Field Notes · v2.2 · Live · last updated 2026-05-06
M365 Copilot Architecture
What changes when a regulated firm turns on Microsoft 365 Copilot, mapped end-to-end. Architecture, regulatory obligations, and an interactive walkthrough — built for a Global Systemically Important Financial Institution audience.
Personal capacity. Not employer-reviewed or endorsed. Technical claims are generic reference patterns, not internal practice from any specific firm.
Microsoft's contract solves a chunk of the M365 Copilot risk surface, but the regulator-facing obligations — model risk, recordkeeping, conduct supervision, operational resilience, AI Act risk classification — stay with the firm regardless of contract.
Animated walkthrough of the prompt lifecycle, auth-token chain, six trust boundaries, and the CoWork firm-extension layer. Click any node for protocol-level detail.
Configurator for M365 Copilot tenants. Toggle the eight load-bearing knobs across two slots — current and proposed — and see the architecture redraw plus the delta in regulatory exposure.
Mogambo is learning. The piece is published as a draft for the field — these are the specific things most worth your pushback:
The xAI-as-independent-processor classification — if you've seen Microsoft's documentation update since 2026-05-05, or if your tenant configures it differently, Mogambo wants to know.
The CoWork On-Behalf-Of token mechanics — if you've shipped a different pattern that defends in front of an Identity-Office review, share the architecture.
The "Anthropic non-retention" reframing as contractual posture rather than architectural guarantee — if your supervisory examiners are asking for architectural evidence beyond contractual commitment, what posture are you taking?