Allow or block sites for Copilot actions in Microsoft Edge

Controlling what artificial intelligence can do in your browser has become key to maintaining Privacy, security, and costs under controlCopilot in Microsoft Edge And in the Microsoft 365 ecosystem, it brings together a lot of advanced features, but if you don't properly adjust site, data, and action permissions, you can end up giving more access than you intend or exposing sensitive information without realizing it.

In the enterprise environment, moreover, it's not just a matter of turning Copilot on or off: administrators need to decide which sites and data sources can use Copilot actions, how extensions and agents are managed, what is done with browsing history, and how the complete life cycle of these tools is governedLet's break it down calmly, but in depth, so that you have all the key points on the table.

What is Copilot in Edge and why does site control matter?

Copilot integrates with Edge and Microsoft 365 as an artificial intelligence engine that combines large language models, Microsoft Graph data, and productivity applications such as Word, Excel, Outlook, PowerPoint, or Teams. In Edge and Windows apps, it also relies on browsing history, cookies, extensions, and other browser data to offer more contextual responses.

This deep integration means that Copilot can, if you allow it, read web page contentinteract with online services, perform actions on open tabs and even coordinate with extensions or custom agents that access your organization's internal data sources. That's why it's so important to be able to decide which sites are allowed, which are blocked, and under what conditions Copilot actions can be used.

Microsoft has designed a control system that combines several layers: Local settings in Edge (such as extension and cookie permissions), Copilot for Windows privacy controls, and centralized policies in the Microsoft 365 and Power Platform admin center. The goal is to allow you to apply everything from very basic adjustments to very fine-tuned governance in corporate environments.

In personal settings, the focus is on controlling history, cookies, autofill data, and synchronization with Microsoft Edge. In business settings, the priority shifts to regulatory compliance, data minimization, and governance of agents and connectors who can access sensitive content in SharePoint, Teams, or other systems.

Allow or block sites using extensions and actions in Microsoft Edge

A primary area of ​​control in Edge is through extensions, because many of them interact with Copilot, with the content of the pages and with the data you see in your browserMicrosoft allows you to fine-tune each extension's access to different websites.

For a specific extension, you can decide if you want to only have access when you click on it, act automatically on the current site, or be able to read and modify data on all sitesThis has a direct impact on which pages can be analyzed or modified by the combination of extensions + Copilot.

The typical flow for changing site access permissions for an extension in Edge is:

• Open Microsoft Edge and click on Extensions, to the right of the address bar.
• Locate the extension you want to adjust, select the menu More actions (…) and place the mouse over the site access option.
• Choose between: access only by clicking on the extension, automatic access on the current site, or access to all sites.

If you need more granular control, from the extensions management page you can open the Details For each extension, and in the site access section, decide whether to allow automatic access to specific domains, whether the extension can run in InPrivate, and whether to allow access to local file URLs. This management is essential to limit which sites can be used by extensions that interact with content that Copilot might then interpret.

By restricting the scope of extensions, you reduce the risk surface for unwanted behavior, content injections, or accidental exposure of data to actions that combine navigation, AI, and automation.

Copilot mode in Edge: assisted navigation and content control

Edge's Copilot Mode is an experimental experience that transforms the browser into a a proactive companion who understands what you do across multiple tabs It helps you compare, summarize, and automate tasks without you having to manually jump between pages. If you want to learn more about how to use it, see How to use Copilot mode.

One of its most striking capabilities is that it can, with your explicit permissionIt analyzes your open tabs to understand the context: products you're comparing, articles you're reviewing, forms you're about to fill out, etc. From there, it can suggest comparisons, summaries, or even complete actions on your behalf.

In addition, this mode incorporates the function Stockswhich lets you navigate using natural language with your voice. You can tell Copilot what you want to do (for example, search for rentals, buy a product, or book a service), and the system will take you to relevant sites, apply filters, and, in the future, be able to complete bookings for you as long as you authorize the necessary actions. If you want to learn how to use voice interaction, check out How to use Hey Copilot.

Copilot Mode also integrates translation tools, currency and measurement conversion, and a dynamic dashboard that displays only The relevant information on the page, eliminating noise such as banners and ads When possible. All while respecting the space of the website you are viewing so as not to disrupt the browsing experience.

Another key feature is contextual memory: Copilot can remember previous interactions and searches to relate them to a new task, always within the context of the conversation and respecting your configured privacy settings. The user remains in control. Copilot only accesses content when you allow it and alerts you when it needs deeper access for delicate tasks.

If you ever prefer to navigate "the old-fashioned way," Edge lets you instantly disable Copilot Mode and revert to traditional navigation. You can turn it on and off as needed, giving you the flexibility to adjust the level of AI assistance depending on the type of sites and actions you're using.

