Generative AI Fundamentals
One model runs the whole domain: Copilot grounds your prompt before the model answers
Ask Microsoft 365 Copilot to "summarize the Contoso Q3 launch decisions" and it does not answer from the language model's memory. It first runs a step Microsoft calls grounding: it gathers the relevant context it is allowed to reach (the file you have open, items in Microsoft Graph, or web results), adds that to your prompt, and only then sends the enriched prompt to the large language model (LLM) to write the answer. That single idea organizes everything on this domain. Because the answer is built from whatever context Copilot could ground against, the same prompt gives different results in different apps, the answer never escapes your existing permissions, the way you scope Copilot (open Chat, a purpose-built agent, or the Copilot inside Word or Teams) just changes what it grounds on, and an answer with no grounding behind it is the fabrication you have to catch. The classic exam trap is treating a Copilot answer as a finished fact: it is a grounded draft, and its quality only ever tracks the quality of the context it could reach.
The domain unfolds in four steps: how grounding works, who is allowed to see it, where you run it, and how you check it
Read this page as a map, then follow the four subtopics in order. How Microsoft 365 Copilot Works explains the grounding mechanic itself and the split between the free web-grounded Copilot Chat and the licensed work-grounded Microsoft 365 Copilot. Data Privacy and Protection in Copilot covers the rules on that grounding: your data stays inside the Microsoft 365 service boundary and is not used to train the models, Copilot only surfaces what your account could already open, and sensitivity labels carry through. Chat, Agents, and App Experiences is the where: open-ended Chat for one-off questions, a scoped agent when a team repeats a prompt, and the in-app Copilot whose capabilities differ by what each app is for. Responsible AI: Risks and Verification closes the loop: name the three risks (fabrication, prompt injection, over-reliance) and verify the output, with the rigor scaled to the stakes. Each subtopic carries its own mechanisms, tables, and traps; this page only shows how they fit together.
When two answers both seem right, prefer the one that keeps a human in control of grounded, permitted content
Across this domain the instinct the exam rewards is the same: let Copilot do the grounded drafting, but keep the person responsible for access, judgment, and the final call. Reach for the licensed work-grounded Copilot when the task depends on your own files, mail, or meetings, and the free web-grounded Chat when it does not. Trust permissions and sensitivity labels to bound what Copilot surfaces rather than expecting the model to police itself. Pick the scoped tool (an agent, or a specific app's Copilot) over a generic blank prompt when the work repeats or belongs to one app. And treat every output as something you still own: check the citations and apply human oversight before you rely on it, more so the more a wrong answer would cost. The wrong answer on AB-730 is almost always the one that hands the decision to Copilot instead of keeping the person in the loop.
The four questions this domain answers, and where each is covered
| Question about grounding | The short answer | Drill into |
|---|---|---|
| How does Copilot build an answer? | It grounds your prompt in reachable context (open file, Microsoft Graph, or web), then asks the LLM; web-grounded Chat is free, work-grounded Copilot is licensed. | How Microsoft 365 Copilot Works |
| Who is allowed to see what it grounds on? | Only what your account can already open; data stays in the Microsoft 365 service boundary, is not used for training, and sensitivity labels carry through. | Data Privacy and Protection in Copilot |
| Where do you run it for this task? | Open-ended Chat for one-offs, a scoped agent when a team repeats a prompt, the in-app Copilot whose capability fits the app you are in. | Chat, Agents, and App Experiences |
| How do you know the answer is right? | Watch for fabrication, prompt injection, and over-reliance; check citations and apply human review, scaled to the stakes. | Responsible AI: Risks and Verification |