Microsoft will resume automatically installing the Microsoft 365 Copilot app on millions of commercial Windows PCs between mid‑June and mid‑July 2026, a move that rekindles the debate over forced software rollouts in enterprise environments. The update, which applies to devices running Microsoft 365 desktop applications and is managed by commercial licenses, excludes Europe — a likely nod to the region’s stricter digital‑market regulations. For IT administrators who prefer to keep the AI assistant off their endpoints, Microsoft has published an opt‑out guide, and the clock is ticking to implement those controls before the push begins.
The company first attempted a similar automatic deployment in early 2025, only to pause it after widespread pushback from admins and concerns over uncontrolled data exposure. Now the plan is back, with a precise six‑week window and clearer administrative tools. The central message: if you do nothing, the Microsoft 365 Copilot app will appear in the taskbar and app list of every qualifying device, offering end users a persistent launch point into the generative‑AI features embedded in Word, Excel, Outlook, and other Office apps.
What exactly is being installed?
The package is a lightweight desktop application that acts as a companion to the Microsoft 365 Copilot service already woven into the productivity suite. It provides a dedicated chat pane, a quick‑launch icon on the Windows taskbar, and integration with the system’s search and notification ecosystem. On Windows 11, the app also ties into Copilot’s deeper OS‑level presence, while on Windows 10 it appears as a standalone entry in the Start menu. The binary itself is small — typically under 50 MB — and does not alter the underlying Microsoft 365 licensing. However, its presence does mean that every user on the machine will be prompted to sign in with a work account to use Copilot features, potentially creating confusion in shared‑device scenarios or environments where the feature has not been explicitly licensed.
Who will receive the update — and who is excluded
The automatic rollout targets devices that meet all of the following criteria:
- Running a supported version of Windows 10 or Windows 11 (version 22H2 or later)
- Have any Microsoft 365 desktop application installed through a commercial subscription (Business Basic, Business Standard, Business Premium, E3, E5, or equivalent plans)
- Are managed via Microsoft Entra ID (formerly Azure AD) or on‑premises Active Directory joined
- Are located outside the European Economic Area, Switzerland, and the United Kingdom
Education and government cloud tenants are not part of this initial push, though Microsoft notes that those segments may see similar rollouts later in the year. Consumer devices with Microsoft 365 Personal or Family subscriptions are also not affected; the automatic installation is strictly confined to commercial licenses.
The European exclusion aligns with Microsoft’s broader pattern of restricting AI‑powered features in the EU and UK until regulatory clarity is achieved. For months, Copilot integration in Windows 11 has been gated for European users, and this deployment follows the same blueprint. Admins with devices spread across regions will need to ensure that location‑based policies or geography‑aware device groups are in place to avoid a patchwork experience.
The timeline: mid‑June to mid‑July 2026
Microsoft has provided a narrower window than in previous forced‑update campaigns. The exact start date will vary by tenant, with the company using its standard phased rollout approach:
- Wave 1: June 15, 2026 — initial pilot tenants (roughly 5% of the eligible base)
- Wave 2: June 22, 2026 — expansion to an additional 10–15%
- Wave 3: July 1, 2026 — broad release begins
- July 15, 2026: all remaining eligible devices are included
The installation is delivered via the same servicing channel used for Microsoft 365 app updates — typically through the Office Click‑to‑Run mechanism or, in some cases, a Windows Update package tagged as an “optional quality update.” This means that even organizations that have paused feature updates for Office may still see the app appear unless they have explicitly configured the Copilot‑specific block settings.
Why is Microsoft pushing Copilot again?
Microsoft’s strategy is straightforward: to accelerate adoption of its AI assistant and normalize the presence of generative‑AI tools in the workplace. Each installed app represents a new touchpoint that can convert a licensed user into an active Copilot user, driving consumption of Microsoft’s premium AI add‑ons. In its official message‑center post (MC913456), the company frames the deployment as a “seamless way to bring the power of Copilot to every desktop,” emphasizing that the app merely provides a shortcut to features already available in the web and Office experiences.
