Practice · v2.2 · Live · last updated 2026-05-06

M365 Copilot Architecture

What changes when a regulated firm turns on Microsoft 365 Copilot, mapped end-to-end. Architecture, regulatory obligations, and an interactive walkthrough — built for a Global Systemically Important Financial Institution audience.

The pieces

Blog → Research → Tools

Blog · framing

Mapping M365 Copilot's Architecture

A bank-architect friend asked: "If we turn on M365 Copilot, what changes for our regulators?" The framing for what Mogambo built to answer it.

Research · substance

M365 E5 Copilot Architecture & Regulatory Obligations

Reference architecture and regulatory-obligations map for M365 E5 + Copilot (Anthropic). The Word document is the canonical source — version 2.2.

Tool · application

M365 E5 Copilot Architecture Reference

Animated walkthrough of the prompt lifecycle, auth-token chain, six trust boundaries, and the CoWork firm-extension layer.

Tool · v0.5 preview · In progress

Copilot Posture Sandbox

Configurator for M365 Copilot tenants. Toggle the eight load-bearing knobs across two slots — current and proposed — and see the architecture redraw plus the delta in regulatory exposure, Microsoft controls, and source-document citations.

Versions

Mogambo is learning in public
  • v2.3in flight (drafting). Refresh xAI/Grok integration classification (track Microsoft sub-processor list updates), tighten CoWork OBO mechanics walkthrough, advance Posture Sandbox to v1.0 with auto-fact-check.
  • v2.2 — current. Baselined 2026-05-05. xAI/Grok independent-processor reclassification; CoWork OBO mechanics tightened; Anthropic non-retention reframed as contractual posture, not architectural guarantee.
  • v2.0 → v2.1 — predecessors, superseded.
  • v1 — original publication. Superseded.

What Mogambo wants pushback on

Mogambo is learning. The piece is published as a draft for the field — these are the specific things most worth your pushback:

Tell Mogambo