← Back to Blog

Microsoft Copilot in Education: Student Data Protection Under FERPA

E2E Agentic Bridge·March 1, 2026

The FERPA Problem Microsoft Doesn't Emphasize

Microsoft 365 Education is deployed in thousands of school districts and universities across the United States. It holds student emails, grades, attendance records, disciplinary actions, IEP documents, counselor notes, and administrative communications. All of this lives in Exchange, SharePoint, Teams, and OneDrive.

Now Microsoft wants to add Copilot to Education tenants.

The Family Educational Rights and Privacy Act (FERPA) protects student education records from unauthorized disclosure. The penalty for violation isn't just a fine — it's the potential loss of all federal funding. For a public university, that could mean hundreds of millions of dollars. For a K-12 district, it could mean operational shutdown.

Copilot's fundamental design — surface information the user has access to through natural language — is on a collision course with FERPA's fundamental requirement: restrict access to student education records to those with a legitimate educational interest.

What FERPA Actually Requires

FERPA applies to any educational institution that receives federal funding (which is nearly all of them). The key provisions relevant to Copilot:

Education records include any record directly related to a student that is maintained by the educational institution. This covers grades, transcripts, disciplinary records, financial aid information, and any personally identifiable information (PII) linked to these records.

Legitimate educational interest is the standard for internal access. School officials (including teachers, administrators, and staff) can access education records only if they have a legitimate educational interest — meaning they need the information to fulfill their professional responsibilities.

Directory information (name, address, phone, enrollment status) can be shared more broadly, but parents and eligible students must be notified and given the option to opt out.

Third-party disclosure requires written consent from parents (or eligible students over 18), with limited exceptions for school officials, auditors, financial aid, and studies conducted on behalf of the institution.

The critical question for Copilot: does Microsoft qualify as a "school official" under FERPA, and does Copilot's data processing maintain the "legitimate educational interest" boundary?

Microsoft's FERPA Position

Microsoft has addressed FERPA in its compliance documentation. The argument goes:

  1. Microsoft acts as a "school official" under FERPA because it performs institutional functions under the institution's direct control
  2. The Data Protection Addendum (DPA) for education customers includes FERPA commitments
  3. Customer data is processed only as directed by the institution
  4. Microsoft doesn't use student data for advertising or non-educational purposes

This argument has merit for traditional M365 services. Exchange stores emails where they're put. SharePoint hosts files where they're uploaded. The access controls are configured by the institution.

But Copilot changes the equation. Copilot doesn't just store data — it actively surfaces data across services in response to user queries. The institution can't predict or control what data Copilot will surface for any given prompt. The "direct control" argument gets weaker when an AI is autonomously deciding what's relevant.

Five Concrete FERPA Risk Scenarios

Scenario 1: The Teacher Who Sees Too Much

A high school English teacher asks Copilot to "help me prepare for parent-teacher conferences next week." Copilot, trying to be helpful, pulls information from:

  • The teacher's own grade records (legitimate)
  • Emails from the school counselor about a student's personal situation (potentially not legitimate for this teacher)
  • A discipline report from the vice principal's shared mailbox (not legitimate)
  • An IEP accommodation memo from the special education team (potentially not legitimate unless the teacher is on the IEP team)

The teacher now has access to information they shouldn't have seen. Under FERPA, the school has potentially made an unauthorized disclosure of education records.

Scenario 2: The Administrative Assistant

A school office administrator uses Copilot to "find all correspondence about the Johnson family." Copilot surfaces:

  • Enrollment paperwork (legitimate — the admin processes enrollment)
  • Financial aid applications with income information (potentially legitimate depending on role)
  • A teacher's email to the principal about a suspected abuse situation (not legitimate for an admin)
  • Counselor notes about the student's mental health (definitely not legitimate)

The admin had Exchange access to these mailboxes for scheduling and logistics purposes. Nobody anticipated that access would be weaponized by an AI search engine.

Scenario 3: Cross-School Exposure in District Tenants

Many school districts use a single M365 tenant for all schools. A middle school teacher with Copilot access might be able to surface information about students at other schools in the district — students they have no legitimate educational interest in whatsoever.

This happens because district-level SharePoint sites, shared mailboxes, and Teams channels often have broader permissions than individual school resources. Copilot traverses all of them.

Scenario 4: The Student Worker

Universities commonly employ students in administrative roles — work-study positions in registrar offices, financial aid, advising centers. These student workers might have M365 access for their job functions.

If Copilot is enabled for these accounts, a student worker could query Copilot about classmates, friends, or romantic partners and potentially surface their education records. FERPA violations involving student-on-student data access are particularly sensitive.

Scenario 5: The Research Faculty

A professor conducting research asks Copilot to "summarize student performance data for my research on STEM attrition." Copilot surfaces identifiable student records from the department's shared data repositories.

Research use of student data requires either de-identification or specific FERPA exceptions (studies conducted for or on behalf of the institution). Copilot doesn't de-identify data — it surfaces it as-is.

