Organizations with a global footprint often operate Microsoft 365 tenants in one geographic region while users, data, or workloads reside in another. When you enable Copilot in a cross-geo tenant, the underlying AI processing and data flows may not stay within the boundaries you expect. This article explains how Copilot respects data residency, where data actually moves during processing, and what tenant-level controls you must configure to meet compliance requirements.
Key Takeaways: Copilot Data Residency in Cross-Geo Scenarios
- Microsoft 365 admin center > Settings > Org settings > Copilot > Data location: Controls whether Copilot uses the tenant’s default geo or a specific region for grounded data processing.
- Microsoft 365 admin center > Compliance > Data Lifecycle Management > Copilot for Microsoft 365: Lets you review and export a list of all data flows between regions for audit purposes.
- Microsoft 365 admin center > Settings > Org settings > Security & privacy > Customer Lockbox: Prevents Microsoft engineers from accessing your data during Copilot processing in cross-geo scenarios.
How Copilot Handles Data Across Geographic Regions
Copilot for Microsoft 365 uses the Microsoft Graph to ground its responses on your tenant data. When a user in a different geographic region sends a query, Copilot reads the data from the tenant’s primary location. The processing of that query, including the AI model inference, occurs in the same region as the tenant unless you have configured a specific data residency policy.
Microsoft stores Copilot data, such as user prompts, generated responses, and grounding data, in the tenant’s default geo. This geo is determined by the location you selected when you first created the tenant. If your tenant is in the United States, all Copilot processing and storage for that tenant stays within the United States. Users connecting from Europe, Asia, or any other region will experience latency but the data does not leave the tenant’s geo.
Cross-Geo Tenant Architecture
A cross-geo tenant is a Microsoft 365 tenant whose primary data location differs from the physical location of its users or workloads. For example, a company based in the United Kingdom might have its tenant in the UK South region, but its sales team operates from Singapore. When the Singapore team uses Copilot, the prompts travel to the UK South region for processing. The generated responses then travel back to Singapore. No data is stored in the Singapore region unless you explicitly enable multi-geo capabilities.
Microsoft does not replicate Copilot data to secondary regions by default. The only exception is when you use Microsoft 365 Multi-Geo, which allows you to assign a specific geo to a user or group. With Multi-Geo, Copilot processes data in the user’s assigned geo rather than the tenant’s default geo. This is a paid add-on and requires careful planning to avoid data fragmentation.
Steps to Verify and Configure Copilot Data Residency
Before you deploy Copilot in a cross-geo tenant, you must verify where your tenant currently stores data and then apply the correct data residency controls. Use the following steps to confirm and adjust your configuration.
- Check your tenant’s default geo location
Sign in to the Microsoft 365 admin center and go to Settings > Org settings > Organization profile. Under Data location, you will see the primary region for your tenant. This is where all Copilot processing occurs by default. - Enable Multi-Geo for Copilot if needed
If your organization requires data to stay in a user’s local region, purchase the Microsoft 365 Multi-Geo add-on. Then assign each user a preferred data location in the Microsoft 365 admin center under Users > Active users > select a user > Mail > Manage mailbox data location. After the assignment, Copilot reads and processes data in that user’s assigned geo. - Review Copilot data flows in Compliance Manager
Go to the Microsoft 365 compliance center and select Data Lifecycle Management > Copilot for Microsoft 365. Use the Data flow report to see which regions are involved in prompt processing, grounding, and response generation. Export the report for your compliance records. - Apply Customer Lockbox for cross-geo processing
In the admin center, go to Settings > Org settings > Security & privacy > Customer Lockbox. Turn on the setting to require explicit approval before any Microsoft engineer can access your data during Copilot processing. This is critical when data crosses regional boundaries. - Test with a pilot user group
Select a small group of users in a different geo and enable Copilot for them. Monitor the Copilot dashboard in the admin center for latency and data location reports. Confirm that the data location column shows the expected region for each user.
Common Misunderstandings About Copilot Data Residency
Copilot sends all data to the United States for AI training
This is false. Microsoft does not use your tenant data to train the underlying AI models. Copilot processes your data only to generate responses. The processing occurs in the tenant’s geo or the user’s assigned geo if Multi-Geo is enabled. No data is sent to the United States unless your tenant is located there.
Multi-Geo automatically resolves all cross-geo compliance issues
Multi-Geo changes where Copilot processes data, but it does not change where the Microsoft Graph stores your core tenant data. For example, if your tenant’s primary location is in Europe, your Exchange Online mailboxes and SharePoint sites remain in Europe even if a user is assigned a different geo. Copilot will read data from the primary location and process it in the user’s assigned geo. This can create a situation where data flows between regions during every query. You must assess whether this cross-region data movement violates your local data sovereignty laws.
Copilot data is stored separately from other Microsoft 365 workloads
Copilot does not store prompts or responses in a separate data store. The data is stored in the same Exchange Online mailboxes, SharePoint sites, and OneDrive for Business locations as your regular data. When you delete a user’s mailbox, you also delete their Copilot history. Data retention policies you apply to Exchange Online also apply to Copilot data.
| Item | Single-Geo Tenant | Multi-Geo Tenant |
|---|---|---|
| Data processing location | Tenant’s default geo | User’s assigned geo |
| Data storage location | Tenant’s default geo | User’s assigned geo for Copilot data; tenant’s default geo for core Microsoft Graph data |
| Latency for remote users | High for users far from the tenant’s geo | Low because processing happens close to the user |
| Compliance control | Customer Lockbox and data flow audit | Customer Lockbox, data flow audit, and Multi-Geo license management |
| Additional cost | None | Microsoft 365 Multi-Geo add-on subscription |
Now you can verify your tenant’s default geo, enable Multi-Geo for users in other regions, and apply Customer Lockbox to control data access. Next, review your organization’s data sovereignty requirements and run a pilot with a small group of remote users. Use the Copilot dashboard to confirm that data processing stays within your required boundaries. For a deeper compliance check, export the data flow report from Compliance Manager and share it with your legal team.