Microsoft Copilot licensing can be complex — from individual developer seats to enterprise-wide AI deployments. This guide cuts through the jargon, shows you every tier, the prerequisites you need, and exactly how to implement each one.
Most Copilot products require an existing Microsoft subscription. Here's the dependency chain.
Standalone — only needs a GitHub account. No M365 required.
Required prerequisite to add Microsoft 365 Copilot.
Unlocks Copilot in Word, Excel, Teams, Outlook + 25K Studio messages.
Extends M365 Copilot with custom-built AI agents & integrations.
Security Copilot is separately licensed via SCU capacity — it does not require M365 Copilot.
Filter by persona to find the best fit for your team.
Click any plan below for a step-by-step deployment guide your IT team can follow.
6 steps from licence purchase to first user going live in Word, Teams & Outlook
Confirm each target user has an active M365 E3, E5, Business Premium, or Business Standard licence assigned in the Microsoft 365 Admin Centre. Navigate to Admin → Users → Active Users and filter by licence. Users without a qualifying base licence cannot receive Copilot.
In Microsoft 365 Admin Centre → Billing → Purchase Services, search for "Microsoft 365 Copilot" and select your desired quantity. Alternatively, purchase through your Microsoft Cloud Solutions Provider (CSP) like Copilot 365 for additional support and potential savings. Confirm annual subscription pricing at $30/user/month.
Go to Admin Centre → Users → Active Users, select each pilot user, click Manage product licences, and toggle on "Microsoft 365 Copilot". Alternatively, use group-based licensing: assign the licence to an Azure AD security group, and all members inherit it automatically — ideal for scalable rollout.
Microsoft Docs: Assign licences →Copilot accesses data the user has permission to view via Microsoft Graph. Before enabling, audit over-shared content in SharePoint and OneDrive using Microsoft Purview → Data Catalogue. Apply sensitivity labels to classify confidential documents. Ensure DLP policies are in place so Copilot cannot surface data users shouldn't see.
Copilot activates automatically once the licence is assigned — no additional toggle is needed in most tenants. Run a 60-minute adoption workshop covering: how to access Copilot in each M365 app, writing effective prompts, understanding AI-generated output, and data responsibility. Use Microsoft's Copilot Adoption Hub resources for ready-made training materials.
Microsoft Copilot Adoption Hub →After 30 days, review Microsoft 365 Admin Centre → Reports → Copilot usage to track active user rate, feature usage by app, and user sentiment. Conduct pulse surveys to capture qualitative feedback. Use the Copilot 365 ROI Calculator to quantify time saved. Present findings to leadership and plan a full org-wide rollout based on evidence.
6 steps to roll out AI code assistance across your development organisation
Log in to github.com and navigate to your organisation settings (or create a new organisation if needed). Ensure all developers who will use Copilot are members of the organisation. Verify that your organisation has billing set up with a valid payment method.
In your GitHub organisation, go to Settings → Copilot → Access. Select "Enable for all members" or "Enable for selected members". Choose the Copilot Business plan ($19/user/month). GitHub will bill per active seat at the end of each billing cycle — unused seats are not charged.
GitHub Copilot Settings →In Organisation Settings → Copilot → Policies, configure: (1) Suggestions matching public code — set to "Block" to reduce IP risk; (2) Allow or restrict Copilot Chat; (3) Enable/disable Copilot in the CLI. For enterprises in regulated industries, disable telemetry and set "Allow GitHub to use my data for product improvements" to off.
Developers install the GitHub Copilot extension in their preferred IDE: VS Code (search "GitHub Copilot" in Extensions), JetBrains IDEs (via JetBrains Marketplace), Neovim (via the copilot.vim plugin), or Visual Studio 2022 (via the Extensions menu). After installation, sign in with the GitHub account linked to the licensed organisation.
GitHub Copilot Setup Docs →Run a 1-hour workshop covering: using Copilot Chat for code explanation, writing precise inline comments to guide completions, using Copilot for unit test generation, and spotting when to accept vs reject suggestions. Encourage a "review every suggestion" mindset — Copilot accelerates work but humans remain accountable for code quality.
