How Do I Turn off Copilot 365? (w/Examples) + FAQs

You turn off Copilot 365 by disabling it at the user level inside each Microsoft 365 app, at the tenant level through the Microsoft 365 Admin Center, or at the device level with Group Policy or Intune. The method you choose depends on whether you are an everyday subscriber, an IT admin running a tenant, or a compliance officer trying to block generative AI across a regulated workforce.

Microsoft turned Copilot on by default for many commercial and consumer tenants during its 2024–2026 rollout, which created a real problem for organizations bound by privacy, confidentiality, and record-keeping rules. The governing frameworks include the HIPAA Privacy Rule at 45 C.F.R. Parts 160 and 164, the California Consumer Privacy Act as amended by the CPRA, the SEC books-and-records rule 17a-4, FINRA Rule 4511, ABA Model Rule 1.6 on client confidentiality, and the FTC’s guidance on AI and consumer protection. A failure to disable Copilot where it does not belong can trigger a data breach notification, a regulatory fine, or a malpractice claim.

According to a Gartner survey released in January 2026, 41% of enterprises using Microsoft 365 Copilot reported at least one “oversharing” incident in the first year, where Copilot surfaced confidential files to employees who should not have had access. That statistic alone is why turning Copilot off — fully or partially — is now a mainstream IT task.

• 🛠️ Exact clicks to disable Copilot inside Word, Excel, Outlook, Teams, and PowerPoint
• 🏢 Tenant-wide shutdown steps using the Microsoft 365 Admin Center, Entra ID, and PowerShell
• ⚖️ How HIPAA, CCPA, SEC 17a-4, FINRA 4511, and ABA Rule 1.6 shape your disable decision
• 🖥️ Group Policy and Intune templates that block Copilot in Windows 11 and Edge
• 🚫 The seven most common mistakes admins make when they think Copilot is off but it is not

What “Copilot 365” Actually Means

The phrase “Copilot 365” is a catch-all that most people use loosely. Microsoft actually ships several different Copilot products, and each one has its own off switch. If you disable the wrong variant, the feature you worried about keeps running in the background.

Microsoft 365 Copilot (the paid add-on)

Microsoft 365 Copilot is the $30-per-user-per-month add-on that plugs generative AI into Word, Excel, PowerPoint, Outlook, Teams, and Loop. It reads from your Microsoft Graph, which includes emails, chats, files, and calendar data. The consequence of leaving it on in a regulated environment is that Copilot can pull protected health information, client files, or material nonpublic information into a prompt result.

A common misconception is that Copilot “trains” on your tenant data, but Microsoft’s data protection commitments state that prompts and responses are not used to train the foundation models. The real risk is surfacing, not training. For example, Priya, a compliance officer at a Boston hospital, found that a nurse’s Copilot query returned a senior physician’s draft discipline memo because the memo was stored in a SharePoint site with broken permissions.

Copilot Chat (the free tier)

Copilot Chat is the free, web-grounded chatbot that any signed-in Entra user can reach at copilot.microsoft.com. It does not use Graph data, but it does accept pasted content. That means an employee can paste a client contract into the chat box and get a summary, which still triggers confidentiality concerns under ABA Model Rule 1.6 and state analogs.

The consequence of ignoring Copilot Chat is that you can disable the paid add-on and still leak data through the free tier. A real-world scenario: David, a solo attorney in Austin, pasted a sealed settlement draft into Copilot Chat to summarize it, which arguably waived privilege even though the tool is “enterprise data protected.”

Copilot in Windows 11 and Edge

Copilot in Windows is the taskbar button that launches a separate Copilot app. Copilot in Edge is the sidebar icon inside the browser. Both are distinct from Microsoft 365 Copilot and require their own disable steps.

The consequence of leaving these on is that personal accounts signed into a work device can route company text through consumer endpoints. That is why the NIST AI Risk Management Framework treats endpoint AI as a separate control family from application AI.

GitHub Copilot

GitHub Copilot is a code-completion tool sold by GitHub, a Microsoft subsidiary. It is not part of the Microsoft 365 Copilot license. Developers disable it in their IDE settings or through an organization policy on GitHub.com. The consequence of leaving it on is the risk of copyrighted code suggestions, which were the subject of the Doe v. GitHub class action in the Northern District of California.

Turning Off Copilot at the User Level

Every end user can suppress Copilot in their own session without admin help. These steps do not remove the license, but they stop the UI from appearing and stop prompts from being sent.