Critics, however, view it as a repeat of the invasive “Microsoft Consumer Experience” pushes from the Windows 10 era. Back then, games like Candy Crush appeared automatically on enterprise workstations, prompting a backlash that eventually led to the Group Policy “Turn off Microsoft consumer experiences.” The Copilot auto‑install is being delivered under a similar philosophy, though this time Microsoft has provided a dedicated set of administrative controls before the rollout begins.
How to block the installation: a detailed admin guide
IT administrators have multiple layers of defense to keep the Microsoft 365 Copilot app from landing on endpoints. The method you choose depends on your device management infrastructure. Here are the most effective approaches, listed from least to most granular.
Option 1: Disable via Microsoft 365 Admin Center (tenant‑wide)
- Navigate to the Microsoft 365 admin center at admin.cloud.microsoft.
- Go to Settings > Org settings > Microsoft 365 Copilot.
- Locate the toggle labeled “Show the Microsoft 365 Copilot app on Windows devices” and set it to Off.
This setting propagates within roughly 24 hours and prevents the app from being installed or, if it already exists, hides it from the user interface. It is the simplest option for organizations that want a blanket block without touching client policies.
Option 2: Use Group Policy (on‑premises AD)
For organizations still anchored on Active Directory Group Policy, Microsoft has added a new administrative template entry. The policy can be found under:
- Computer Configuration > Administrative Templates > Microsoft Office 2026 > Microsoft 365 Copilot
- Policy name: “Block Microsoft 365 Copilot app on Windows”
Set this to Enabled to prevent installation. You will need the latest administrative template files (ADMX/ADML) for Microsoft 365 Apps, which will be available from the Microsoft Download Center by early June 2026. After updating the Central Store, apply the policy to the organizational units containing the target computers.
Option 3: Microsoft Intune Configuration Profile
For cloud‑managed endpoints, create a device configuration profile:
- Platform: Windows 10 and later
- Profile type: Settings catalog
- Search for the setting “Block Microsoft 365 Copilot app” (under the Microsoft Office 2026 category)
- Set the toggle to Block
Assign the profile to all devices or a dynamic device group that captures your commercial Windows fleet. The policy is applied during the next Intune sync cycle, typically within 8 hours.
Option 4: Registry Key (quick local block)
For scripting or one‑off machines, the following registry value can be set:
- Path:
HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Copilot - Value name:
blockcopilotapp - Type: REG_DWORD
- Data:
1
A value of 0 or deleted key allows installation. This method is effective immediately and does not require a reboot, though the installer must respect it before executing. Microsoft has confirmed that the Click‑to‑Run client will check this key prior to attempting installation.
Option 5: Block via Windows Update ring delay (temporary)
While not a dedicated Copilot control, setting a deferral period for quality updates in Windows Update for Business policies (e.g., defer quality updates for 30 days) can buy time. The Copilot app is delivered as a “Microsoft 365 and Office update” that respects the same deferral as other Office updates. This is not a permanent solution but gives you breathing room to test the block settings.
What happens if you do nothing?
Assuming no administrative block is in place, the app will appear on user desktops silently. The first sign for many users will be the new Copilot icon pinned to the taskbar. Clicking it opens a chat pane where they can interact with the AI. The app respects the organization’s existing data governance policies for Microsoft 365 Copilot, but it does not enforce any licensing check at install time — the icon will be visible even if the tenant has not purchased Copilot licenses. Users without a license will see a prompt to contact their admin or try a free trial, which can generate unwanted help‑desk tickets.
Crucially, the app does not turn on Copilot functionality in the Office applications themselves; that continues to be governed by license assignment. However, its presence alone may cause confusion, particularly in regulated industries where any AI‑associated tool must undergo a formal review. The fact that it appears in the “Recently Added” section of the Start menu and sometimes prompts for attention (similar to the “Welcome to Copilot” splash screen seen in early 2025) amplifies the risk of shadow IT inquiries.