In GitHub Organisation → Insights → Copilot usage, review: active users, suggestion acceptance rate (target >30%), lines of code accepted, and chat interactions. Set a baseline sprint velocity before and after activation to measure impact. Target 20–40% reduction in time-to-first-commit for new features within 90 days.
6 steps from blank canvas to a deployed AI agent answering real business questions
Copilot Studio runs inside Microsoft Power Platform. In the Power Platform Admin Centre, create a new environment (or use an existing one) with Dataverse enabled. Choose a region that aligns with your data residency requirements. Assign the Environment Admin role to your project team. Copilot Studio is available under copilotstudio.microsoft.com.
Before opening Copilot Studio, document: (1) What questions should the agent answer? (2) What data sources does it need (SharePoint, websites, documents, APIs)? (3) Who is the audience (employees, customers, partners)? (4) What actions should it perform (submit forms, query Dynamics 365, send notifications)? A clear brief prevents scope creep.
In Copilot Studio, click Create → New Agent. Name the agent and give it a system prompt describing its personality and purpose. Under Knowledge, add your sources: SharePoint site URLs, uploaded documents (PDFs, Word files), or public websites. The agent will ground its answers in these sources. Enable generative answers for questions outside explicit topics.
Copilot Studio Documentation →Topics are conversation flows triggered by user intent. Create topics for your top 10 most common questions. For each topic, define trigger phrases, add response nodes, and optionally call a Power Automate flow for dynamic data (e.g., fetch leave balance from HR system). Use Adaptive Cards for rich, interactive responses in Teams.
Use the built-in Test Agent pane to simulate user conversations. Review which topics trigger correctly and where fallbacks occur. Check that generative answers cite the right knowledge sources. When satisfied, click Publish and deploy to your chosen channel: Microsoft Teams (most common), a SharePoint page embed, your website via the web chat widget, or a custom API endpoint.
In the Analytics tab, review: total sessions, engagement rate, escalation rate (conversations handed to a human), and CSAT scores if you enable feedback prompts. Track monthly message consumption against your allocation (25K with M365 Copilot, $200 per additional 25K). Iterate on low-performing topics monthly using real conversation data.
6 steps to activate AI-assisted threat investigation for your SOC team
Security Copilot integrates with Microsoft Defender XDR, Microsoft Sentinel, Intune, Entra ID Protection, and Purview. Check that your organisation has at least one of these products active. While Security Copilot doesn't strictly require them, it provides significantly more value when plugged into live security telemetry streams. Confirm your Azure subscription is active.
Security Copilot is capacity-priced, not per-user. In the Azure Portal, search "Microsoft Security Copilot" and create a new capacity resource. Select your Azure region, then specify the number of SCUs. Start with 1–3 SCUs for a pilot (enough for 2–4 concurrent analysts). At $4/SCU/hour, 2 SCUs runs at roughly $5,800/month if run 24/7 — many orgs scale down outside business hours.
Security Copilot Setup Guide →In the Security Copilot portal (securitycopilot.microsoft.com), assign roles: Copilot owner (admins who manage plugins and settings) and Copilot contributor (analysts who use it). Role-based access means analysts only see data they already have permissions for in the underlying security products — no privilege escalation.
In Settings → Plugins, enable the Microsoft-built plugins: Microsoft Defender XDR, Microsoft Sentinel, Entra, Intune, and Purview. Each plugin grants Copilot access to that product's telemetry. You can also enable third-party plugins or build custom ones via API. Start by enabling Defender XDR and Sentinel as your primary investigation sources.
Open a real or simulated security incident in Defender XDR. Click "Summarise incident with Copilot" to generate a natural-language briefing. From there, ask follow-up questions: "What accounts were compromised?", "Show me the attack timeline", "What containment steps should I take?". Copilot generates KQL queries, executes them, and presents results in plain English.
