Hey friends,

Most Australian businesses I work with assume their Copilot data stays in Australia. Until very recently, that was a safe assumption. It no longer is.

Microsoft made a quiet change to Copilot earlier this year that almost nobody is talking about, and it has implications for every AI policy currently in market.

On 7 January 2026, Microsoft enabled Anthropic as a sub-processor inside Copilot. For most Australian and New Zealand business tenants, this setting was switched on by default. Not opt-in. Default on. The EU, the UK, and a few other regions had it switched off by default. We didn't.

Since then, Microsoft has been steadily building Claude features into Copilot. First inside Researcher. Then inside the agents you can build in Copilot Studio. Now inside Cowork, the new product Microsoft is pushing as the future of how teams will use AI at work.

All of these run on Claude under the hood.

Here is how it actually works in your tenant. The sub-processor setting was switched on for you in January. Once that is on, your admin can then enable specific Claude features, like Researcher or Claude inside Copilot Chat, for your users. Many Australian admins have done that already, often without realising what data path it opens.

And here is the part that matters. Microsoft's commitment to keep your data in Australia still holds for Microsoft's own models. It does not extend to features that use Claude. Any request that routes to Claude leaves the Australian guarantee and gets processed at Anthropic's data centres, which are primarily in the United States.

If your admin has turned on any of the Claude-powered Copilot features, and your team has used them, your data has already left Australia. It is not a future risk. It is something that has already happened.

The user would not know. There is no warning. No banner. No message that says "you're now using a US-based service." It just works.

If your business has an AI policy that approved Copilot on the basis that data stays onshore, that policy has already been quietly broken, every single time someone has used a Claude-powered feature. The break is invisible to the user, invisible to their manager, and largely invisible to IT unless someone is actively checking the settings.

Nothing visibly broke. The product still works. The thing that cracked is the promise underneath.

I want to be direct, because I have seen this play out in real policy documents from organisations who should know better.

Most AI policies list approved tools. Copilot is approved. ChatGPT Enterprise is approved. Claude is not approved. Done.

That is no longer enough.

A tool-level approval made sense when each tool was a single product with one predictable data path. That world is gone. Copilot is now a multi-model platform. The data story inside it changes depending on which feature gets used. The tool can be approved while specific features inside the tool quietly break the rules the tool was approved under.

If you are running Copilot in any kind of regulated, sensitive, or data-conscious environment, here is what actually needs to happen.

First, your AI policy needs an approved use case list, not just an approved tools list. It is no longer enough to say "Copilot is approved." You need to specify which features are approved, under what conditions, and which are out of scope until reviewed. More work, yes. Also the work.

Second, if data location is not a big deal for your business, ask yourself honestly what Copilot still gives you over Claude. Claude can now connect to your email, SharePoint, and calendar through the same kind of integrations Microsoft used as its moat. The Microsoft advantage was never really the model. It was the integration. That gap is closing. If onshore data is not your reason for choosing Copilot, the case for staying inside the Copilot wrapper is weaker than it was a year ago.

Third, and this is the hardest one, your people need to be educated. This is not a problem your IT lead can solve from the top. It is not a problem you can solve as a business owner. The people sitting in front of Copilot every day need to understand the difference between a Microsoft-model feature and a Claude-powered one. They need to know what a sub-processor is. They need to know which prompts carry risk.

If you hand your team Copilot, tell them it is approved and safe, and never teach them the nuance, you are not running an AI policy. You are running on hope.

This is not a panic piece. Claude inside Copilot is genuinely useful, and the answer is not to ban it. The answer is to govern it deliberately. Decide which features can be used. Decide which workloads can touch them. And tell your team the truth about what has changed.

The bigger lesson is one I want every leader sitting with. The default settings inside your AI tools are being decided by vendors making commercial choices, not by your team making careful ones. The Anthropic setting was switched on for you. Nobody asked. The product looked the same.

If your trust in Copilot is built on assumptions you made twelve months ago, this is the week to test them. Read the settings. Talk to your team about what they are actually using inside Copilot, not what they think they are using.

If any of this lands and you want to talk it through, reach out at [email protected].

See you next week,

— Aamir

🎧 Listen to the Podcast Episode on: Spotify | Apple Podcasts | YouTube

📘 Book: The CEO Who Mocked AI (Until It Made Him Millions) by Aamir Qutub

🚀 Dumb Monkey AI Academy

📱 Dumb Monkey AI Academy App: Apple | Android