Microsoft Copilot's trust wobble

Microsoft spent the last year selling Copilot as a work tool for Word, Excel, Outlook, and Windows, then got caught with terms that said the service was for “entertainment purposes only” and should not be trusted for “important advice.” After screenshots spread, Microsoft said the line was old Bing-era wording and would be changed. (techcrunch.com) (pcmag.com) That clash landed badly because Microsoft has been pushing Copilot into paid business software, not just a consumer chatbot tab. Microsoft 365 Copilot is the version sold inside Microsoft 365, where it drafts emails, summarizes meetings, and answers questions over company files through Microsoft Graph, which is Microsoft’s system for pulling data from mail, documents, calendars, and chats. (learn.microsoft.com) Microsoft’s defense was narrow and specific: the company told reporters the “entertainment purposes” sentence came from Copilot’s original launch as a Bing search companion. Microsoft did not say the wording was accurate for current use; it said the wording was “legacy language” and promised an update in the next revision. (pcmag.com) (office-watch.com) At almost the same moment, Microsoft announced new controls meant to reassure the exact customers who worry about this kind of mismatch. On April 7, 2026, Microsoft said Microsoft 365 Copilot would get added security, management, and analytics features, including more built-in governance controls for information technology and security teams. (techcommunity.microsoft.com) One of those controls sits inside Microsoft Purview, which is Microsoft’s compliance dashboard for tracking where sensitive data lives and how it moves. Microsoft says Data Security Posture Management for Artificial Intelligence can show how employees use generative artificial intelligence tools and can apply preconfigured policies to reduce data leaks. (learn.microsoft.com) (techcommunity.microsoft.com) But the same week also brought a second disclosure that cut the other way for European customers. Microsoft’s new “flex routing” setting says that, during peak demand, large language model inferencing for Microsoft 365 Copilot can happen outside the European Union Data Boundary, which is Microsoft’s promise to keep certain customer data processing inside the European Union and European Free Trade Association region. (learn.microsoft.com 1) (learn.microsoft.com 2) Inferencing is the moment the model actually processes a prompt and generates an answer. Microsoft says flex routing is meant to keep Copilot responsive when regional capacity is tight, and says data remains encrypted in transit and at rest even when that processing happens outside the European Union boundary. (learn.microsoft.com) The timing matters because Microsoft’s privacy page still says Microsoft 365 Copilot complies with the European Union Data Boundary for commercial customers. The new flex routing page adds an exception in practice: if a customer leaves the feature on, some prompt processing can move outside that boundary during traffic spikes. (learn.microsoft.com 1) (learn.microsoft.com 2) Microsoft says flex routing starts on April 17, 2026 for eligible European Union and European Free Trade Association tenants, and says the feature can be managed in the Microsoft 365 admin center. Reporting on Microsoft’s admin notices says the setting is enabled by default, which means customers may need to opt out rather than opt in. (learn.microsoft.com) (cybernews.com) (m365admin.handsontek.net) Put together, the two stories point at the same problem. Microsoft is adding more governance dashboards and more policy controls around Copilot at the exact moment it is also cleaning up old disclaimers and carving out new exceptions to regional processing promises. (techcommunity.microsoft.com) (pcmag.com) (learn.microsoft.com) For customers, the practical question is no longer whether Copilot can write a memo or summarize a meeting. The question is whether Microsoft’s legal text, product settings, and marketing claims all describe the same system on the same day. (techcrunch.com) (learn.microsoft.com)