Copilot for Windows: browsing data, sites, and privacy

Beyond the browser itself, Copilot for Windows offers an integrated experience that allows View web content in a side panel and chat with Copilot without closing the application you're usingEach link opens in its own tab within that panel, making it easy to compare products, request summaries of complex topics, or make online purchases while you continue working.

In this context, control over which sites and data are used is fundamental. Copilot for Windows remembers the links you've opened within a conversation, so that you can return to them whenever you pick up that same thread again.This includes managing history, cookies, site permissions, and synchronizing with Edge.

Regarding local files, Copilot doesn't scan your entire PC. To show you documents, it relies on... the list of “Recent Items” in Windows and applications like Word or PhotosIf you need more information on managing and searching for files with Copilot, see How to find files with CopilotThe files are saved on your device and are not automatically uploaded to the cloud simply because Copilot shows them as recent.

If you don't want a recent file to appear in Copilot, you can hide it directly from the interface using the hide option. This gives you some leeway. Filter sensitive or personal content that you don't want so readily available in the AI ​​layer.

Regarding browsing, Microsoft explains in considerable detail what data it collects and why: diagnostics necessary for security and performance, optional data to improve products, and browsing information that, depending on the settings, may be stored on the device and, in some cases, sent to Microsoft for detect problems and fine-tune servicesThe stated philosophy is to minimize collection and limit retention time.

Browsing security: SmartScreen, forms, cookies and DRM

Copilot for Windows relies on several security components to reduce risks when visiting websites. One of the most important is Microsoft Defender SmartScreen, which It blocks downloads and content from sites reported as malicious.To do this, it compares the address of the site you are visiting with a local list of legitimate addresses and, if it doesn't find it, sends the URL to Microsoft to compare it with lists of dangerous or suspicious pages.

In terms of user experience, Copilot can also help you manage demanding tasks such as fill out forms or enter passwordsIf you choose to use these features, the information is initially saved on the device and, if you enable synchronization, it is sent to the Microsoft cloud associated with your account so that it is available on other devices where you run Copilot for Windows and Microsoft Edge.

From your profile settings, you can control which data is synced (addresses, passwords, form data) and revoke that syncing whenever necessary. All of this influences how Copilot and Edge use information across different websites and, therefore, the extent to which you allow AI actions. rely on saved browsing data and forms.

In the realm of protected multimedia content, many streaming services store data on your device digital rights management (DRM)This includes unique identifiers and media licenses. When you visit their websites, these licenses are checked to verify that you have permission to play the content, a process that also affects how Copilot may or may not display certain copyrighted content while you browse.

Cookies remain a key element: they are small files that websites use to save preferences, sessions, shopping carts, or, in some cases, tracking data for personalized advertisingCopilot for Windows gives you options to delete cookies and block new cookies from being saved in the future, strengthening your control over how sites can feed the context that AI then uses.

Copilot can also import cookies from Microsoft Edge each time it starts, to maintain a more consistent and personalized experience. This feature can be configured in the sync and import settings. Finally, you can enable sending "Do Not Track" requests to websites, although you should be aware that Not all sites respect this preference and they can continue tracking activity despite the request.

History management and cleaning of exploration data

An essential part of controlling what Copilot and Edge can do on the sites you visit is managing the browsing history, saved passwords, cookies, and other associated dataMicrosoft offers quite detailed options for cleaning up these traces both locally and in the cloud.

From Copilot for Windows you can access your profile settings, open the browsing settings section, and within web data and security, access “Clear browsing data”There you can choose the time interval to delete (last hour, last day, all, etc.) and select the types of data you want to delete: download history, cookies and other site data, file and image cache, passwords, autofill form data, site permissions, or Media Foundation data related to licenses and certificates.

You can also enable the option to decide what is automatically deleted each time you close your browser, which helps maintain a cleaner browsing profile and limit the amount of information that can be used to feed Copilot's context on future sites.

Regarding the history stored in the cloud, you can log in to your Microsoft account on the web and, from the privacy panel, View and delete browsing data associated with your accountAdditionally, from the Windows privacy and diagnostics settings, you can request the deletion of other diagnostic data linked to the device.

The synchronization of history, bookmarks, passwords, and other items between Edge and Copilot apps is controlled in the Sync and Import section. If you choose to disable this synchronization, you will limit how Copilot can... reuse browsing data from one device on anotherwhich may be desirable in highly sensitive environments.

Finally, the option to import site data from Edge to Copilot on Windows allows you to import specific browser cookies when you open the application to personalize your experience. This feature is only activated if you allow it and is based on the Edge profile with the same account; it's especially useful when you want to Copilot better understands your session on specific sites without you having to log in again or reconfigure preferences.

