Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article provides an overview of audit logs generated for user interactions and admin activities related to Microsoft Copilot and AI applications. These activities are automatically logged as part of Audit (Standard). If auditing is enabled in your organization, additional configuration steps aren’t needed for Copilot and AI application auditing support.
Billing for auditing non-Microsoft 365 AI applications
User interaction with non-Microsoft 365 AI data is information from other generative AI applications from Microsoft and other connected external AI applications. This data type includes Copilot in Microsoft Fabric, Microsoft Security Copilot, Microsoft Copilot Studio, any connected or cloud AI application.
Audit logs for this type of user interaction isn't included in your enterprise subscription and is subject to pay-as-you-go billing. These interactions are logged under the AIAppInteraction recordType or AIApp workload. These logs aren't enabled by default and require you to enable pay-as-you-go features. When enabled, these audit logs are retained for 180 days. Consumption is charged based on the number of audit records ingested for user interactions with these third-party AI applications.
Admin activities with Copilot and AI applications
Audit logs are generated when an administrator performs activities related to Copilot settings, plugins, promptbooks, or workspaces. For more information, see Copilot activities.
User activities with Copilot and AI applications
Audit logs are automatically generated when a user interacts with Copilot or an AI Application. These audit records contain details about which user interacted with Copilot, when and where the interaction took place. Audit records also include references to files, sites, or other resources Copilot and AI applications accessed to generate responses to user prompts.
Commonly used properties in Copilot audit logs
The following table outlines some of the commonly used properties included in audit logs.
| Attribute | Definition | Examples |
|---|---|---|
| Operation | Specifies the name of the activity which was audited. | For user interactions with Copilot, this uses values like CopilotInteraction, ConnectedAIAppInteraction, and AIAppInteraction, as described for RecordType. Also includes Copilot admin operations like UpdateTenantSettings, CreatePlugin, DeletePlugin, EnablePromptBook, etc. |
| RecordType | Identifies the category of Copilot or AI application which the user interacted with. | CopilotInteraction refers to scenarios where a user interacted with a Microsoft-developed Copilot application. ConnectedAIAppInteraction refers to scenarios where a user interacted with a custom-built Copilot or third-party AI application deployed and registered within your organization. AIAppInteraction refers to interactions with third-party AI applications which aren't deployed within your organization. |
| Workload | Identifies the app category, similar to RecordType. | Copilot, ConnectedAIApp, AIApp |
| AppIdentity | A detailed string which allows you to uniquely identify the specific Copilot or AI Application which the user interacted with. It typically follows the structure workloadName.appGroup.appName. | For example, interactions with first-party Copilot apps developed by Microsoft use values like Copilot.MicrosoftCopilot.Microsoft365Copilot, Copilot.Fabric.CopilotforPowerBI, Copilot.Security.SecurityCopilot, etc. Interactions with custom-built Copilots created through Copilot Studio use values like Copilot.Studio.AppId. Interactions with third-party AI apps deployed within your organization (which use ConnectedAIApp as the workload) use values like ConnectedAIApp.Entra.AppId or ConnectedAIApp.AzureAI.AzureResourceName. Interactions with third-party AI apps which are audited through network/browser Data Loss Prevention (DLP) (which use AIApp as the workload) use values like AIApp.SaaS.AppName. |
| AppHost | The same Copilot application could be deployed within multiple host applications. This property helps identify the application which hosted the interaction between a user and Copilot. | Some of the common AppHost scenarios are: - BizChat: The Copilot interaction was performed in the BizChat client (either via Teams, or the app), or via the website microsoft365.com/copilot or microsoft365.com/chat - Bing: The Copilot interaction was performed through the Microsoft Edge browser, Office mobile apps, or copilot.cloud.microsoft.com - Office: The Copilot interaction was performed through office.com or microsoft365.com - Other application-specific values: Values like Word, Excel, PowerPoint, OneNote, Stream, etc. indicate that the interaction was performed within these applications |
| ClientRegion | The user’s region when they performed the operation. | |
| AISystemPlugin | Details of plugins or extensions enabled for the Copilot interaction. - Name is the name of the plugin which was used by Copilot in generating the response. - ID is the unique identifier for the plugin. - Version refers to the version of plugin used. |
|
| Contexts | Contains a collection of attributes to help describe where the user was during the Copilot interaction. - ID is the identifier of the resource which was being used during the Copilot interaction. - Type is the filetype/name of the app or service where the interaction occurred. |
- ID contains values like FileId or FilePath (for SharePoint scenarios), or Teams Chat ID or Meeting ID (for Teams scenarios), etc. - Type contains values like docx, pptx, xlsx, TeamsMeeting, TeamsChannel, TeamsChat, etc. |
