How Web Grounding Works in Microsoft 365 Copilot: A Deep Dive for Federal IT Leaders

Bottom line for federal teams

• Web grounding in Microsoft 365 Copilot is opt-in and admin-controlled — it is not on by default in all configurations, and it can be disabled entirely at the tenant, user, or group level¹.
• When enabled, Copilot does not send the user's full prompt to Bing. It generates a short, de-identified search query — typically a few keywords — and uses the results to enrich the response¹.
• Web queries operate under a different legal boundary than prompts and responses. Prompts and responses stay within the Microsoft 365 service boundary under the Data Protection Addendum. Web queries cross into Bing's service, governed by Product Terms with specific contractual protections²³.
• Web grounding is not deterministic. Copilot decides whether and how to query the web based on the prompt's context. Users cannot always predict when a web query will fire — and that inconsistency is by design, not a bug¹.
• In GCC-High and DoD environments, web grounding may not be available or may have different controls. Federal IT leaders should verify current availability against Microsoft's government feature parity documentation before assuming commercial capabilities apply⁴.

What web grounding is — and what it isn't

Most users think of web grounding as "Copilot searches the internet." That's directionally correct but imprecise in ways that matter for federal deployments.

Web grounding is the process by which Microsoft 365 Copilot optionally queries the Bing search service to supplement a response with current information from the public web. It addresses a fundamental limitation of large language models: their training data has a cutoff date, so without external retrieval, Copilot cannot answer questions about recent events, current prices, live system status, or anything that postdates its knowledge cutoff⁵.

When web grounding fires, Copilot does three things¹:

1. Parses the user's prompt to identify where current web data would improve the response
2. Generates a short search query (a few keywords) and sends it to Bing
3. Incorporates the returned web content into the model's context before generating the response

What web grounding is not:

• It is not the same as a user opening a browser and searching
• It does not send the user's full prompt to Bing
• It does not use Microsoft 365 Graph data (emails, files, calendar) as part of the web query
• It is not guaranteed to fire just because a prompt involves recent information
• It does not apply to prompts where web content would not improve the response (per Copilot's internal assessment)

How Copilot decides whether to query the web

This is the question behind most user frustration: why did Copilot search the web for this prompt but not that one?

The answer is that the decision is made by Copilot's orchestration layer at inference time, based on whether the model determines that web results would materially improve the response. Microsoft's public documentation describes the system as generating a query "when information from the web helps to provide a better, more grounded response"¹. There is no user-visible toggle that says "always search the web for this type of question."

In practice, this means:

• Prompts explicitly about current events, recent developments, or time-sensitive data are more likely to trigger a web query
• Prompts about topics well-covered in the model's training data may not trigger a web query even when current data exists
• Short prompts (e.g., "local weather") may result in the full prompt being sent as the query, since there is nothing to abstract
• Context within a Microsoft 365 app (e.g., a document open in Word) can influence what gets included in the query¹

For federal users asking "can I trust this answer came from real web data?": the only reliable signal is the citation section in the Copilot response. Since November 2024, Microsoft surfaces the exact web search queries Copilot generated — not just the sites returned, but the actual query strings sent to Bing — in the linked citation section of the response¹. If no citations appear, the response came from the model's training data alone.

The query construction process: what gets sent to Bing

Understanding what Copilot sends to Bing — and what it strips out — is critical for federal data governance assessments.

What is included in the web query:

• A short, few-word summary of the relevant aspect of the user's prompt
• In some cases, key terms extracted from an open Microsoft 365 document if it's directly relevant to the prompt¹

What is explicitly excluded from the web query:

• The user's full prompt text (unless the prompt itself is very short)
• Entire Microsoft 365 files, emails, or documents
• Entire web pages being summarized in Microsoft Edge
• The user's Microsoft Entra ID, username, domain, or tenant identifier¹

The stripping of user and tenant identifiers is a query-level protection applied before the query leaves the Microsoft 365 service boundary. This means Bing receives an anonymized keyword query, not a request attributable to a specific user or organization.

