Back to blog
AI Governance and Risk Management

How do I convince my IT team not to enforce Microsoft Copilot?

Charlie Cowan

Charlie Cowan

June 25, 2025

How do I convince my IT team not to enforce Microsoft Copilot?

Companies with enterprise Microsoft licences are mandating Copilot as the default AI tooling, and blocking access to ChatGPT, Claude and Gemini.

By doing this they risk forcing usage of the leading models underground and on to employee's personal devices,

causing the very security risks they seek to avoid.

Prefer to watch?

Why it matters

We are seeing one of the biggest changes in human behaviour since the arrival of the internet.

It doesn't matter where you went to school, which country you were born in, how rich you are, or your age - everyone has access to the infinite knowledge machine on their phone and personal devices.

Blog image

In a well-intentioned effort to maintain data security and protect corporate intellectual property, companies that have access to Microsoft Copilot licences are locking down access to other frontier providers.

But this is not like SaaS in the 2000s.

If your company purchased Microsoft Dynamics for CRM, you weren't likely to go home and set up a Salesforce.com account - you used what you were given.

That is not the case now.

If your work provides you an inferior product, and you have the leading model on your personal phone - you will use it and just not tell anyone.

This chart from Mary Meeker's AI Trends Report shows ChatGPT dominates mobile app downloads. You can't prevent this unless you remove your employee's personal phones. (note Copilot not even on the chart)

Blog image

In the communities and networks I am part of not one single person is using Copilot to do real work.

The only people using Copilot do so because they have been mandated to - and these are the people that don't think AI is very good.

Why is Copilot not chosen by users?

There are three main reasons why your employees are going to pick up their phone and use something else:

User experience

The models are so good now, that for the typical worker doing a typical role, the model is no longer the limiting factor.

It is the human's ability to come up with a great question or task, and the ability to engage with the AI effectively.

OpenAI's advances in

  1. Projects (reusable prompts for yourself)
  2. GPTs (reusable prompts for others, including outside your company)
  3. Advanced Voice
  4. Deep Research
  5. Integrations (Hubspot, Google, Microsoft plus many more)
  6. Mobile and desktop applications

mean that the user gets a better outcome and a better experience with ChatGPT.

Models

Underlying Copilot are versions of OpenAI's models - but they are not the frontier versions where the innovation is happening.

Its like watching a movie on the +1 channel - you know you are behind.

ChatGPT is at the forefront (along with Gemini from Google and Claude from Anthropic) and by using ChatGPT you know you are on the front line for both chat models, reasoning models, and multi-modal models.

Blog image

Sharing

Today using AI is a very personal experience - experimenting and finding prompts and use cases that work well for you individually.

The real corporate advantage is unlocked when teams are using AI together, and this is where ChatGPTs "GPTs" come in - wrappers around a specific task, process or policy that can be shared across the organisation, or even better externally to customers, suppliers, partners and candidates.

Blog image

GPTs are an area that OpenAI leads all of the other vendors.

Why is my IT and legal team so against ChatGPT?

Its understandable, but misplaced.

Microsoft makes a strong case for its enterprise credentials, securing all of your data under its enterprise licence.

Its an easy line to say, "OpenAI is still a young startup, its a consumer product, they train on your data, we could never trust it with our company and client information"

Unless someone looks into it properly, they'll take that at face value, block it at the firewall and push on with a Copilot roll out.

How do I convince IT and Legal to take a look at ChatGPT?

Here are three things to highlight to your colleagues:

Business licences

As an individual you can have a Free, Plus or Pro ChatGPT account.

But they also have two business licences:

Team: from 2 users upwards, includes centralised billing, user management and Single Sign On

Enterprise: invoice billing, higher limits, higher levels of governance, user management and and opportunity to choose data residency.

Blog image

In both Team and Enterprise the default is that OpenAI does not train on your company data.

Many IT teams are not familiar with what is possible - thinking they are comparing Copilot with the personal versions of ChatGPT.

Integrations

Providing context to the models is what drives better outcomes, especially in a work environment.

OpenAI recently launched deep connections into Microsoft Sharepoint, Outlook and Teams meaning that users can ask about a customer account, a project, recent meetings, and ChatGPT can use this in its internal research.

Blog image

New integrations into Hubspot, Box, Dropbox and many more to come mean that ChatGPT becomes the chat layer across all of your existing stack - without those integrations there is a lot of copy paste required further increasing data privacy risks.

Enterprise-grade security

OpenAI have and continue to build out an enterprise-grade secure platform.

On the Enterprise plan you get:

  1. industry-standard cryptography to protect your data. This includes using AES-256 encryption at rest and TLS 1.2 or higher in transit.
  2. enterprise-grade admin tools, including SAML SSO, SCIM provisioning, and role-based permissions for secure user and group management
  3. compliance with GDPR, CCPA, and other privacy laws, and align with CSA STAR and SOC 2 Type 2 Trust Services Criteria

If your Infosec team have a spreadsheet with lots of boxes that need ticking - ChatGPT Enterprise is going to tick them.

Start small to build confidence

I advocate companies run at least two models in an A/B split test.

  1. One model (A) is rolled out to the entire employee base
  2. A second model (B) is rolled out to a subset (5-10%) as well as A

Watch what the people in that subset do very closely.

Which model do they use, what for, and why?

This advice applies whether A is ChatGPT, Gemini, Claude or any other model - the world is moving fast and it is important to always have a plan B.

So whilst your A might be Copilot, roll-out ChatGPT Team or Enterprise to a small subset. Include some senior leaders in that group.

Build your confidence that the platform is secure, well integrated, has the right provisioning and admin capabilities, and most importantly, users love it.

Then you can make your case over whether B is switched with A, and ChatGPT becomes your default tool.

Go Deeper

If you want more information on ChatGPT Enteprise, visit their security page.