Administrators need to enable commercial data protection in MS Copilot for users signed in to Copilot with their eligible work or school account (Entra ID) using Cloud SWG Header Modification policy.

Microsoft has published general guidance on how to enable it in the article. 

1. Navigate to Policy > Header Modification.
2. In the Specific Header Rules area, click Add Rule.
3. Define the rule Conditions.
4. The Verdict area provides the Modify Headers action.

a. Click Add Destinations and add the following three domains then Click Save

copilot.microsoft.com
edgeservices.bing.com 
www.bing.com

b. Select a header modification: Add Header
c. Select Custom.
d. Click Custom Header. The portal displays the New Header dialog.

f. Enter the Header name as x-ms-entraonly-copilot
g. Enter the Value as 1
h. Click Save.
i. Click Add Rule

Important: Make sure MS Copilot destinations are SSL intercepted in TLS/SSL Interception Policy

When the policy is in place users are required to sign in before using any copilot features: