Claude in Microsoft 365. Built-in Copilot or MCP connector?

An architecture-side reading: why ISO/SOC 2 and the no-training commitment are not enough to call the two options equivalent.

AUTHOR Myriam Spitz Mooser Fractional Architect — Microsoft 365 & Azure AI

FOR IT & Risk decision-makers

Reading ~ 4 min · 9sections

It's the same thing — Claude in both cases. The contracts are in place, the data isn't used for training, so the risk is the same.

— The shortcut to avoid

Two distinct architectures, two trust perimeters, two contractual regimes — and three material differences that change the audit profile.
01 — Contractual scope
02 — Data governance
03 — Residency & flows

OPTION A · NATIVE

Claude in M365 Copilot

Anthropic appears in Copilot as an alternative to OpenAI, under Microsoft oversight.

→ Anthropic as Microsoft subprocessor
→ Existing M365 DPA applies
→ Enterprise Data Protection covers everything
→ No third-party app added to the tenant

OPTION B · THIRD-PARTY

Claude MCP Connector

Claude reads the tenant via Graph API, under Anthropic oversight, separate contract.

→ Direct contract with Anthropic
→ Separate Anthropic DPA required
→ 2 Entra ID apps installed
→ Delegated permissions via Graph API

COPILOT

Single point of contact

Microsoft carries the relationship.

→ M365 DPA, Customer Copyright Commitment, Microsoft breach notification.
→ One vendor to audit.

MCP CONNECTOR

Shared responsibility

Two parallel contracts.

→ New Anthropic DPA to sign, separate breach notification.
→ Different jurisdictions and retention periods.

CAPABILITY	COPILOT	MCP CONNECTOR
Sensitivity labels in the conversation	Preserved	Label lost
Purview DLP on Graph extraction	Native	Inherited
DLP on Claude prompt / response	DSPM for AI	MDCA / Network DSec (E5)
Purview audit logs (Graph API)	Complete	Tool calls logged
eDiscovery on AI conversation	Included	Not included
MFA & Conditional Access (Entra)	Honored	Honored

OPTION A · COPILOT

M365 tenant → Azure (EDP) → Anthropic (US)

Outside EU Data Boundary. Off by default in EU/UK.

→ Microsoft contractual coverage across the chain.

OPTION B · MCP CONNECTOR

M365 tenant → Graph API → Anthropic infra (US)

Outside EU Data Boundary. Datacenters primarily US.

→ Anthropic contractual coverage from the Graph onward.

CRITERION	M365 COPILOT	MCP CONNECTOR
Contractual framework	Microsoft DPA + EDP	Direct Anthropic DPA
Customer Copyright Commitment	Covered	Not applicable
EU Data Boundary	Outside EU DB · off by default	Outside EU DB · US
Model training	No (EDP)	No (if data sharing off)
Sensitivity labels tracked	Preserved	Lost on Claude side
Purview DLP · Graph extraction	Native	Inherited (delegated permissions)
DLP on AI prompts / responses	DSPM for AI	MDCA / Network DSec (E5)
Audit logs (Graph API)	Complete	Logged via Purview
eDiscovery on AI conversation	Included	Not included
Third-party Entra apps	None	2 apps installed
License	M365 Copilot · $30/user/month	Any Claude plan

— OFFICIAL DOCUMENTATION

01
Purview data security for M365 Copilot & generative AI — Microsoft Learn learn.microsoft.com/en-us/purview/ai-microsoft-purview
02
Purview Network Data Security — Microsoft Learn learn.microsoft.com/en-us/purview/dlp-network-data-security-learn
03
M365 Connector Security Guide — Anthropic support.claude.com/en/articles/12684923
04
Enable and use the M365 connector — Anthropic support.claude.com/en/articles/12542951
05
Claude × Sentinel via MCP — Microsoft Tech Community techcommunity.microsoft.com/4507013

— INDEPENDENT ANALYSES

06
Anthropic comes to M365 Copilot, UK/EU impacts — Jersey Finance jerseyfinance.com/insights/anthropic-comes-to-microsoft-365-copilot
07
Choice (and risk) with Claude — Directions on Microsoft directionsonmicrosoft.com/reports/m365-copilot-adds-choice
08
Using the M365 Connector for Claude — Office 365 IT Pros office365itpros.com/2026/04/08/microsoft-365-connector-for-claude
09
Detecting Claude with Entra, Purview, Defender XDR — Blue Cycle bluecycle.net/post/detecting-claude-ai-macos-m365-security
10
CISO Decision Framework — myABT myabt.com/blog/third-party-ai-microsoft-365-tenant
11
M365 Copilot enables Anthropic models by default — UC Today uctoday.com/microsoft-365-copilot-anthropic-models

Claude in Microsoft 365 — Native Copilot or MCP connector?

Claude in Microsoft 365. Built-in Copilot or MCP connector?

Two architectures, not one conversation.

Same model. Two paths.

Claude in M365 Copilot

Claude MCP Connector

Who answers in case of incident?

Single point of contact

Shared responsibility

Your Purview tools: how far?

Where does the data live after reading?

M365 tenant → Azure (EDP) → Anthropic (US)

M365 tenant → Graph API → Anthropic infra (US)

On one page.

What actually changes.

Sources & references.

— OFFICIAL DOCUMENTATION

— INDEPENDENT ANALYSES