Microsoft 365 Copilot iOS Drops Advanced OneDrive Features, Moves to Two-App Workflow

Microsoft’s iOS Microsoft 365 Copilot app is being stripped of advanced OneDrive file-management capabilities, redirecting users to the OneDrive app for folder browsing, permission changes, and downloads — a move that finalizes the app’s transition from an all-in-one Office hub into a focused AI chat surface.

Background​

For several years Microsoft positioned the Microsoft 365 mobile experience as a consolidated productivity surface: a single app where Word, Excel, PowerPoint, search, scanning, and file management lived alongside Copilot’s AI features. That integrated approach gave mobile users a one-stop workflow for composing, editing, and sharing documents on the go.
Over 2024–2025 Microsoft repositioned that unified experience. The Copilot app was rebranded and retooled as an AI-first entry point for chat, summarization, and generative drafting; standalone editors (Word, Excel, PowerPoint) were retained as the canonical editing surfaces. Recent roadmap updates and Message Center signals now confirm the next step in that pivot: removing advanced OneDrive file-management features from the Microsoft 365 Copilot app and pushing users into the OneDrive app for anything beyond simple previews.

---

What changed (summary of the announcement)​

• The Microsoft 365 Copilot app on iPhone and iPad will continue to preview Office files and allow Copilot Chat to read and summarize content inside those previews.
• Advanced OneDrive file tasks — such as browsing full folder hierarchies, setting sharing permissions, and downloading files — will be removed from the Copilot mobile app, with users redirected to the standalone OneDrive app for those actions.
• Document editing was previously decoupled from Copilot: Microsoft moved editing to the standalone Word/Excel/PowerPoint apps in a prior update, and the OneDrive unbundling completes the transformation into a preview-and-chat surface rather than an integrated Office hub.

These changes are described in Microsoft’s commercial rollout notes and third-party roadmap reporting; one widely cited roadmap entry for the OneDrive handoff is tagged as ID 501277 with an expected October 2025 rollout window in third-party coverage, while earlier Message Center reporting documented a separate September 2025 milestone for editing behavior. Where dates differ across reports, tenant Message Center notices and Microsoft admin communications remain the authoritative source for any given organization.

---

Overview: From Office Hub to AI Chat — the product strategy​

The strategic logic​

Microsoft’s product strategy for 2025 is unambiguously Copilot-first. Instead of maintaining heavy, overlapping editing stacks across multiple apps while simultaneously embedding full AI stacks into each editor, Microsoft appears to be centralizing AI interactions into a single conversational surface (the Copilot app) and keeping fidelity-heavy editing in the specialized Office apps. That helps the company:

• Concentrate AI engineering effort in one place (faster iteration on generative features).
• Simplify the app-policy and governance surface for enterprises by separating preview/AI from editing/persistence.
• Encourage the adoption of agentic workflows that act through a simple chat interface while delegating final edits to editors built for exact formatting and formulas.

This is consistent with Microsoft’s broader Copilot Wave 2 investments — including the Copilot Control System (CCS), an Agent Store, and enterprise governance features designed to manage agent lifecycle, cost, and security. Those investments presuppose a clean separation: Copilot as the reasoning/orchestration layer, editors and OneDrive as the data and fidelity layers.

The user experience outcome​

The upshot is a two-app mobile workflow for many everyday tasks:

• Use Microsoft 365 Copilot for discovery, summarization, and draft generation (chat-first creation).
• Open Word/Excel/PowerPoint or OneDrive for deep editing, folder navigation, permission management, and downloads.

For users who favored a single-app, integrated experience, that will feel like a regression in convenience. For organizations focused on governance, auditing, and agent management, it creates a cleaner policy boundary.

---

Verifying the claims: what’s confirmed and where to be cautious​

• Confirmed: Microsoft and third-party Message Center aggregators have documented changes that move editing and heavy file actions out of the Copilot app and toward standalone editors. Admin-facing Message Center items and rollout documentation are the authoritative sources that corroborate the editing-hand-off behavior.
• Confirmed: Trusted security researchers found a high-severity Copilot vulnerability dubbed EchoLeak (CVE-2025-32711), which demonstrated how an attacker could craft prompts or content that cause Copilot to exfiltrate data from organization-scoped contexts. Multiple independent reports and technical write-ups describe this zero-click class of attack and the resulting emergency mitigations. (thehackernews.com, neowin.net, microsoft.com)

Cautionary note: Microsoft’s Message Center notifications can be tenant-targeted and regionally staged; therefore, dates and the precise scope of behavior changes can vary between organizations. Administrators should consult their own tenant Message Center entries and the Microsoft 365 admin center for the definitive schedule for their tenant.

---

Why Microsoft is unbundling: a product and platform read​

• Focused AI surface: centralize generative and reasoning capabilities where the AI stack is easiest to iterate and govern. This reduces duplication and speeds feature delivery for Copilot Chat and custom agents.
• Governance and lifecycle control: Copilot Wave 2 introduced the Copilot Control System (CCS) and agent management tools to enable IT to control who can create agents, which data sources those agents can access, and how they consume compute resources. A single, clearly scoped Copilot surface helps apply those policies coherently.
• App specialization: Word, Excel, and PowerPoint remain the correct places for fidelity-sensitive work (formulas, slide layout, complex formatting). Offloading those responsibilities preserves a high-quality editing experience in the apps designed for them, while Copilot focuses on synthesis and prompting.

This is a deliberate architectural trade: improved iteration and governance at the expense of integrated convenience.

---

Security context: EchoLeak and the hard lesson about agentic risk​

The recent disclosure of EchoLeak (CVE-2025-32711) is a practical demonstration of the risks that follow from deeply integrated AI assistants. Researchers characterized EchoLeak as a zero-click, LLM Scope Violation attack that leverages prompt-injection-like techniques to cause Copilot to mix untrusted inputs with internal, privileged context and leak data. The exploit chain can resemble:

• An attacker embeds adversarial instructions in ordinary-looking content (a sent document, slide notes, or email).
• Copilot’s retrieval pipeline combines that untrusted content with the user’s authorized data scope during a summarization or analysis request.
• The adversarial instructions cause the model to output sensitive items or to create network-bound artifacts that exfiltrate data. (thehackernews.com, socprime.com, techcommunity.microsoft.com, hackthebox.com, techcommunity.microsoft.com, techcommunity.microsoft.com, techcommunity.microsoft.com, Microsoft Strips OneDrive Features from Microsoft 365 Copilot App, Forcing Users to Separate Apps - WinBuzzer