# MS Copilot Studio ## Kurzbeschreibung **Microsoft Copilot Studio **is a graphical low-code platform for creating, customizing, publishing, and managing AI agents and agent flows. The agents can access business data, use knowledge from SharePoint, websites, Dataverse, or enterprise connectors, perform tasks via flows/prompts/APIs, and be published in Microsoft 365, Teams, websites, apps, or additional channels ## Claim Create, customize, and launch AI agents effortlessly ## Geeignet für - API Integration - Automation / Workflows - Finance / Accounting - Customer Service & Chatbots - Law / Compliance - Websites / Landing Pages - Knowledge Management / Internal Search ## Kernfunktionen - Automation - Chatbot - AI agents - Customer Support - Knowledge Base ## Preismodell - **free:** Individuals can use a free trial version to create agents and test them in the test chat; however, according to Microsoft, agents cannot be published with the trial license. - **subscription:** As a standalone Copilot Studio subscription for agents on supported channels, premium connectors, and production use; Copilot Studio is also included in certain Microsoft 365/Teams contexts or with Microsoft 365 Copilot to extend Microsoft 365 Copilot with agents. - **other:** **Pay-as-you-go **via Azure billing; Pre-Purchase Plan with pre-purchased Copilot Credit Commit Units; Copilot Credit Capacity Packs as tenant-wide capacity. Copilot Credits measure usage depending on the agent response, action, and complexity. ## DSGVO und Datenschutz **Gesamteinschätzung:** Conditional **On-premises / local hosting: indirect / not available** No on-premises, local, or self-hostable deployment of Microsoft Copilot Studio was found on the website. **Private Cloud / Data Center: Partially** There are indications of controlled geographic data residency and an EU Data Boundary within the Microsoft cloud, but the website does not provide a clear statement regarding a dedicated private customer cloud specifically for Copilot Studio. **EU SaaS / Managed: Covered** The website describes Copilot Studio as a Microsoft online service with geographic data residency and an EU Data Boundary for EU/EFTA customers, provided the environments are appropriately configured within the EU Data Boundary. **Hybrid: Partially** The website describes connectors, data flows, and the use of internal corporate data sources, as well as governance controls. However, a clearly defined hybrid hosting model with on-premises processing for the core solution is not explicitly stated. **AVV / DPA: Covered** A Data Processing Agreement is documented via the Microsoft Products and Services Data Protection Addendum; the website explicitly states that the data processing and security terms are governed by that addendum. **No Training: Partially** Regarding the prompt features in Copilot Studio, the website explicitly states that customer data, prompts, and responses are not used to train or improve the Azure OpenAI Service Foundation models. For all conceivable Copilot Studio scenarios and external models, this is not explained consistently and comprehensively for all operating modes on the pages found. **Open Source / Transparency Path: Partial** The website provides a limited transparency path regarding documented models, connectors, data residency, and the ability to integrate custom or external models. However, open-source components or an open, self-hostable stack are not specified on the website. **Data Processing** According to the Microsoft pages found, Copilot Studio is a cloud-based Microsoft online service within the Power Platform. The website describes geographic data residency, Azure data centers, and the EU Data Boundary for EU/EFTA customers with appropriate configuration. For prompt functions, models run on the Azure OpenAI Service. Microsoft also refers to connectors to internal and external data sources. Subprocessors are generally documented on the website; furthermore, regarding AI subprocessors, it is explained that supported third-party models can be integrated under Microsoft’s supervision as subprocessors or, alternatively, as independent processors. However, a complete product-specific list of subprocessors for Copilot Studio was not directly found on the pages reviewed. **Conclusion** For users in the EU/EEA, Microsoft Copilot Studio can generally be used in a manner compliant with the GDPR and contractually secured, based on the information found on the website, particularly via the EU Data Boundary plus a DPA/AVV and appropriate tenant/environment configuration. However, use is not automatically uncritical in every standard configuration, as Microsoft itself specifies conditions and limited exceptions for transfers outside the EU Data Boundary. Therefore, the overall assessment for the European region is “conditional.” **Sources** - [https://learn.microsoft.com/en-ca/microsoft-copilot-studio/geo-data-residency](https://learn.microsoft.com/en-ca/microsoft-copilot-studio/geo-data-residency) - [https://learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn](https://learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn) - [https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1) - [https://learn.microsoft.com/en-us/microsoft-copilot-studio/faq-prompts](https://learn.microsoft.com/en-us/microsoft-copilot-studio/faq-prompts) - [https://learn.microsoft.com/en-us/microsoft-copilot-studio/admin-certification](https://learn.microsoft.com/en-us/microsoft-copilot-studio/admin-certification) - [https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-and-governance](https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-and-governance) - [https://learn.microsoft.com/en-us/microsoft-365/copilot/ai-models-overview](https://learn.microsoft.com/en-us/microsoft-365/copilot/ai-models-overview) - [https://learn.microsoft.com/en-us/privacy/eudb/change-log](https://learn.microsoft.com/en-us/privacy/eudb/change-log) Microsoft’s website lists several key GDPR-relevant components for Microsoft Copilot Studio in the EU/EEA region: EU Data Boundary, geographic data residency in EU/EFTA data centers, a DPA/AVV via the Microsoft Products and Services Data Protection Addendum, and compliance and governance features. At the same time, Microsoft itself states that the EU Data Boundary applies only under certain configuration requirements and that there are limited exceptions for transfers outside the EU Data Boundary. According to the website, this means that GDPR-compliant use is possible for EU/EEA customers, but not across the board without conditions. **Positive** The website documents the EU Data Boundary, selectable geographic data residency, DPA/AVV, references to GDPR support, and certifications such as ISO 27001 and SOC. For Copilot Studio, it is explicitly stated that EU/EFTA tenants with environments within the EU Data Boundary fall within the scope of coverage. Regarding prompt functions, it is also stated that customer data, prompts, and model responses are not used to train or improve the Azure OpenAI Service Foundation models. **Negative** The website makes EU/EEA-compliant data processing contingent on certain conditions, specifically the billing address and the creation of all environments within the EU Data Boundary. Furthermore, Microsoft itself refers to limited cases in which data may be transferred outside the EU Data Boundary. The website does not mention true on-premises or self-hosted operation of Copilot Studio. **Server Location** According to the website, for EU Data Boundary Services, customer data and pseudonymized personal data are stored and processed in data centers located in EU or EFTA countries. Data centers mentioned include those in Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, the Netherlands, Norway, Poland, Spain, Sweden, and Switzerland. According to the website, this applies to Copilot Studio if a tenant with a billing address in the EU or EFTA is provisioned and all environments are created within the EU Data Boundary. ## Hosting und Daten - **On-Prem / lokales Hosting:** unknown - **Private Cloud / Rechenzentrum:** teilweise / indirekt - **EU SaaS / Managed:** abgedeckt - **Hybrid:** teilweise / indirekt - **AVV / DPA:** abgedeckt - **Kein Training auf Kundendaten:** teilweise / indirekt - **Open-Source / Transparenz-Pfad:** teilweise / indirekt ## Standort **Land:** USA **Taxonomie:** USA Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. ## Vorteile - Very strong Microsoft integration for Microsoft 365, Teams, SharePoint, Dataverse, and Power Platform. • Low-code entry point, while also offering deep extensibility via premium connectors, APIs, flows, and MCP servers. • Well suited for internal and external agents, including deployment to websites, apps, and messaging platforms. • Extensive governance features such as DLP, environment routing, regional customization, analytics, and admin controls. • Knowledge-grounded responses with permission checks for specific sources. ## Nachteile - The pricing model is usage-based and therefore harder to plan than traditional seat licenses. • An Azure subscription is required for standalone Copilot Studio agents. • The trial version allows creation and testing, but not publishing. • The Teams plan is functionally limited; key features such as generative orchestration, premium connectors, flows, live handover, and full channel deployment require the standalone license. • External deployment without authentication is possible, but increases the risk of incorrect sharing. ## Quellen - Offizielle Website: https://www.microsoft.com/de-de/microsoft-365-copilot/pricing/copilot-studio?market=de ## Letzter Datenstand 2026-04-16 ## Originalseite https://kifox.ai/en/ki-tools/ms-copilot-studio-en/