Topic: Chat-history extraction
Microsoft 365 Copilot Export — Purview eDiscovery, Interaction Logs, and Data Retention (2026)
Microsoft 365 Copilot is the enterprise AI embedded in Teams, Word, Excel, Outlook, and OneNote — a different product from the consumer Copilot at copilot.microsoft.com. The two products have different storage architectures and radically different export paths. M365 Copilot interactions are stored in Exchange Online mailbox folders and SharePoint document histories, accessible to admins via Microsoft Purview eDiscovery but not to individual users via a self-serve export button. This page covers where M365 Copilot data lives, the admin eDiscovery path, the retention model, employee privacy protections, and what the GDPR data subject request actually returns.
TL;DR
M365 Copilot has no self-serve export button for individual users. Interaction content (prompts + responses) is stored in Exchange Online's hidden SubstrateHolds folder and is only retrievable by admins with the eDiscovery Manager role via Microsoft Purview Compliance Center → Content Search. The Unified Audit Log records interaction metadata for 90 days to 10 years depending on the license. Individual employees can only get their Copilot interaction data via a DSAR processed by their organization — Microsoft does not provide a direct self-serve path for M365 Copilot content (unlike consumer Copilot at copilot.microsoft.com).
M365 Copilot vs consumer Copilot — the product split
Microsoft has two distinct Copilot products that are frequently confused:
| Microsoft 365 Copilot | Consumer Copilot (copilot.microsoft.com) | |
|---|---|---|
| Where it runs | Teams, Word, Excel, Outlook, OneNote, M365 Chat | copilot.microsoft.com, Bing, Windows Copilot sidebar |
| License required | Microsoft 365 Copilot add-on (~$30/user/month on top of M365 E3/E5) | Free (with Microsoft account) or Copilot Pro ($20/user/month) |
| Interaction storage | Exchange Online SubstrateHolds folder; SharePoint document history; Unified Audit Log | Microsoft Privacy Dashboard history; Microsoft account cloud |
| Self-serve user export | None — admin eDiscovery path only | Partial — Microsoft Privacy Dashboard at account.microsoft.com shows recent history |
| Admin visibility | Full via Purview eDiscovery (with appropriate role) | Limited — consumer data is not visible to enterprise admins |
| GDPR self-service | Two-channel: content via org DSAR process; metadata via privacy.microsoft.com | Direct via privacy.microsoft.com; conversation history downloadable |
Most export-related questions online conflate the two. If you're an employee asking "how do I export my Copilot conversations" and you're using Copilot inside Teams or Word at work, you have M365 Copilot — and the export situation is significantly more restricted than the consumer product.
Where M365 Copilot stores interaction data
Teams Copilot (meeting summaries, chat assistance)
When Copilot is used in a Teams meeting, the transcript and AI-generated summary are stored in two places. The meeting transcript goes into the meeting's RecordingID storage in Teams (accessible to meeting organizers and attendees in the Teams meeting chat, retained per the Teams retention policy). The Copilot prompt-response pairs — specifically, when a meeting participant asks Copilot a question during the meeting — are stored in the user's Exchange Online mailbox in a hidden compliance folder called SubstrateHolds. This folder is not visible in Outlook or the Teams interface; it exists solely for compliance and eDiscovery purposes.
Teams chat Copilot (the standalone Copilot in the Teams left rail, formerly "Copilot in Teams chat") similarly stores interactions in the SubstrateHolds folder of the user's Exchange mailbox, not in the Teams chat message store. This means a Teams administrator reviewing the chat history of a channel or chat thread does not see Copilot interactions — they only appear in a Purview Content Search scoped to Exchange mailbox content.
Word, Excel, PowerPoint Copilot (document assistance)
Copilot interactions in Office documents (drafting in Word, data analysis in Excel, slide generation in PowerPoint) are associated with the document session and stored alongside the document's version history in SharePoint or OneDrive. The prompts and responses are not stored as standalone conversation objects — they're contextually linked to the document file. This makes them accessible via Purview Content Search scoped to SharePoint/OneDrive, but the search must include the document file path or site collection to scope correctly.
Locally-stored documents (OneDrive offline, USB drive) do not have their Copilot interactions stored in the Exchange/SharePoint compliance layer. If a document is never synced to SharePoint or OneDrive, the Copilot interactions for that session may only exist in the Unified Audit Log as metadata entries (who ran Copilot, when, on which file type) without the prompt content.