Technical Controls for Education Tenants

Restrict Copilot Licensing

Don't deploy Copilot to all staff. Create a tiered approach:

Tier 1 — No Copilot access:

  • Student workers
  • Temporary staff
  • Volunteers
  • Substitute teachers

Tier 2 — Limited Copilot access (with Restricted SharePoint Search):

  • Classroom teachers (limit to their own course sites)
  • Department staff (limit to their department resources)
  • Basic administrative roles

Tier 3 — Broader Copilot access (with monitoring):

  • Building administrators
  • Department chairs
  • IT staff

Tier 4 — Full Copilot access (with audit logging):

  • District administrators
  • Registrar
  • Compliance officers

Implement Information Barriers

Use Microsoft Purview Information Barriers to enforce FERPA's "legitimate educational interest" boundary:

  • School-level barriers in district tenants — prevent teachers at School A from accessing data at School B
  • Role-based barriers — prevent administrative staff from accessing counselor records, prevent teachers from accessing financial aid data
  • Student worker isolation — ensure student employees can't access peer education records through Copilot

Sensitivity Labels for Student Records

Apply sensitivity labels aggressively to student-related content:

  • "Student Records — FERPA Protected" — applied to any document containing student PII linked to education records
  • "Counselor Confidential" — applied to counseling notes, mental health referrals, and related communications
  • "IEP / Section 504" — applied to special education documents
  • "Discipline Records" — applied to behavioral incident reports

Configure these labels to restrict Copilot processing. A document labeled "Counselor Confidential" should not be surfaceable by Copilot for users outside the counseling team.

For implementation details on sensitivity labels, see our sensitivity labels configuration guide.

Exchange Permission Lockdown

Education tenants have notoriously loose Exchange permissions. Before Copilot deployment:

  • Remove all unnecessary shared mailbox access
  • Eliminate delegation grants that exceed job requirements
  • Review distribution group membership — does "All Staff" really need to include everyone?
  • Create role-specific shared mailboxes instead of sharing individual mailboxes

The Exchange permission problem is amplified in education. Read our detailed Copilot and Exchange security guide for the full audit methodology.

SharePoint Site Architecture

Restructure SharePoint to align with FERPA access boundaries:

  • Per-school sites with school-specific membership (not district-wide access)
  • Role-restricted sites for sensitive functions (counseling, special education, discipline)
  • Student data repositories with explicit, audited access lists
  • No "Everyone" permissions on any site containing student data

Conditional Access for Education

Configure Entra ID Conditional Access policies specifically for Copilot:

  • Require managed devices (students and staff shouldn't use Copilot on personal devices)
  • Block access from non-school networks for sensitive roles
  • Require MFA for all Copilot access
  • Implement session controls that limit Copilot session duration

The IDEA and Section 504 Complication

FERPA isn't the only regulation education institutions need to worry about. The Individuals with Disabilities Education Act (IDEA) and Section 504 of the Rehabilitation Act impose additional protections on special education records.

IEP documents, 504 accommodation plans, evaluations, and related communications are among the most sensitive records in a school. These documents contain detailed information about students' disabilities, medical conditions, behavioral challenges, and family circumstances.

Copilot surfacing IEP content to a teacher who isn't on the student's IEP team isn't just a FERPA violation — it's potentially an IDEA violation as well. The consequences multiply.

Protecting Special Education Records

  • Store all IEP and 504 documents on a dedicated, locked-down SharePoint site
  • Limit access to IEP team members, special education administrators, and compliance staff
  • Apply the highest-level sensitivity label
  • Exclude the special education site from Copilot search entirely using RSS
  • Audit all access to special education content monthly

State Privacy Laws Add Complexity

FERPA is the federal floor, not the ceiling. Many states have enacted additional student privacy protections:

  • California (SOPIPA) — restricts how K-12 student data can be used by technology providers
  • New York (Education Law 2-d) — requires data privacy and security plans for third-party contracts
  • Colorado (Student Data Transparency and Security Act) — requires transparency about what student data is collected and how it's used
  • Illinois (SOPPA) — requires published agreements for technology vendors accessing student data

Each of these laws may impose requirements beyond FERPA that affect how Copilot can be deployed. Education institutions need to evaluate Copilot against their specific state requirements, not just federal law.

The Vendor Agreement Question

Before deploying Copilot in an education tenant, review your Microsoft agreement:

  1. Does your DPA explicitly cover Copilot? Early education DPAs may not mention AI/Copilot features. Ensure your agreement has been updated.
  2. Does the agreement address Copilot's data processing? Copilot processes data differently than traditional M365 services. The agreement should address how prompts and responses are handled.
  3. Is there a FERPA-specific addendum? Microsoft offers FERPA compliance documentation, but your institution should have explicit contractual commitments, not just marketing materials.
  4. Who is liable for misconfigured permissions? If Copilot surfaces data it shouldn't because of a permission misconfiguration, is that Microsoft's liability or the institution's? The answer is almost certainly the institution's — which means the configuration burden is on you.

A Phased Approach for Education

Phase 1 (Months 1-2): Assessment

  • Inventory all student data locations across M365
  • Audit permissions against FERPA's "legitimate educational interest" standard
  • Review state-specific requirements
  • Update Microsoft DPA for Copilot coverage

Phase 2 (Months 3-4): Hardening

  • Deploy sensitivity labels to student records
  • Implement Information Barriers for school and role boundaries
  • Clean up Exchange and SharePoint permissions
  • Configure Conditional Access for Copilot

Phase 3 (Months 5-6): Limited Pilot

  • Deploy Copilot to Tier 3-4 users only (administrators and compliance staff)
  • Monitor audit logs closely for unexpected data access
  • Gather feedback on configuration restrictions
  • Adjust Information Barriers and RSS settings based on findings

Phase 4 (Month 7+): Controlled Expansion

  • Expand to Tier 2 users with appropriate RSS restrictions
  • Continue monitoring and adjusting
  • Never deploy to Tier 1 users (student workers, temps)
  • Conduct quarterly FERPA compliance reviews that include Copilot

Take Action Now

Student data protection isn't optional — it's federal law. Before deploying Copilot in your education tenant, use the E2E Agentic Bridge Scanner to identify FERPA exposure risks across your M365 environment. Find the permission gaps, unprotected student records, and missing Information Barriers before Copilot finds them first.