Prompts and responses, by contrast, never leave the Microsoft 365 service boundary at all — they are processed within Microsoft's Azure infrastructure under the Data Protection Addendum²³.

The legal and contractual boundary split

Federal compliance officers need to understand this clearly: prompts/responses and web queries operate under different contractual terms.

The contractual protections on web query data are meaningful and explicit in Microsoft's Product Terms — but they are controller-side commitments, not processor-side obligations under the DPA. For agencies with strict data residency, HIPAA, or EU Data Boundary requirements, this distinction matters when assessing what can flow through web grounding²³.

Admin controls: what IT can configure

Federal IT administrators have meaningful levers to control web grounding. As of late 2024, Microsoft significantly expanded the granularity of these controls¹.

The OCPS policy: Allow Web Search in Copilot

The primary control is the Office Cloud Policy Service (OCPS) policy "Allow Web Search in Copilot." It can be applied at the user or group level and accepts the following values:

• Not configured — follows the Optional Connected Experiences (OCE) policy setting
• 0 (recommended) — web search on for both Work and Web modes
• 1 — web search off in both Work and Web modes
• 2 — web search off in Work mode, on in Web mode¹

This policy is available for both Microsoft 365 Copilot and Microsoft 365 Copilot Chat, and overrides the OCE connected experiences setting — meaning admins can manage web search independently without touching the broader optional connected experiences configuration¹.

User-level toggle

In Microsoft 365 Copilot (work tab), users can toggle web content on or off themselves — subject to the admin policy above. If the admin has disabled web search via OCPS, the user toggle has no effect. User toggle availability for Copilot Chat and the Web tab was under review as of mid-2025¹.

Audit logging and eDiscovery

Since Q4 2024, Microsoft supports audit logging of web search queries in Copilot — not just prompts and responses. Admins can view the exact query strings Copilot sent to Bing, associated with the specific user interaction that generated them, through Microsoft Purview eDiscovery and the DSPM for AI Activity Explorer⁶.

This is a significant compliance capability for federal agencies: it means web grounding activity is now auditable at the same level as Copilot prompts and responses.

The DSPM Activity Explorer also includes a web search filter column — allowing compliance teams to quickly identify which Copilot interactions involved a web query⁶.

DLP integration

Microsoft Purview Data Loss Prevention policies can now be applied to Copilot prompts containing sensitive information. When a DLP policy triggers on a prompt, Copilot is prevented from responding to the prompt, connecting to internal data sources, and performing web searches — all three actions are blocked together⁶.

This closes a potential gap where sensitive data in a prompt could have been abstracted into a web query. Under the DLP enforcement model, if a prompt contains data that matches a DLP rule, no web query is generated¹.

What federal teams need to know about GCC and GCC-High

Web grounding availability and controls in government cloud environments do not always mirror commercial Microsoft 365. Federal IT leaders should treat feature parity as something to verify, not assume.

Key considerations for government tenants:

• GCC (Government Community Cloud): Generally tracks closer to commercial feature parity. Web grounding capabilities, admin controls, and Purview integrations described in this article are more likely to be available, but timing of feature rollouts may lag commercial⁴.
• GCC-High and DoD: These environments operate under stricter isolation requirements. Features that cross into commercial Microsoft services — including Bing — may be restricted, delayed, or unavailable. Web grounding specifically requires Copilot to call out to the Bing search service, which operates as a global service outside the government cloud boundary².
• HIPAA note: Web search queries are not covered by a Business Associate Agreement (BAA) and are not HIPAA compliant, regardless of cloud tier. Agencies with HIPAA obligations should account for this when evaluating whether to enable web grounding for relevant workloads².
• EUDB note: Similarly, web queries are not covered by the EU Data Boundary because Bing operates as a global service — relevant for any NATO or allied partner data considerations².