Outlook Copilot (email drafting, thread summarization)
Copilot in Outlook generates email drafts and summarizes email threads. The prompts ("Help me write a response to this email") and the AI-generated drafts are stored in the user's Exchange Online mailbox, visible to Purview eDiscovery. Summaries of existing email threads are stored as generated content associated with the thread, not as separate messages. If the user accepts a Copilot-generated draft and sends it, the sent email is in the standard Sent Items folder — the Copilot generation context is in the compliance mailbox.
Unified Audit Log (UAL) — interaction metadata
Every M365 Copilot interaction generates an audit log event in the Microsoft 365 Unified Audit Log. The UAL event records: the user who ran the prompt, the timestamp, the Copilot feature used (Teams meeting Copilot, Word Copilot, etc.), the file or thread involved (by SharePoint URL or meeting ID, not by content), and a compliance reference. The UAL does not store the prompt text or the response text — those live in the Exchange/SharePoint storage described above. The UAL is the metadata index; the Exchange/SharePoint storage is the content store.
Admin export path: Microsoft Purview Content Search
The primary admin path for retrieving M365 Copilot interaction content is Microsoft Purview Compliance Center → Content Search. The role required is eDiscovery Manager (or Global Admin, but the principle of least privilege applies — eDiscovery Manager is the correct role for compliance searches).
Step-by-step: Content Search for M365 Copilot interactions
- Navigate to compliance.microsoft.com → Content search → New search.
- Under Locations, select Exchange mailboxes and choose specific users (or "All" for org-wide). If targeting Teams Copilot and Outlook Copilot, Exchange is sufficient. If targeting Word/Excel Copilot, add SharePoint sites or OneDrive accounts.
- Under Keywords, use the query
kind:microsoftteams AND kind:copilotfor Teams Copilot interactions. For a specific user's Copilot interactions across all surfaces, useauthor:user@domain.com AND kind:copilot. The exact keyword query syntax for Copilot interactions has changed in Microsoft's updates — verify withkind:copilotas the current working filter. - Set a date range if scoping to a specific time window.
- Run the search. Review the hit count and preview a sample to verify the results match Copilot interactions (not other Exchange items).
- When ready to export, click Export → Export results. Choose PST format (for mailbox items) or individual messages format. Download via the Microsoft 365 eDiscovery Export Tool (a Windows application).
The exported PST or message files contain the Copilot interaction items from the SubstrateHolds folder. These require Outlook or a PST-compatible reader to open. The interactions appear as items in a hidden folder, not as standard email messages.
eDiscovery case vs Content Search — when to use which
Content Search is appropriate for one-off compliance queries. For formal legal holds, litigation, or regulatory investigations, use Microsoft Purview eDiscovery (Standard) or eDiscovery (Premium) — these create a case record, allow legal holds to be placed on custodian mailboxes (preventing deletion during investigation), and produce a defensible export chain-of-custody. Legal holds placed via eDiscovery override retention policies, so even if the organization's Exchange retention policy would delete Copilot interactions after 30 days, a legal hold preserves them until the hold is released.
Retention model for M365 Copilot interaction data
The retention of M365 Copilot interaction content is governed by the organization's Microsoft Purview retention policies, not a fixed platform default. Understanding the three layers:
Layer 1 — Exchange Online retention policy (applies to Teams/Outlook Copilot content)
If the organization has a Purview retention policy that targets Exchange mailboxes (including the SubstrateHolds folder), that policy's retention period applies to Copilot interaction items. A common configuration is 1 year retention + 1 year deletion. If no Purview retention policy targets Exchange, the items remain in the SubstrateHolds folder indefinitely — which may be the default for organizations that have not explicitly configured retention policies.
Layer 2 — Unified Audit Log retention (applies to interaction metadata)
The UAL records Copilot interaction metadata for: 90 days (Microsoft 365 Standard), 1 year (Microsoft 365 E3/E5 with Audit Standard), or up to 10 years (with Microsoft Purview Audit Premium). This is metadata only — who ran Copilot and when — not the prompt and response content. Most organizations on E3/E5 have 1-year UAL retention by default.
Layer 3 — SharePoint/OneDrive retention (applies to Word/Excel Copilot content)
Copilot interactions associated with documents in SharePoint and OneDrive follow the SharePoint/OneDrive retention policy, which is commonly set to align with document retention (varies widely from 1 year to 7 years in regulated industries). If the document itself is deleted, the associated Copilot interaction data is subject to the same deletion schedule.