| Messages | Contains details about the prompt and response messages within the Copilot interaction. A single audit record typically contains a prompt-response pair but can also include a prompt with multiple response messages (that is, all Copilot responses associated with that prompt). - ID is the messageId of the prompt/response message in the Copilot interaction. - IsPrompt is a boolean flag to denote whether this message is a user prompt or Copilot response. - JailbreakDetected is a boolean flag to denote whether a jailbreak attempt was made using this prompt message. - Size is currently not used. |
"Messages": [ {"ID":"1715186983849", "isPrompt":true}, {"ID":"1715186984291", "isPrompt":false} ] |
| AccessedResources | References to all resources (files, documents, emails, etc.) which Copilot accessed in response to the user’s request. - ID is the unique identifier for the resource. This could be a fileId on OneDrive, or a messageId in Teams, or email ID in Outlook, etc. - SiteUrl is the URL of the resource which was accessed. This could be the URL of a SharePoint site, full file path of a file, etc. - ListItemUniqueId is a unique identifier for an item in SharePoint. - Type refers to the type of resource which was accessed. It can contain values like the filetype extension (pptx, docx, etc.) or describe the type of resource (for non-SharePoint resources). - Name is the user-friendly readable name of the resource (for example, fileName). - SensitivityLabelId is the ID of the sensitivity label assigned to the resource. This is helpful in identifying whether Copilot accessed any sensitive information while generating its response. - Action refers to the nature of access which Copilot performed on the resource. Common values include read, create, modify. - PolicyDetails is used in scenarios where Copilot referred to a policy. This property can include details like PolicyId, PolicyName, list of Rules, etc. |
|
| ModelTransparencyDetails | Details of the AI/GAI model provider. - ModelName is the name of the model used. - ModelVersion is the version of the model used. - ModelProviderName is the publisher of the model. |
|
Example Copilot scenarios for user activities
The following tables list some example scenarios and how they appear in the audit log. These example audit logs are created from Copilot activities.
Microsoft Copilot
A user interacts with Microsoft Copilot through the BizChat client.
| Operation | RecordType | AppIdentity | AppHost |
|---|---|---|---|
| CopilotInteraction | CopilotInteraction | Copilot.MicrosoftCopilot.BizChat | BizChat |
Security Copilot
A user interacts with Security Copilot within Microsoft Defender.
| Operation | RecordType | AppIdentity | AppHost |
|---|---|---|---|
| CopilotInteraction | CopilotInteraction | Copilot.Security.SecurityCopilot | Defender |
Copilot Studio applications
A user interacts with a custom-built Copilot Studio application (whose appId is the GUID contained in appIdentity). The interaction takes place within Microsoft Teams, where this custom-built application is deployed.
| Operation | RecordType | AppIdentity | AppHost |
|---|---|---|---|
| CopilotInteraction | CopilotInteraction | Copilot.Studio.f4d97b45-1deb-40ce-9004-b473b79eab85 | Teams |
Microsoft Facilitator
Microsoft Facilitator performed an update to AI Notes, Live Notes, or Meeting Moderation in Microsoft Teams.
| Operation | RecordType | AppIdentity | AppHost |
|---|---|---|---|
| AINotesUpdate | TeamCopilotInteraction | Copilot.TeamCopilot.AINotes | Teams |
| LiveNotesUpdate | TeamCopilotInteraction | Copilot.TeamCopilot.LiveNotes | Teams |
| TeamCopilotMsgInteraction | TeamCopilotInteraction | Copilot.TeamCopilot.Message | Teams |
Identifying if Copilot accessed the web
When web search is enabled, Microsoft 365 Copilot and Microsoft 365 Copilot Chat parse user prompts and determine whether web search would improve the quality of the response. To identify if Copilot referenced the public web in a user interaction, review the AISystemPlugin.Id property in the CopilotInteraction audit record. AISystemPlugin.Id contains the value BingWebSearch when user Copilot requests use the public web via Microsoft Bing for additional data.
Pay-as-you-go model for third-party AI applications
Audit logs for user interactions with third-party AI applications (logged under the AIAppInteraction recordType or AIApp workload) are available through a pay-as-you-go billing model. These logs aren't enabled by default and require you to enable the relevant Microsoft Purview pay-as-you-go features. When enabled, these audit logs are retained for 180 days. Consumption is charged based on the number of audit records ingested for user interactions with third-party AI applications.
For more details, please refer to Microsoft Purview billing models.
Accessing Copilot audit logs
Copilot audit logs are accessed using the Microsoft Purview portal and by selecting Audit.
To search for specific Copilot or AI application scenarios, use the Activities – operation names field in the Microsoft Purview portal to filter audit logs using the properties like Operation, RecordType, and Workload.
If you need to search for audit logs containing a specific AppIdentity value or set of values, first search and export all relevant Copilot audit logs by filtering by operation name. From the exported search results, apply a filter on the AppIdentity property offline.