Microsoft supports commercial data protection in Copilot sessions. By employing both DNS and HTTP header injection methods, a company-wide Copilot data protection rule can be enforced. This ensures that no one can start using Copilot or Bing Chat without logging into their O365 work or school account, thereby preventing any accidental exposure of sensitive information.