Microsoft launched Copilot Checkout in January 2026, allowing users to complete purchases directly inside an AI chat window without ever visiting a retailer’s website. ChatGPT rolled out a similar feature in late 2025. These tools are designed to make buying frictionless, and they’re available to your team right now through tools they already use. For consumers that’s convenient. For businesses with purchasing controls and approval processes, it raises questions that deserve a deliberate answer before the feature gets used without one.
Most new technology features arrive quietly. There’s no notification that says “hey, your procurement process may need updating.” The feature just appears, employees start using it, and the policy conversation happens weeks later, usually after something goes sideways.
That’s exactly the situation unfolding right now with AI-powered in-chat purchasing.
In January 2026, Microsoft launched Copilot Checkout, a feature that lets users complete purchases directly inside Microsoft Copilot without being redirected to a retailer’s website. A user asks Copilot for a product recommendation, selects something they want, and can buy it right there in the chat using PayPal. The transaction is complete without ever opening a browser tab.
This isn’t a fringe feature. Copilot Checkout is live now in the United States, working with PayPal, Shopify, and Stripe, and Microsoft has confirmed it will extend across Copilot, Bing, MSN, and Edge. Shopify merchants are being automatically enrolled, with an opt-out window. OpenAI launched a similar feature called Instant Checkout in ChatGPT back in September 2025, connecting to more than a million Shopify merchants.
Microsoft’s own data says that shopping journeys involving Copilot lead to 53% more completed purchases within 30 minutes compared to journeys without it. When shopping intent is already present, those journeys are 194% more likely to result in a purchase.
That’s not an accident. Making buying frictionless is the entire point.
For consumers, that’s a convenience feature. For businesses, it’s a prompt to ask a question most haven’t gotten to yet: do you want your team buying things this way, and if so, under what rules?
How Copilot Checkout Actually Works
The flow is straightforward. A user is in a Copilot conversation, asks about a product or service, gets a recommendation with pricing, and sees an inline option to complete the purchase. Clicking through shows a price breakdown including tax and shipping. Payment processes through PayPal. The transaction is done without leaving the chat.
The retailer remains the merchant of record, meaning fulfillment and customer service stay with the seller, not Microsoft. But the purchasing experience itself is fully embedded in the AI interface.
This feature isn’t limited to personal shopping. Microsoft has explicitly noted that the same embedded checkout approach can apply to B2B purchasing, covering software, subscriptions, equipment, and services, where buyers can place orders through AI-driven workflows rather than traditional procurement channels.
That last point is worth sitting with. An employee asking Copilot for a software recommendation and completing the purchase in the same conversation, without a ticket, without an approval, without a purchase order, is exactly the kind of scenario that bypasses the controls most businesses have spent time building.
Why This Is a Business Policy Question, Not Just a Tech Feature
Most small and mid-sized businesses have some form of purchasing controls in place, even if they’re informal. Someone has to approve expenses above a certain amount. There’s a process for new software subscriptions. Certain vendors are preferred. Finance needs visibility into what’s being spent.
Those controls exist for good reasons: budget management, vendor vetting, security review, audit trails, and accountability. They tend to be deliberate.
Frictionless in-chat purchasing doesn’t announce itself as a way to bypass those controls. It arrives as a convenience feature. But the result can be the same.
A few specific questions worth thinking through:
When an employee uses Copilot Checkout through a work account, whose payment method is being used and how is the purchase tracked? If someone buys a software subscription or a piece of equipment inside a chat window, does that transaction appear in your expense reporting, or does it get lost in the noise?
What information is Copilot allowed to access or reuse? Completing a purchase requires payment details, shipping information, and account data. If an employee has payment information stored in a work account, understanding what Copilot can see and when is a reasonable question.
Does your current acceptable use policy cover AI-assisted purchases? Most business IT policies were written before in-chat checkout was a real thing. If your policy addresses what employees can buy and how, it may need to be updated to reflect tools that compress the entire purchasing journey into a single conversation.
What happens when purchasing becomes genuinely frictionless for your team? Microsoft’s own data shows dramatically higher purchase completion rates when Copilot is involved. That’s the feature working as intended. For a business without visibility into what’s being bought, the downstream effect can be budget creep that’s hard to trace back to its source.
Our managed IT services include reviewing how Microsoft 365 and Copilot features are configured for business clients, including which capabilities are enabled, how access is governed, and what controls exist around them.
This Is Part of a Larger Pattern With AI Features
Copilot Checkout is one example of a broader pattern that’s been accelerating throughout 2025 and into 2026: AI capabilities being embedded directly into tools businesses already pay for, without a separate procurement decision or policy trigger.