Microsoft 365 Copilot: architecture, permissions, and data limits

When we talk about allowing or blocking sites for Copilot actions in a corporate environment, we're entering the realm of Microsoft 365 Copilot. Here, AI acts as an orchestrator that combines LLM, Microsoft Graph data, and applications such as Word, Excel, PowerPoint, Outlook, OneNote, Loop, Whiteboard, or TeamsAll of this is under a fairly strict compliance and security framework.

Microsoft 365 Copilot accesses content and context through Graph: documents, emails, calendars, chats, meetings, and contacts, always respecting the permissions already in place in SharePoint, Teams, and other services. This means that Copilot can only display data that the user already has permission to see.Therefore, a well-configured set of permissions within the organization is the foundation of any policy regarding which data (and, by extension, which sites or repositories) can feed AI actions. To better understand what assistants and connectors are and how to use them, review What are Copilot's AI agents?.

The queries, retrieved data, and generated responses remain within the Microsoft 365 compliance boundary, and processing is performed on Azure OpenAI, not on OpenAI's public services. Microsoft clarifies that Azure OpenAI does not cache client content or Copilot's tuned prompts, and that interaction data is not cached. They are not used to train foundational models.

In the European Union, the concept of the EU Data Boundary comes into play: Copilot traffic remains within this boundary, while traffic from other regions may be processed within the EU or in other geographies depending on available capacity. In all cases, Copilot complies with the data residency commitments described in the Microsoft Product Terms and Data Protection Addendum.

This architecture is complemented by encryption in transit and at rest (BitLocker, TLS, IPsec, file encryption), logical tenant isolation via Microsoft Entra, and role-based access control, in addition to commitments to regulations such as GDPR, ISO 27001, ISO 27018, HIPAA and the future EU AI ActAll of this is essential for organizations to feel comfortable allowing Copilot to interact with internal sites, external repositories connected by Graph, and third-party services.

Interaction data, content filters, and abuse protection

Each time a user interacts with Microsoft 365 Copilot, data about that interaction is stored: the prompt they type, the response Copilot returns, and references to the information used. This set is considered the user's Copilot activity historyand is treated as organizational content with the same guarantees as the rest of the data in Microsoft 365.

These logs are encrypted, not used to train underlying models, and can be managed from tools such as content search and Microsoft Purview, including the application of retention policies and the export of chat data in Teams. End users, for their part, can delete your own activity history from the My Account portal.

To prevent malicious use or harmful content, Copilot applies filters and mitigations in several layers: detection of jailbreak attempts and message injections, hate and fairness analysis, sexual content, violence and self-harm, as well as specific controls to prevent workplace harm (e.g., automated assessments of employee performance or emotional state).

It also includes detection of copyrighted material or code licenses, although not in all scenarios. And it's important to understand that, while the results may seem unique, Different customers may receive very similar content from similar queriesThat's why Microsoft doesn't automatically grant exclusive rights to the results, although it does offer contractual protection against certain copyright claims if the built-in filters are used.

Microsoft continues to evolve its security models and measures without compromising its privacy and compliance commitments. Work on responsible artificial intelligence—transparency, reliability, bias mitigation, human review, etc.—is consistently applied so that organizations can Open Copilot to more sites and actions without compromising safety.

Copilot license templates and the role of agents

Another key element when deciding which sites and data sources can be used with Copilot is the licensing models and the types of agents available. Microsoft primarily distinguishes between Microsoft 365 Copilot Chat and Microsoft 365 Copilot Fullwith different billing options and agent capabilities.

With Microsoft 365 Copilot Chat (no usage billing), users with a Microsoft account and a Microsoft 365 or Office 365 subscription gain access to a web-based chat that uses public information and, where applicable, some corporate data. It also includes declarative agents based on instructions and public websites, available at no additional cost in the Agent Store, provided the administrator enables them.

The Copilot Chat option with usage billing introduces a model of pay-per-consumption This allows organizations to enable data-driven chat, advanced declarative agents, and custom agents connected to Microsoft Graph. This is managed from Copilot Studio and allows for the evaluation of usage patterns before committing to larger prepaid licenses.

The full Microsoft 365 Copilot license includes everything mentioned above and adds deep integrations in Word, Excel, Outlook, Teams and other apps, as well as the right to use custom agents at scale. It also unlocks specialized agents like Investigator and Analyst, and enables complex automations that combine data from multiple sites and sources.

In all cases, the use of agents—and therefore, access to internal or external sites via connectors—is governed by administration and governance policies configured in the Copilot control system within the Microsoft 365 admin centerThat's where you actually decide which sites, data sources, and actions are allowed or blocked for each type of agent.

