📄 中文摘要
RAG 在 Copilot 中不仅是一个可切换的功能,而是成为了信任边界。在实际的租户环境中,Copilot 的每个回答都体现了设计行为,包括用户身份、执行条件、遵循的标签以及用于后续重放的遥测信号。这一新概念并不是在“修复微软”或与任何人争论,而是将微软的设计理念用一种所有相关人员(如 CISO、架构师和合规负责人)都能理解的语言进行表达。具体包括条件访问和 Entra ID 如何定义 Copilot 的执行上下文等内容。
RAG 成为信任边界 | 在 Microsoft 365 中工程化可验证的 Copilot 行为
📄 English Summary
RAG Becomes a Trust Boundary | Engineering Verifiable Copilot Behavior in Microsoft 365
RAG in Copilot is not merely a feature that can be toggled on; it represents a trust boundary. In a real tenant environment, every Copilot response reflects designed behavior, encompassing the user's identity, enforced conditions, honored labels, and telemetry signals recorded for later replay. This concept does not aim to 'fix Microsoft' or engage in disputes; rather, it articulates Microsoft's design philosophy in a language that can be understood by all stakeholders, including CISOs, architects, and compliance leads. Key aspects include how Conditional Access and Entra ID define the execution context for Copilot.