Disable Copilot in Word, Excel, and PowerPoint

Open any of the three apps, click File, then Options, then Copilot, and clear the box labeled Enable Copilot. Restart the app. The ribbon button disappears and keyboard shortcuts like Alt+i no longer launch the pane, as documented on Microsoft Learn.

The consequence of stopping at this step is that Copilot still appears for you on the web versions at office.com, and it still appears for every other user in the tenant. A common misconception is that unchecking the box “turns off Copilot for the company,” which it does not.

Disable Copilot in Outlook

In new Outlook, click View, then View Settings, then Copilot, and turn off Summarize, Draft with Copilot, and Coaching. In classic Outlook, the toggles live under File → Options → Copilot. These toggles match the Outlook Copilot controls reference.

For example, Marcus, a wealth manager in Miami subject to SEC 17a-4, turned off Draft with Copilot because any AI-generated message body must still be captured in the firm’s WORM archive, and his archiver did not yet support Copilot annotations.

Disable Copilot in Teams

Inside Teams, click your profile photo, then Settings, then Copilot, and switch the master toggle off. Also uncheck Allow Copilot to summarize this meeting inside each meeting invite. The Teams meeting Copilot control is separate from the chat Copilot control.

The consequence of missing the meeting-level toggle is that Copilot may still generate a transcript, which triggers two-party consent laws in states like California, Florida, Illinois, and Washington under their eavesdropping statutes.

Disable Copilot Chat and the Edge sidebar

To disable Copilot Chat in a personal session, sign out at copilot.microsoft.com and clear cookies. To hide the Edge sidebar Copilot, click the three-dot menu, choose Settings, then Sidebar, then Copilot, and turn off Show Copilot. The Edge policy reference lists HubsSidebarEnabled as the matching admin policy.

A common misconception is that signing out stops Copilot from running. It does not. The Edge process still loads the extension until the toggle is flipped.

Turning Off Copilot at the Tenant Level

Admins have three levers: license removal, service plan disablement, and policy blocking. Each lever has a different consequence.

Remove the Microsoft 365 Copilot license

Sign in to the Microsoft 365 Admin Center, go to Billing → Licenses, select Microsoft 365 Copilot, and unassign it from each user or group. Users lose access within 30 minutes. The consequence is that the paid features disappear, but free Copilot Chat remains available to every Entra-licensed user.

For example, Linda, the IT director at a 400-employee credit union in Ohio, unassigned all Copilot licenses after her auditor cited FFIEC guidance on AI risk. She learned the next week that tellers were still using Copilot Chat, which required a second control.

Disable service plans through PowerShell

Use the Microsoft Graph PowerShell SDK to disable the specific Copilot service plans without removing the base Microsoft 365 license. The command pattern is:

Connect-MgGraph -Scopes “User.ReadWrite.All”, then Get-MgSubscribedSku to list the SkuId, then Set-MgUserLicense with a DisabledPlans array that includes the Copilot plan GUIDs. Microsoft publishes the current service plan GUIDs in a maintained reference table.

The consequence of getting the GUID wrong is that you may disable Exchange Online or SharePoint by accident, which takes users offline. A common misconception is that “DisabledPlans” is additive; it is replacement, so you must include every previously disabled plan in the new array.

Block Copilot Chat with a Cloud App policy

Go to the Microsoft Entra admin center, open Protection → Conditional Access, and create a policy that targets the Microsoft 365 Copilot and Bing cloud apps with a Block access grant control. Apply it to all users or to a specific group.

The consequence of skipping this step is that employees can reach Copilot Chat at copilot.microsoft.com using their work account, which routes pasted data through Microsoft’s consumer AI endpoint. FINRA has publicly warned member firms under Regulatory Notice 24-09 that consumer AI tools are not an approved substitute for supervised communications.

Turn off Copilot in SharePoint and OneDrive search

Inside the SharePoint Admin Center, go to Settings → Copilot and switch Copilot in SharePoint to Off. Repeat in the OneDrive admin section. This stops Copilot from indexing sites that have broken permissions, which is the oversharing risk flagged in the Gartner survey above.

Turning Off Copilot at the Device Level

Device-level blocking stops Copilot even when a user signs in with a personal account. This is the belt-and-suspenders layer that regulated industries need.

Group Policy for Windows 11

Download the latest Administrative Templates (ADMX) for Windows 11, copy them into the central store, and open Group Policy Management. Navigate to Computer Configuration → Administrative Templates → Windows Components → Windows Copilot and set Turn off Windows Copilot to Enabled.

