Microsoft has started rolling out a long-awaited transparency feature for Microsoft 365 Copilot: administrators can now enforce watermarks on AI-generated or AI-altered audio and video content across their organization. The catch? For images, the watermark stays firmly in the hands of individual users.
The change, confirmed through Microsoft's own guidance and observed in tenant settings this week, gives IT admins a new Cloud Policy toggle dedicated to audio and video output from Copilot. When enabled, any audio or video that Copilot creates or meaningfully modifies will carry a digital watermark indicating its AI origin. The setting is off by default, so admins must explicitly opt in.
What Actually Changed
Behind the scenes, this builds on Microsoft’s participation in the Coalition for Content Provenance and Authenticity (C2PA), an industry standard for media provenance. The watermarks are C2PA-compatible digital credentials embedded in the file metadata, not visible overlays. They provide a cryptographically verifiable record of how the content was created and by which AI tools.
For audio and video, the admin policy is straightforward. Once activated, all Copilot-generated or Copilot-edited media files saved within Microsoft 365 — think a narrated clip assembled in Stream, a synthesized voice-over in PowerPoint, or a remixed video in Clipchamp — will automatically include the watermark. Users won’t see an on-screen mark, but anyone inspecting the file with a C2PA-compatible tool will be able to check its provenance.
Images are different. While Copilot already supports image generation and editing in apps like Word and PowerPoint, the watermark toggle lives under the user’s own privacy settings, specifically at myaccount.microsoft.com. Under “Settings & Privacy,” there’s a section for “Content Credentials.” Users can flip a switch to append C2PA data to the images they create with Copilot. There is no admin override to force this on for the entire organization — at least not yet.
What It Means for You
For IT Administrators
This split represents a clear delegation of responsibility. You can now:
- Turn on video and audio watermarks organization-wide to meet compliance or regulatory requirements, ensuring any synthetic media created within Microsoft 365 is traceable.
- Document the policy and communicate that image watermarks require user action. Without that communication, your organization might be generating AI images with no provenance attached, potentially clashing with internal AI-use policies or industry regulations.
- Plan for enforcement gaps: If your org needs consistent watermarking across all media types, you’ll need to rely on user training or look for third-party solutions until Microsoft provides a unified admin policy.
The new policy is found in the Microsoft 365 Apps admin center under Customization → Cloud Policy. Look for the policy name “Enforce watermarks for AI-generated audio and video” (the exact label may still vary as the rollout completes). Enable it once, and it applies to all users who get assigned that cloud policy configuration.
For Everyday Users
Head to myaccount.microsoft.com, sign in with your work or school account, and navigate to Settings & Privacy. You’ll see a toggle for “Content Credentials” or “Generate watermarks for images” under a section likely titled “AI-powered features.” Turn it on if you want your Copilot-created images to carry the C2PA stamp. It’s a one-time action, and it will apply to all future images you generate.
Why bother? If you share a slide deck with an AI-generated chart, or drop an AI-illustration into a report, the watermark lets recipients verify that the image isn’t a deepfake or stolen from a human artist. For journalists, researchers, and anyone whose credibility relies on transparent sourcing, it’s a simple way to build trust.
For Content Consumers
You won’t see a visible mark. But if you come across a suspicious audio clip or video that originated in Microsoft 365, you can upload it to a C2PA verification tool (like Adobe’s Content Credentials platform) to see its origin. This works only if the watermark was actually embedded, so it’s not airtight yet.
How We Got Here
Microsoft first signaled its commitment to content provenance in 2023, joining C2PA alongside Adobe, Intel, and the BBC. The first tangible product was watermarking in Image Creator from Designer, which appends content credentials automatically. In September 2024, Microsoft announced broader C2PA support for all Copilot-generated images in consumer services, with a similar user-controlled toggle. The enterprise side, however, lagged.
By early 2025, Microsoft 365 Copilot had gained generative capabilities for audio and video — think summarized meeting clips with synthetic voice, or AI-generated video intros in Stream. That raised immediate policy questions for regulated industries. Without provenance, a doctored earnings call clip or an AI-altered product demo could prove impossible to trace.
The Admin toggle for audio/video appears to be the first step in closing that gap. Microsoft has not publicly set a deadline for when image watermarking might become admin-enforceable, but insiders suggest the product teams are evaluating feedback. The current user-managed setting mirrors what’s already available on consumer Copilot, so enterprise parity might take time.
What to Do Now
Immediate Action for Admins
- Locate the policy: Sign in to the Microsoft 365 Apps admin center (
config.office.com). Go to Customization → Cloud Policy. - Create or edit a policy configuration: If you already use cloud policies, open your existing configuration. Otherwise, create a new one.
- Find the watermark setting: Search for “watermark” or “AI” in the policy list. You should see “Enforce watermarks for AI-generated audio and video.” Enable it.
- Assign the configuration: Make sure the policy applies to the appropriate users or groups.
- Test: Generate a short video or audio clip using Copilot in Stream or PowerPoint, download the file, and validate the watermark with a C2PA tool like the ones from Content Authenticity Initiative.
Action for Users
Navigate to myaccount.microsoft.com, sign in, go to Settings & Privacy, find the Content Credentials toggle, and turn it on. If you don’t see it immediately, the feature may still be rolling out to your tenant. Microsoft typically staggers these updates over several weeks.
Communication Plan
Because the image watermark remains opt-in, admins should:
- Add a notice to the company portal explaining the toggle and its importance.
- Update AI-use policies to require users to enable image watermarks if needed for compliance.
- Monitor the Cloud Policy console for a future unified watermarking policy.
Outlook
Microsoft’s piecemeal approach — audio/video under admin control, images left to users — feels temporary. As regulations like the EU AI Act and various U.S. state deepfake laws take effect, pressure will mount to make watermarking consistent and mandatory. A clear admin policy for all Copilot-generated media seems inevitable.
Meanwhile, the watermarking itself will evolve. Expect deeper integration into Microsoft Purview for compliance reporting, and possibly visual watermarks (a small AI badge) as an optional layer on top of metadata. For now, turning on what’s available is a low-effort way to get ahead of a fast-moving conversation about AI transparency.