Agent types, creation environments, and access control

Copilot agents are fundamental to extending what AI can do with specific data and sites. Microsoft primarily distinguishes between declarative agents and custom motor agentseach with different capabilities and governance requirements.

Declarative agents are configured for specific scenarios and rely on defined instructions and knowledge sources (for example, SharePoint sites, Teams channels, Outlook emails, public websites, or data exposed via connectors). They typically depend on user-initiated interactionswhich makes it easier to control when and how they act.

Custom engine agents are more advanced AI assistants, capable of orchestrating multiple models, autonomously triggering actions, and connecting to multiple internal and external data sourcesThey can trigger workflows, call APIs, and execute business processes, so their governance must be especially careful.

Regarding environments, users and developers can create agents from SharePoint (to query content from specific sites and folders), from the Agent generator in Microsoft 365 Copilot (for richer declarative scenarios), from Copilot Studio (both declarative and custom-engineered), and with the Microsoft 365 Agents Toolkit (for enterprise-level development solutions integrated with Teams, Office, and third-party channels). If you're working with SharePoint as your source, review manage SharePoint Online with Copilot before publishing agents.

Before creating a new agent, it is recommended to assess business objectives, technical requirements, costs, responsible AI risks, and applicable regulations. From there, administrators can define who has permission to create, share, publish, and use agents, and what those permissions are. Application types and agents are allowed in the tenant (not only Microsoft ones, but also third-party ones, or even those created internally).

Agent governance: policies, publication, and lifecycle

Copilot's agent governance encompasses all the policies and actions you implement to ensure these components are used in a way that... secure, compliant and aligned with the organization's objectivesThis includes defining who can access each agent, how they are shared, on which channels they are published, and when they are removed or blocked.

From the Copilot Control System, administrators with appropriate roles (Global Administrator, AI Administration, or Global Reader for read-only views) can adjust global settings: user access to Copilot across different products, agent scope, data access, and allowed application types (Microsoft, external, internal). Additional parameters on how Copilot can be used.

Regarding publishing, there are several options. Creators can:

• Share SharePoint agents in Teams.
• Share Agent Generator agents in Teams and in the Microsoft Copilot app.
• Share Copilot Studio agents with limited groups for testing.
• Upload local ZIP packages of agents for personal or small group use.

When an agent is ready for widespread distribution, it can be published in the organizational catalogWith prior administrator approval, users can then search for and install the agent in Teams, Microsoft 365 Copilot, and other enabled channels. For third-party solutions, agents can also be published in the Microsoft Teams Store and, by extension, the Microsoft Commercial Marketplace, provided they meet the responsible AI and quality of experience requirements.

The agent lifecycle is managed from a central inventory in the Microsoft 365 admin center. There you can see which agents exist, who created them, which products they support, who has access, and what permissions they require. Anchor key agents to feature them prominently In the Copilot experience, you can assign them to specific users or groups, deploy them directly (forced installation), or, if they become unsuitable, remove or block them for the entire tenant.

The "Requested Agents" section shows you the agents that creators have submitted from Copilot Studio for approval. Before publishing them, you can review their features, data sources, and custom actions in detail, and decide if they align with your internal policies regarding which sites and services can be used from Copilot.

In parallel, the inventory helps you detect agents that They have been left without an owner (for example, if the creator has left the organization) and assess whether you should remove them or reassign their maintenance to avoid risks of abandonment or lack of supervision.

Privacy, connected experiences, and control over content analytics

In Microsoft 365 Apps, privacy controls for connected experiences directly impact the availability of Copilot features. If an organization disables the connected experiences that analyze contentCopilot features will no longer be available in Excel, OneNote, Outlook, PowerPoint, and Word on most devices.

There is also a global option to disable all connected experiences, including optional ones. If this control is applied, Copilot features that rely on connected services—such as web search or access to certain external sites— will not be available to usersIt is a forceful cutting mechanism, but useful in environments that require very strict isolation.

For scenarios where Copilot is desired but used cautiously, controls can be combined: allowing connected experiences that do not analyze sensitive content, limiting the use of optional services, and applying DLP (data loss prevention) policies that prevent agents and connectors from publish or share information on unauthorized channels.

In short, this entire network of settings—from the Edge browser and Copilot for Windows to Microsoft 365 Copilot, agents, connected experiences, and privacy policies—is designed to let you decide, with considerable precision, which sites, data, and actions you allow Copilot to access and which you prefer to block. By fine-tuning these controls, you can maximize Copilot's productivity and intelligent assistance while maintaining a level of security. security, control, and compliance tailored to the real needs of each organization and each user.