The practical implication: organizations that have not explicitly configured Purview retention policies for M365 Copilot may have interaction content persisting indefinitely in Exchange mailboxes — which is a data minimization risk under GDPR and similar regulations. The recommended baseline is a 180-day retention policy targeting Exchange SubstrateHolds, aligned with the legal team's hold requirements.
Employee privacy protections — what employees should know
M365 Copilot interactions are technically accessible to admins with eDiscovery roles, but Microsoft and most organizations' own data governance policies constrain that access in practice:
- Admin searches are logged. Every Content Search run in the Purview Compliance Center is recorded in the audit log — including who ran the search, what query was used, and which users' data was included. A compliance administrator who runs a personal-curiosity search of an employee's Copilot interactions has left an audit trail. This is a strong practical deterrent against casual access.
- Acceptable Use Policy coverage. Organizations are responsible for informing employees that their Copilot interactions may be reviewed for compliance purposes. This is typically covered in the company's Acceptable Use Policy or the M365 Copilot rollout communications. If your organization has not communicated this, that's a gap — employees generally do not know that Copilot interactions are stored in a compliance mailbox folder accessible to eDiscovery.
- No real-time monitoring. M365 Copilot does not give managers a live feed of employee Copilot prompts. The Copilot Dashboard and Viva Insights show usage analytics (prompts per week per team, feature adoption rates) at an aggregated level — not individual prompt content. The content access requires an eDiscovery search, which is a deliberate compliance action, not a passive surveillance feature.
- GDPR right of access applies. An employee in a GDPR jurisdiction can request access to the Copilot interaction data the organization holds about them. The organization is required to respond to this DSAR within 30 days. In practice this means the organization's DPO or HR team runs a Purview eDiscovery search scoped to the requesting employee's mailbox and SharePoint sites, exports the results, and provides them to the employee. The employee cannot run this search themselves.
Copilot Dashboard and Viva Insights — usage analytics, not content
The Microsoft 365 Admin Center provides a Copilot Dashboard that shows aggregate usage metrics across the organization: total active Copilot users, prompts submitted per week, feature adoption by app (Word, Teams, Outlook), and adoption trends over time. Viva Insights provides a manager-level view of team usage patterns.
These dashboards do not show prompt content. They are privacy-protected by design — the thresholds that govern whether an individual's data is shown vary by organization size and policy, but the intent is to provide decision-useful information to IT and leadership without exposing individual employee behavior.
For individual-level usage data (how many prompts did this specific employee run this week), the Purview Compliance Center provides the UAL query interface — but again, this is metadata (count, timestamp, app), not content. The prompt text requires the Content Search + Export process described above.
Capturing architecture decisions from M365 Copilot sessions
For engineers and architects using M365 Copilot for architecture deliberation — asking Copilot to compare database options in a Word document, analyzing trade-offs in an Excel spreadsheet, or getting architecture recommendations in Teams — the export situation is critical to understand before relying on those sessions as a decision record.
The problem: there is no self-serve export. If you use Word Copilot to draft an architecture trade-off analysis, the Copilot prompts and responses are tied to that document's SharePoint version history — but not in a format you can easily extract and reference later. If the document is deleted, moved, or the organization's retention policy expires, the Copilot deliberation is gone with no recovery path for the individual user.
The practical workaround is to treat M365 Copilot deliberation as ephemeral and immediately transfer the outputs to a durable record:
- Copy the key outputs to the ADR. After a Copilot session in Word or Excel that produces useful architecture analysis, paste the Copilot response text (the trade-off table, the pros/cons list, the recommendation) directly into the ADR draft. The ADR is the durable record; the Copilot session is the tool that produced the content.
- Export the document immediately. If the Copilot deliberation is in a Word document, export the document to PDF and store it in the ADR's companion files (alongside the Markdown ADR file in
/decisions/0042-use-postgres-addendum/). The exported document survives retention policy expiration; the Copilot session metadata does not. - Use consumer Copilot or ChatGPT/Claude for deliberation-critical sessions. For architecture decisions where you need to preserve the full reasoning trail, the consumer Copilot at copilot.microsoft.com or ChatGPT/Claude provide export paths that M365 Copilot does not. ChatGPT and Claude both offer Settings → Data Controls → Export, which produces a JSON file containing the full conversation history. The WhyChose extractor can then surface the structured architecture decisions from those exports — alternatives considered, trade-offs acknowledged, the decision rationale — as ADR-ready records.