The current authoritative source for government feature availability is Microsoft's government documentation for Azure Government and M365 GCC/GCC-High. Given the pace of feature rollouts, verify directly rather than relying on this or any secondary source⁴.

How to think about web grounding in a federal risk posture

Web grounding is not inherently high-risk — but treating it as equivalent to commercial web browsing misses the nuances that actually matter for federal governance.

Lower-risk characteristics:

• Queries are anonymized — no user or tenant identifiers
• Queries are short keyword strings, not full prompts
• Query data is contractually protected and not used for training or advertising
• Admin controls allow precise scoping by user, group, and mode
• Audit logs and eDiscovery now cover query activity
• DLP enforcement blocks queries when sensitive data is in the prompt

Remaining risk areas to assess:

• Web results themselves are not vetted — Copilot can retrieve and incorporate content from any public site unless domain exclusion controls are applied (committed as a future capability by Microsoft as of mid-2025)
• Non-deterministic query triggering means users cannot rely on knowing whether a response included web data without checking citations
• HIPAA and EUDB exclusions apply to query data — factor into workload-specific risk assessments
• GCC-High and DoD availability requires separate verification
• The DPA does not cover query data — controller-side Product Terms protections apply instead

Recommended posture for most federal agencies:

1. Enable web grounding for general productivity use cases where current information adds value and sensitivity is low
2. Disable web grounding (OCPS policy value 1 or 2) for high-sensitivity workloads or user groups handling protected data
3. Enable audit logging for web queries in Purview to maintain oversight of what queries are being generated
4. Train users to check citation sections — the presence of web query citations is the user-visible confirmation that grounding occurred
5. Document web grounding decisions in your AI use-case inventory per OMB M-24-10 requirements⁷⁸

Summary: what's changed recently and what's coming

Microsoft has made meaningful improvements to web grounding controls since late 2024:

Available now:

• Granular OCPS policy with Work/Web mode split (available since November 2024)
• Web search query citations visible to users in responses (November 2024)
• Web search query audit logging in Purview eDiscovery (Q4 2024)
• DSPM Activity Explorer web search filter and column
• DLP enforcement on prompts that blocks web queries when sensitive data is detected (public preview November 2025)

Committed/in development (as of mid-2025):

• Site and domain exclusion list — ability to block specific domains from web grounding
• User web search toggle in Copilot Chat and Web tab (under review)
• Prompt keyword exclusion list — ability to block specific terms from triggering or being included in web queries¹

For federal IT leaders, the trajectory is toward more granular control, more transparency, and tighter compliance integration — which is the right direction for government deployments. The gap today is domain exclusion and full GCC-High/DoD parity on these controls.

¹: Data, privacy, and security for web search in Microsoft 365 Copilot and Microsoft 365 Copilot Chat — https://learn.microsoft.com/en-us/copilot/microsoft-365/manage-public-web-access ²: Data, Privacy, and Security for Microsoft 365 Copilot — https://learn.microsoft.com/en-us/copilot/microsoft-365/microsoft-365-copilot-privacy ⁹: What is Microsoft 365 Copilot? — https://learn.microsoft.com/en-us/copilot/microsoft-365/microsoft-365-copilot-overview ⁶: Audit logs for Copilot and AI applications — https://learn.microsoft.com/en-us/purview/audit-copilot ⁵: Azure OpenAI Service overview — https://learn.microsoft.com/en-us/azure/ai-services/openai/overview ¹⁰: Microsoft 365 Copilot architecture and how it works — https://learn.microsoft.com/en-us/copilot/microsoft-365/microsoft-365-copilot-architecture ⁷: OMB M-24-10 — https://www.whitehouse.gov/wp-content/uploads/2024/03/M-24-10.pdf ⁸: NIST AI Risk Management Framework 1.0 — https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf ³: Microsoft Products and Services Data Protection Addendum — https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA ⁴: What is Azure Government — https://learn.microsoft.com/en-us/azure/azure-government/what-is-azure-government