The consequence of using the wrong ADMX version is that the policy setting does not appear. A real-world example: Ahmed, a sysadmin at a Chicago law firm, spent three hours troubleshooting before he realized his domain controller still held the Windows 10 22H2 templates, which lacked the Copilot node.

Intune configuration profile

In the Microsoft Intune admin center, create a Settings catalog profile, search for Copilot, and enable Turn off Windows Copilot, TurnOffWindowsCopilot, and DisableAIDataAnalysis. Assign to the device group. Intune pushes the configuration within eight hours by default, or faster if you run a sync.

The consequence of not assigning the profile to a device group is that BYOD phones and personal laptops ignore the policy, because user-assigned Intune profiles only apply to corporate-enrolled devices.

Edge and Chrome policy

For Edge, set HubsSidebarEnabled to Disabled and GenAILocalSettings to 0 through Intune or Group Policy. For Chrome, set GenAiDefaultSettings to 2 in the Chrome Enterprise policy list. This blocks the in-browser AI features that would otherwise bypass your Microsoft controls.

Real-World Scenarios

Here are the three situations admins and users run into most often, along with the precise action and the consequence that follows.

These scenarios are drawn from enforcement patterns at OCR, state bar disciplinary boards, and FINRA’s 2025 Annual Regulatory Oversight Report. Each scenario shows why partial disablement is worse than no disablement, because it creates a false sense of security.

Named Examples

Maria, a solo tax preparer in Dallas, subscribes to Microsoft 365 Business Standard and added Copilot for $30 per month. After reading IRS Publication 4557 on taxpayer-data safeguards, she unassigned the Copilot license in the admin portal, blocked Copilot Chat through a conditional access policy, and disabled Windows Copilot in Group Policy. Her consequence for not acting would have been a potential IRC § 7216 violation, which carries up to one year in prison for unauthorized disclosure of return information.

Jamal, a school district CIO in Georgia, runs Microsoft 365 A5 for 12,000 students and staff. Under FERPA, 20 U.S.C. § 1232g, education records cannot be disclosed without consent. Jamal used Intune to disable Copilot on every student device and used PowerShell to strip Copilot service plans from faculty accounts that handle IEPs. The consequence of inaction would have been the loss of federal funding if the Department of Education’s Privacy Technical Assistance Center flagged the tenant.

Rebecca, a hospital CISO in Denver, signed a HIPAA Business Associate Agreement with Microsoft that covers Copilot. She still chose to turn off Copilot in SharePoint because her permissions model had 4,000 legacy sites with “Everyone except external users” access. The consequence of leaving Copilot on would have been a HIPAA oversharing incident of the exact type Gartner measured, even though the BAA covered the platform.

Mistakes to Avoid

1. Disabling Copilot inside Word but forgetting that the web version at office.com keeps it enabled, which means a user can still prompt from a browser. The outcome is a data-exposure event you never see in desktop logs.

2. Removing the paid Microsoft 365 Copilot license without blocking free Copilot Chat, which leaves every Entra user one click away from pasting confidential text into a consumer endpoint. The outcome is a compliance gap invisible to your MDM reports.

3. Assigning Intune Copilot policies to a user group instead of a device group, which skips BYOD and unmanaged endpoints. The outcome is partial coverage that still allows shadow AI use.

4. Using an outdated ADMX template that lacks the Windows Copilot node, so the Group Policy setting never writes to the registry. The outcome is a policy that appears green in the console but does nothing on the device.

5. Disabling Copilot in SharePoint without fixing underlying permission sprawl, which means when you turn Copilot back on later, the oversharing risk returns. The outcome is a ticking time bomb rather than a cured problem.

6. Forgetting to turn off Copilot in Loop, Whiteboard, and Planner, which are separate toggles from the core Office apps. The outcome is AI features running inside collaboration surfaces your users forgot were Microsoft products.

7. Relying on a Conditional Access “Block” policy without “Require compliant device” as a companion, which lets users bypass the block from an unmanaged browser in InPrivate mode. The outcome is a policy that blocks the honest and ignores the curious.

8. Assuming a Microsoft HIPAA BAA covers every Copilot variant, when in fact free Copilot Chat is outside the Microsoft Products and Services DPA. The outcome is a contractual gap that surfaces only during a breach investigation.

9. Skipping the audit of Copilot interaction logs in Microsoft Purview, so you do not know who used Copilot before you turned it off. The outcome is no forensic record if a regulator demands one.

