. - Save and notify users
Click Save. Inform your users that Copilot Chat will no longer return current news or public website content. This setting applies globally to all users with a Copilot Chat license.
Approve or Block Third-Party Plugins
- Open the Plugins tab
In the Copilot admin center, select the Plugins tab. This tab lists all available plugins, both Microsoft-provided and third-party. - Review pending plugins
Look for plugins with the status Pending approval. These are third-party plugins submitted by developers that require your approval before users can enable them. - Approve or block a plugin
Click the plugin name to view its details, including the developer name, permissions required, and data access scope. Click Approve to allow all users to add this plugin, or Block to prevent any user from using it. - Create a plugin policy for specific groups
To restrict a plugin to certain users, click Create policy under the Plugin policies section. Select the plugin, choose the security group, and set the policy to Allowed or Blocked. Click Save.
Common Issues After Wave 2 Updates
Copilot Returns Generic Output Instead of Tenant-Specific Data
After Wave 2, some admins report that Copilot returns general web results instead of company data. This typically happens when web grounding is enabled and the data grounding policy is too restrictive. Check the Data sources tab to ensure at least one SharePoint site or OneDrive folder is allowed. If web grounding is on, Copilot may prioritize web results over tenant data. Turn off web grounding to force tenant-only responses.
Users Report Copilot Chat Is Missing From Teams
Wave 2 separates Copilot Chat from the Microsoft 365 Copilot license. If a user had a Microsoft 365 Copilot license before Wave 2, they automatically received Copilot Chat. After Wave 2, admins must assign the Copilot Chat license separately. Go to Microsoft 365 admin center > Billing > Licenses and assign the Copilot Chat license to each user. The user must also have the Copilot Chat app enabled in the Teams admin center.
Blocked Prompts Appear in the Audit Log Without Context
Wave 2 adds a new audit event for blocked prompts. However, the audit log entry shows only the prompt text and the blocking policy name. It does not show which data source triggered the block. To get more context, enable the Copilot prompt details audit log in the Microsoft 365 admin center under Audit > Audit log search. This adds the grounding data source and the user’s role to the log entry.
| Item | Wave 1 Behavior | Wave 2 Behavior |
|---|---|---|
| Copilot Chat licensing | Bundled with Microsoft 365 Copilot at $30/user/month | Standalone license at $5/user/month |
| Data grounding control | Copilot could read all SharePoint sites the user could access | Admins can restrict to specific sites or disable web grounding |
| Plugin management | All plugins enabled by default | Admins must approve third-party plugins; policies per security group |
| Admin center analytics | Basic usage count only | Per-user prompt count, average response length, top data sources |
| Audit log for blocked prompts | Not available | Audit log entry with prompt text and policy name |
Wave 2 gives you more precise control over data access, licensing, and plugins. Start by reviewing your current data grounding policy and decide whether to restrict SharePoint sites or disable web grounding. Next, evaluate which users need the full Microsoft 365 Copilot license versus the cheaper Copilot Chat license. Finally, review the plugin list in the Copilot admin center and block any plugins that do not meet your security requirements. These steps will align your tenant with the Wave 2 admin changes.