Related questions
Where does Microsoft 365 Copilot store conversation history?
In Teams and Outlook, Copilot interactions are stored in the user's Exchange Online mailbox in a hidden compliance folder called SubstrateHolds. In Word, Excel, and PowerPoint, interactions are associated with the document and stored with the document's version history in SharePoint or OneDrive. All surfaces generate audit log events in the Microsoft 365 Unified Audit Log. None of these storage locations are visible to the user through the normal UI — the SubstrateHolds folder is not accessible in Outlook, and document-associated Copilot interactions are not exposed as a conversation history in the Office apps.
Can a Microsoft 365 admin see employee Copilot prompts?
Yes, with the eDiscovery Manager role via Microsoft Purview Content Search. However, every search is recorded in the audit log, which is a strong practical deterrent against casual access. Usage analytics (how many prompts, which features, aggregated) are visible to admins via the Copilot Dashboard without requiring eDiscovery. Individual prompt content requires an explicit Content Search, which organizations should restrict to documented compliance use cases and formal legal/HR investigations.
How long does Microsoft 365 keep Copilot interaction data?
Retention depends on the organization's Purview retention policies. Without an explicit policy targeting Exchange, Copilot interactions in the SubstrateHolds folder may persist indefinitely. The Unified Audit Log retains interaction metadata for 90 days (Standard) to 10 years (Audit Premium). Organizations that haven't configured explicit retention policies for Copilot content should consult their legal and compliance teams — indefinite retention is a GDPR data minimization risk.
What is the employee GDPR path for Microsoft 365 Copilot data?
Two-channel: interaction content (actual prompts and responses) must be requested through the organization's DSAR process — the organization's DPO or HR team runs a Purview eDiscovery search and provides the results. Microsoft-held metadata (telemetry, diagnostics) can be requested directly via privacy.microsoft.com. There is no self-serve export button for M365 Copilot conversation history the way there is for consumer Copilot at copilot.microsoft.com or ChatGPT.
Further reading
- Microsoft Copilot export — consumer Copilot at copilot.microsoft.com (privacy dashboard and GDPR path) — covers the consumer Copilot product: what's stored, the Microsoft Privacy Dashboard path, and how it differs from the enterprise M365 Copilot covered on this page. If you're using Copilot at copilot.microsoft.com with a personal Microsoft account, this is the relevant page; if you're using Copilot inside Teams or Word at work, this page is the relevant one.
- Claude Team workspace export — admin DSAR path, member scope, and Project isolation — the equivalent page for Claude Teams: admin DSAR path via Anthropic's privacy portal, what member data is included in a workspace export, and Project Knowledge Base isolation. Claude Teams gives members a direct GDPR data export path that M365 Copilot lacks for employees.
- ChatGPT Team export — differences from Plus, workspace admin flow, and the Compliance API — the equivalent page for ChatGPT Teams: how the workspace admin export differs from individual user exports, and what the Compliance API provides for enterprise data retrieval. Like M365 Copilot, ChatGPT Teams has an admin-level export path distinct from the individual user self-serve path.
- Gemini Workspace export — Google Vault, admin console, and enterprise data portability — the Google Workspace equivalent: how Gemini for Google Workspace interactions are stored in Google Vault, what the admin export path looks like, and the GDPR data portability path via Google Takeout (which Gemini Workspace supports in ways M365 Copilot does not).
- How to export your Claude conversations — self-serve path via Settings — if the goal is preserving architecture deliberations with a reliable self-serve export path, Claude.ai's Settings → Account → Export Data is the most straightforward option, producing a conversations.json that the WhyChose extractor can process to surface structured decision records.
- Grok conversation export — the other AI assistant with a limited self-serve export path: Grok (xAI) has no Export Data button and is not included in the X data archive, requiring a DSAR to privacy@x.ai for EU users. Covers the pattern of AI products where legal-process paths substitute for missing self-serve export features.
- The open-source extractor — processes ChatGPT and Claude conversations.json exports to surface architecture decisions as structured ADR records. For organizations that use ChatGPT or Claude for architecture deliberation alongside M365 Copilot, the extractor provides the durable decision record that M365 Copilot's limited export path cannot.