10. Treating Copilot disablement as a one-time project, when Microsoft regularly re-enables features in monthly channel updates. The outcome is silent drift that can re-expose the tenant within a single patch cycle.

Do’s and Don’ts

Do’s

• Do document every disable action in a written AI governance policy, because FTC enforcement expects a paper trail tying claims to controls.
• Do use layered controls — license, policy, and device — because any single layer can be bypassed.
• Do test the disablement with a standard user account before declaring the project complete, because admin accounts often see different UI than rank-and-file users.
• Do align your disable choices with your record-retention schedule, because SEC Rule 17a-4 and FINRA Rule 4511 require six-year WORM retention of business communications.
• Do communicate to employees why Copilot is off, because the NLRB’s 2023 Stericycle decision treats overbroad work rules as presumptively unlawful unless justified.

Don’ts

• Don’t rely on the word “default” because Microsoft changes defaults without warning during channel updates.
• Don’t assume a disabled ribbon button means a disabled feature, because background services can still process content.
• Don’t copy PowerShell scripts from forums without reading them, because a wrong SkuId can strip Exchange access from your entire company.
• Don’t forget state law, because the California CPRA, Colorado Privacy Act, and Texas Data Privacy and Security Act each impose their own AI-related duties.
• Don’t skip end-user training, because a disabled tool returns the moment someone enables a personal account on a work machine.

Pros and Cons of Turning Off Copilot 365

Pros

• Stronger control over protected data, which reduces the likelihood of a HIPAA, GLBA, or CCPA incident and the notification costs that follow.
• Cleaner compliance posture for record-keeping regimes like SEC 17a-4, FINRA 4511, and IRS Publication 4557.
• Reduced attack surface for prompt-injection and data-exfiltration techniques documented by MITRE ATLAS.
• Lower monthly spend, because Microsoft 365 Copilot runs $30 per user per month, which adds $360 annually per seat.
• Simplified user training, because staff no longer need to learn which prompts are safe versus risky.

Cons

• Lost productivity gains that Microsoft’s 2024 Work Trend Index claims average 14 minutes saved per user per day.
• Employee dissatisfaction and shadow-AI risk, where workers route around the block using personal phones or ChatGPT.
• Competitive disadvantage in industries where peer firms deploy AI-assisted drafting and analysis.
• Increased IT workload, because monitoring and re-enforcing the disable state requires ongoing scripts and audits.
• Potential contractual friction with vendors who now require “AI-assisted” collaboration as part of joint projects.

Forms, Scripts, and Step-by-Step Processes

The disable workflow has three formal artifacts that regulated organizations should keep on file.

The PowerShell disable script

A typical script connects to Microsoft Graph, pulls the tenant SKU, and loops through users. Each line matters. The Connect-MgGraph line establishes the session and must include the User.ReadWrite.All scope, because lesser scopes return a 403. The Get-MgSubscribedSku line pulls the Copilot SKU GUID, which you confirm against the license service plan reference. The Set-MgUserLicense line applies a DisabledPlans array, and the consequence of a typo here is a silent failure that shows success in the console but leaves Copilot running.

The Intune configuration profile JSON

When you export an Intune profile, the JSON includes a settingInstance block for each control. The settingDefinitionId must match Microsoft’s current schema, because the schema changes with Windows 11 feature updates. The consequence of an outdated settingDefinitionId is that the profile reports Not applicable against every device, which looks fine in summary but achieves nothing.

The user acknowledgment form

A short written form — one page — that asks each employee to acknowledge that Copilot is disabled, that personal AI tools are not a substitute, and that policy violations may result in discipline. The EEOC’s 2023 AI guidance expects employers to document notice when AI policies affect terms of employment. The consequence of skipping this form is a weaker defense if an employee later claims they were disciplined for conduct they did not know was prohibited.

Key Entities You Should Know

• Microsoft, the vendor, which publishes the admin documentation and ships the channel updates that can re-enable Copilot features.
• Microsoft Entra ID, the identity platform formerly called Azure AD, which governs Conditional Access and license assignment.
• Microsoft Purview, the compliance platform that audits Copilot interactions and applies sensitivity labels.
• The Office for Civil Rights (OCR) at HHS, which enforces HIPAA and has issued guidance on cloud computing and PHI.
• The Federal Trade Commission, which enforces Section 5 of the FTC Act against unfair or deceptive AI practices.
• The Securities and Exchange Commission, which enforces books-and-records rules and has flagged AI washing in rulemaking agendas.
• FINRA, the broker-dealer self-regulatory organization, whose Rule 4511 mirrors SEC 17a-4 for member firms.
• State attorneys general, who enforce state privacy acts and who increasingly coordinate AI investigations under a multistate AI task force.

