Co-pilot Technical Readiness

Microsoft 365 Copilot can instantly search and compile data across Microsoft 365, including emails, calendars, notes, and documents. This presents a challenge to organisations as Copilot can access all of the data and sensitive data that a user currently can based on their current permissions, which may not be configured using the “just enough access” model.

Copilot can also make data currently available but not accessible (the user doesn’t know where or how to find it) instantly accessible. Alongside this existing data, Microsoft 365 Copilot can also rapidly generate new sensitive data, which must also be governed and protected. This generated content will not inherit the sensitivity labels of the files Copilot used as a source.

Some of these challenges can be met at the platform or administrative level and enforced centrally using features such as SharePoint permissions. Microsoft Purview tools such as DLP and Sensitivity Labels can be leveraged to apply encryption and block oversharing; however, many organisations have found this a steep hill to climb. Introducing new workflows when saving files or sending emails initially requires a heavy human element.