diff --git a/datasets/m365_copilot/copilot_prompts.log b/datasets/m365_copilot/copilot_prompts.log
new file mode 100644
index 00000000..25540035
--- /dev/null
+++ b/datasets/m365_copilot/copilot_prompts.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:87da8c312fbc27158af9508c828ce23ea0182062eaf395674f8d8922dec181a9
+size 418347
diff --git a/datasets/m365_copilot/m365_copilot.yml b/datasets/m365_copilot/m365_copilot.yml
new file mode 100644
index 00000000..fcb1977b
--- /dev/null
+++ b/datasets/m365_copilot/m365_copilot.yml
@@ -0,0 +1,15 @@
+author: Rod Soto, Splunk
+id: 0bf90131-c582-4976-85b8-711d2c2c1926
+date: '2025-09-25'
+description: |
+ Logs from M365 Copilot Access Logs via Splunk Add-on for M365 and Exported Logs from eDsicovery Purview. Contains actual access logs and jailbreak attacks. 
+mitre_technique: []
+datasets:
+- name: m365_access_logs
+  path: /datasets/m365_copilot/copilot_prompts.log
+  sourcetype: csv
+  source: csv
+- name: m365_copilot_access
+  path: /datasets/m365_copilot/m365_copilot_access.log
+  sourcetype: o365:graph:api
+  source: AuditLogs.SignIns
\ No newline at end of file
diff --git a/datasets/m365_copilot/m365_copilot_access.log b/datasets/m365_copilot/m365_copilot_access.log
new file mode 100644
index 00000000..4a63a743
--- /dev/null
+++ b/datasets/m365_copilot/m365_copilot_access.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ae772e1a93b32c73aa8a017daa703e4db2618aa187300440aa52dabfd0b93c2d
+size 175043