Court Rulings and Enforcement Recaps

Courts have begun to weigh in on generative AI, and the rulings shape how strict your Copilot disablement needs to be.

In Mata v. Avianca, No. 22-cv-1461 (S.D.N.Y. 2023), Judge Castel sanctioned attorneys who filed a brief containing fabricated case citations produced by ChatGPT. The consequence was a $5,000 fine and a public reprimand, and the ruling is now cited in every state bar advisory opinion on AI, including the California State Bar Practical Guidance. The lesson for Copilot users is that unverified AI output inside a work product is a professional-responsibility problem even when the tool is authorized.

In Thomson Reuters v. Ross Intelligence, No. 20-613 (D. Del. 2025), the court granted partial summary judgment on copyright infringement tied to AI training data. The consequence is that firms using generative AI must track the provenance of outputs, which is easier when Copilot is off than when it is on and silently drafting.

The FTC’s July 2024 operation AI Comply announced five enforcement actions against companies making deceptive AI claims. While no action has yet targeted Microsoft 365 Copilot specifically, the pattern signals that overstating AI capabilities to clients is now a Section 5 risk, which is why disabling and documenting are a cleaner posture than leaving features on without oversight.

State-level enforcement has also begun. The Texas Attorney General’s settlement with Pieces Technologies in September 2024 was the first state AG action under a state AI-related law, targeting a healthcare AI vendor for deceptive accuracy claims. The consequence for Microsoft 365 customers is that state AGs will investigate downstream users of AI, not just vendors, which makes tenant-level disablement a defensible posture.

FAQs

Does turning off Copilot in Word also turn it off in Excel?

No. Each Microsoft 365 app has its own Copilot toggle under File → Options → Copilot. Disabling one does not disable the others, and the web versions at office.com ignore desktop toggles entirely.

Can I turn off Copilot for just one user instead of the whole tenant?

Yes. Unassign the Microsoft 365 Copilot license for that single user in the admin portal, or use PowerShell with Set-MgUserLicense to disable the Copilot service plan without removing the base Microsoft 365 license.

Does disabling Copilot delete my past prompt history?

No. Prompt and response history remains in the user’s Copilot Lab and in Purview audit logs for the default 180-day retention period. Separate deletion through Purview or a user-initiated purge is required.

Will Microsoft re-enable Copilot in a future update?

Yes. Microsoft has historically flipped Copilot defaults during monthly channel updates, which is why admins should build a monthly audit script rather than treat disablement as a one-time task.

Is free Copilot Chat covered by the Microsoft HIPAA Business Associate Agreement?

No. The standard Microsoft BAA covers enterprise services like Microsoft 365 Copilot and Exchange, but consumer Copilot Chat at copilot.microsoft.com is outside the BAA and should be blocked in healthcare settings.

Do I need to notify employees before turning off Copilot?

Yes. While not legally required in every state, NLRB guidance and most employee handbooks expect reasonable notice of tool changes, and documented notice protects the employer during later disputes.

Can I turn off Copilot only during certain hours?

No. Microsoft does not offer a built-in time-based Copilot toggle. Time-based access must be achieved through Conditional Access policies keyed to sign-in risk or location, not directly to Copilot state.

Does turning off Copilot save money?

Yes. Microsoft 365 Copilot costs $30 per user per month, so unassigning 100 licenses saves $36,000 per year. Budget approvers increasingly require an ROI justification to keep the license active.

Will disabling Copilot affect Bing Chat Enterprise?

Yes. Bing Chat Enterprise was rebranded into Copilot Chat in 2024, so Conditional Access policies that block Copilot cloud apps also block the legacy Bing Chat Enterprise experience.

Is GitHub Copilot turned off when I turn off Microsoft 365 Copilot?

No. GitHub Copilot is a separate product with a separate license, managed at github.com/organizations, and it must be disabled in the GitHub organization settings or by removing the seat assignment.

Do state privacy laws require me to turn off Copilot?

No. No state privacy law mandates disabling Copilot specifically, but laws like CCPA, CPRA, and the Texas Data Privacy and Security Act require reasonable safeguards, which may include disabling AI features that surface regulated data.

Can I turn off Copilot through a single button in the admin center?

No. Microsoft does not offer a tenant-wide master off switch. Full disablement requires a combination of license changes, Conditional Access policies, SharePoint toggles, and device-level policies in Intune or Group Policy.