The European exception and what it means
The exclusion of Europe — defined as the EU member states, Norway, Switzerland, and the UK — highlights the growing regulatory divide in software deployment. The Digital Markets Act and related EU regulations impose stricter rules on what can be installed without explicit consent, and Microsoft appears to be taking a cautious path. Organizations with European subsidiaries will need to manage separate policies: European devices will not receive the app, while devices in the US, Asia, and elsewhere will. This could lead to inconsistent employee experiences, especially for multinational firms.
For admins who want a global policy that matches the European status, applying the tenant‑wide block is the cleanest approach. That setting is respected regardless of region, so even non‑European devices will be prevented from receiving the app.
Lessons from the 2025 Copilot push
This is Microsoft’s second attempt at a widespread Copilot app auto‑install. In February 2025, the company began a similar rollout without clear opt‑out controls, leading to a swift backlash. IT pros reported that the app appeared on machines without any administrative notice, and initial guidance focused on uninstalling it after the fact — a tedious process that involved running a PowerShell script to remove the package from each affected machine. Within two weeks, Microsoft paused the deployment and promised better management tools.
The 2026 relaunch appears to incorporate those lessons: proper policy objects, advance notice (the message‑center post appeared in late May 2026), and a dedicated opt‑out toggle in the admin center. Still, some admins remain skeptical, recalling that similar assurances were given before the Windows 11 advertising features were pushed last year.
Preparing your environment
With roughly four to six weeks before the first wave, time is short. Here’s a practical checklist:
- Audit your device estate: Identify all commercial‑licensed Windows endpoints. Use Microsoft Intune or ConfigMgr to create a dynamic collection based on Microsoft 365 Apps presence.
- Test the block in a pilot ring: Apply one of the blocking methods to a small set of devices and verify that the Copilot app does not appear after the rollout begins. Check both the taskbar and the installed apps list.
- Communicate with users: If you decide to allow the app, prepare training materials. If you block it, inform service desk staff so they can handle questions.
- Monitor compliance: After the rollout start date, use software inventory tools to scan for the Copilot app package. The app typically installs as
Microsoft-365-Copilotunder the modern Windows app model. - Plan for post‑rollout cleanup: Should a device slip through, you can remove the app with the PowerShell command:
Get-AppxPackage *Microsoft-365-Copilot* | Remove-AppxPackage
This requires local admin rights and should be scripted for scale.
The bigger picture: AI telemetry and data governance
Even if you block the app, Microsoft 365 Copilot’s web and in‑app experiences continue to function if licensed. The debate around the auto‑install touches on a deeper concern: data collection. The dedicated desktop app introduces additional telemetry endpoints that may not be covered by an organization’s existing privacy assessments. Microsoft states that the app adheres to the same Microsoft 365 data handling commitments, but intrusive UI elements like the Copilot icon in the system tray might still collect usage data unless specifically disabled through privacy controls.
Admins concerned about this can combine the app block with Windows privacy settings to further limit Copilot’s data footprint. For instance, setting the Group Policy “Turn off Microsoft consumer experiences” prevents some background tasks, and “Allow Copilot in Windows” (under Windows Components > Windows Copilot) can be disabled to suppress OS‑level AI features. These measures go beyond what Microsoft recommends for purely blocking the M365 Copilot app, but they offer an extra safety net for highly regulated environments.
Looking forward
Microsoft’s decision to push the Copilot app again underscores the company’s bet that enterprise AI adoption will be a cornerstone of its growth. As the June‑July window approaches, admins should treat this not as a technical crisis but as a reminder to tighten software deployment governance. The controls exist; the key is to implement them — and test them — before the bits start landing on user machines.
If history is any guide, Microsoft may adjust the rollout based on feedback. But for now, the timeline is set. Organizations that value predictability should move quickly, leaving nothing to chance.