Data Handling and Permissions

Orbit is designed so the primary note files for a workspace live in the customer’s Microsoft 365 tenant. For team workspaces, that usually means SharePoint. For My Workspace, that means OneDrive.

Use this page when someone asks where Orbit content lives, what AI clients can access, or how permissions are enforced.

For a broader security review, see Security and Data Governance.

What stays in Microsoft 365

Orbit stores workspace notes in the connected OneDrive or SharePoint location. Note assets, such as images and attachments, are stored with the workspace.

Use Orbit for normal writing and workspace organization. Use Microsoft 365 when you need to confirm storage ownership, retention, or recovery settings.

What users see in Orbit

Orbit adds the app experience around workspace files: live editing, previews, imports, exports, comments, search, sharing, related notes, graph views, admin views, and AI client access when enabled.

How permissions work

Workspace access comes from Microsoft 365-backed permissions. If someone can no longer access the connected OneDrive or SharePoint location, they may also lose access in Orbit.

Orbit also provides product UI for:

Inviting people to a workspace.
Sharing a single note.
Copying existing-access links.
Creating organization links where Microsoft 365 policy allows it.
Reviewing and revoking note-specific access.

If access looks wrong, review both Orbit’s access UI and the connected Microsoft 365 location.

AI access

Orbit lets an external AI client work from the same wiki when the client is connected and allowed by your organization. The client still needs authorization, and Microsoft 365 permissions still apply.

An AI client may also have its own data handling, retention, logging, and administrator controls. Review the client’s policy before connecting it to sensitive workspaces.

Use note-specific context when the task is narrow. Use workspace context only when the client needs workspace-wide search or editing.