After 30 days, review the Security Copilot usage dashboard to understand peak usage hours and average SCU consumption per investigation. Use Azure Cost Management to set budget alerts. Scale SCUs down during off-hours with Azure automation if you don't run a 24/7 SOC. Build a Promptbook library covering your most common investigation scenarios — this standardises your team's approach and accelerates junior analyst onboarding.
| Feature | GitHub Individual | GitHub Business | M365 Copilot | E5 + Copilot | Copilot Studio | Security Copilot |
|---|---|---|---|---|---|---|
| Developer Tools | ||||||
| AI code completions (IDE) | ||||||
| Copilot Chat (code) | ||||||
| IP indemnity protection | — | — | — | — | ||
| Organisation policy controls | ||||||
| Productivity Apps | ||||||
| Copilot in Word | ||||||
| Copilot in Excel | ||||||
| Copilot in Teams | ||||||
| Copilot in Outlook | ||||||
| Microsoft 365 Chat (BizChat) | ||||||
| Enterprise & Governance | ||||||
| Data stays in your tenant | Partial | |||||
| Advanced compliance (Purview) | ||||||
| Microsoft Defender suite | Required | |||||
| Power BI Pro | ||||||
| Platform & Extensibility | ||||||
| Build custom AI agents | 25K msgs/mo | 25K msgs/mo | ||||
| 1,000+ data connectors | ||||||
| AI threat investigation | ||||||
| Pricing | ||||||
| Price | $10/user/mo | $19/user/mo | $30/user/mo | $57/user/mo | $200/25K msgs | $4/SCU/hr |
| Prerequisite licence | None | GitHub Org | M365 E3/E5 | Included | M365 Copilot | Defender/Sentinel |
| Minimum seats | 1 | 1 | 1 | 1 | Capacity | Capacity |
For Microsoft 365 Copilot (the version embedded in Word, Excel, Teams, and Outlook), yes — you need an existing M365 E3, E5, Business Premium, or Business Standard subscription as a prerequisite. GitHub Copilot is completely standalone and only requires a GitHub account. Security Copilot requires an Azure subscription and ideally a Defender or Sentinel licence, but not M365 Copilot.
Yes. Microsoft 365 Copilot is a per-user add-on licence, so you can assign it to specific individuals rather than your entire tenant. There is no minimum seat requirement, making it easy to start with a pilot group of 25–50 users and expand based on ROI evidence. GitHub Copilot Business similarly bills only for active users.
Copilot Studio is Microsoft's platform for building custom AI agents and chatbots without code. It's licensed on a message-based model: organisations with M365 Copilot receive 25,000 messages per month as part of that subscription. Additional capacity can be purchased at $200 per 25,000 messages. Standalone Copilot Studio can also be licenced without M365 Copilot, but you'll need to purchase message capacity separately.
Microsoft offers a free consumer Copilot at copilot.microsoft.com with general-purpose AI capabilities. This is entirely separate from Microsoft 365 Copilot, which is the paid product that embeds AI directly into your M365 applications and has access to your organisational data via Microsoft Graph. The free version cannot access your company data, emails, or documents.
Yes. Microsoft offers special pricing for qualified education institutions through M365 A3/A5 plans, and government organisations through M365 G3/G5 (US) and equivalent UK government frameworks. Copilot can be added to these plans. Copilot 365 can help you verify eligibility, navigate procurement frameworks, and ensure you're purchasing at the right price through the correct Microsoft channel.
Security Copilot is licensed on a compute capacity model using Security Compute Units (SCUs). You provision SCUs per hour via Azure, and you pay only for what you use. Each SCU represents a fixed amount of AI processing capacity. Most organisations start with 2–4 SCUs to support 2–5 concurrent security analysts. You can scale up during incident response and scale down during quiet periods — ideal for cost-efficient security operations.
As a Microsoft Cloud Solutions Provider, we procure, configure, and manage Copilot licences on your behalf — ensuring you pay the right price for the right plan, with full deployment support included.