Your team is probably already using Copilot for drafting emails, summarizing documents, and answering questions. Those use cases are relatively straightforward from a policy perspective. An employee asks a question and gets a response. The stakes are low.
Purchasing is different. It involves financial transactions, payment data, vendor relationships, and budget authority. The same chat interface that helps someone write a better email can now also let them buy something, and the transition between those two activities is seamless by design.
The same dynamic applies to other AI features being rolled out across Microsoft 365, Google Workspace, Salesforce, and virtually every major business platform. Features appear in tools employees already have access to. There’s no moment where IT gets a prompt to update the policy. By the time the feature is in active use, it may already be creating data, transactions, or records that don’t fit neatly into existing governance frameworks.
This is exactly why a proactive approach to AI governance matters more now than it did a year ago. Not because these features are bad, many of them are genuinely useful, but because the businesses that handle them well are the ones that decide ahead of time how they should be used, not the ones that discover the policy gap after the fact.
Our AI strategy and business consulting work is specifically designed to help businesses navigate these decisions before the feature is already embedded in daily workflows.
What a Deliberate Policy Looks Like
Deciding whether and how your team can use AI-assisted purchasing doesn’t have to be complicated. It mostly requires asking the right questions and writing down the answers.
If you want to allow it, the policy should address who is authorized to make purchases through AI tools, what categories of purchases are permitted, which accounts or payment methods can be used, how those purchases get logged and reported, and how spending through AI channels stays visible to whoever manages your budget.
If you don’t want it used for business purchases, that decision also needs to be explicit. Not because your team is looking for ways around the rules, but because if the policy doesn’t say anything, the default assumption is that it’s fine. Frictionless tools get used because they’re frictionless. That’s how they’re designed.
Either way, the policy should be written down, explained to staff, and reviewed as these features evolve, because they will keep evolving. Copilot Checkout is one feature, launched by one company, in January 2026. By the end of the year, the AI-assisted purchasing landscape will look different again.
Our cybersecurity consulting services include reviewing acceptable use policies and helping businesses make sure their governance frameworks keep pace with the tools their teams are actually using.
If you’d like help thinking through how AI purchasing features fit into your current policies and where the gaps might be, reach out to the Z-JAK team. We work with small and mid-sized businesses across Louisville to make deliberate decisions about technology rather than discovering them after the fact.
Frequently Asked Questions
What is Copilot Checkout and does it affect businesses?
Copilot Checkout is a Microsoft feature launched in January 2026 that lets users complete purchases inside Microsoft Copilot without visiting a retailer’s website. It’s powered by PayPal, Shopify, and Stripe. While it’s positioned primarily as a consumer shopping tool, Microsoft has noted it can also apply to B2B purchasing. Any employee using Copilot through a work account could potentially use it to make purchases, which makes it relevant to businesses with purchasing controls or approval processes.
How do I know if Copilot Checkout is already active for my team?
Copilot Checkout is rolling out across Copilot.com, Bing, MSN, and Edge. If your team uses Microsoft 365 or has access to Copilot, the feature may already be available to them. The best way to get a clear picture is to review your Microsoft 365 admin settings or speak with your IT provider about which Copilot features are enabled and how they’re configured for your organization.
Should I block Copilot Checkout for my employees?
That depends on your business. For some businesses, allowing AI-assisted purchasing with the right visibility and controls in place is a reasonable decision. For others, particularly those with formal procurement processes, preferred vendor lists, or regulated spending, restricting in-chat purchasing until a clear policy exists is the more cautious path. The important thing is making a deliberate decision rather than leaving it to chance.
What data does Copilot Checkout involve?
Completing a purchase through Copilot Checkout requires payment information and shipping details, handled through PayPal. Microsoft’s retailer partners remain the merchant of record, meaning they own the transaction data and customer relationship. However, businesses should understand how payment methods are stored or associated with work accounts, and whether purchases made through Copilot appear in any central expense or transaction log.
How does AI-assisted purchasing fit into a broader AI governance policy?
Purchasing is one area where AI capabilities intersect with financial controls, which makes it a natural place to start when building or updating an AI governance policy. A complete AI governance framework for a small business should address what tools employees are authorized to use, what data those tools can access, how AI-assisted transactions are tracked and reported, and how the policy gets updated as new features are released. Starting with the purchasing question is practical because the stakes and controls are already familiar.
Let’s Make Sure Your AI Policies Are Keeping Up
AI features are being embedded into the tools your team uses every day, and the pace isn’t slowing down. The businesses that handle this well are the ones that make deliberate decisions ahead of time rather than discovering policy gaps after the fact. If you’d like help reviewing your current AI governance approach and making sure it covers the tools your team is actually using, get in touch with us today. We’re happy to start with a straightforward conversation.