If you’re planning to roll out Microsoft 365 Copilot โ or even just run a small trial โ there’s one thing that needs to happen first, and most businesses skip it entirely.
A permissions audit.
Microsoft 365 Copilot retrieves files, emails, and chats using each user’s existing Microsoft 365 permissions. And in most tenants, those permissions are broader than anyone has actually mapped โ because access tends to accumulate quietly across years of projects, ad-hoc sharing, and staff changes. Microsoft itself now recommends a specific cleanup before any trial: map who currently has access to what, fix the permissions that have drifted out of scope, and apply sensitivity labels to confidential content.
This post covers what Microsoft 365 Copilot does with permissions, where oversharing tends to show up in a typical tenant, the kinds of content Copilot can return when permissions are broad, how to run the audit Microsoft recommends, and what to fix before any rollout. Whether you’re working with a Managed IT provider or handling this in-house, this is the checklist worth following.
How Microsoft 365 Copilot Accesses Your Data
Copilot answers questions and generates content by retrieving information through Microsoft Graph โ the API layer that ties together your Microsoft 365 services. When a user asks Copilot a question, it pulls from emails, calendar items, SharePoint documents, OneDrive files, Teams messages, and meeting transcripts that the signed-in user has permission to access.
Microsoft’s own documentation puts it simply: Copilot can only summarise or reference content that the user is authorised to access.
That statement is accurate. It’s also exactly where the risk sits. The variable is whether each user’s permission set still matches what you think it covers.
Why Permissions Tend to Be Broader Than Anyone Thinks
For a trades or manufacturing business, most of the data in your Microsoft 365 tenant is operational โ inventory records, production schedules, supplier contracts, project files. Some of it is sensitive, but the consequences are usually contained when the wrong employee reads a document.
For a professional services firm, the dynamic is entirely different. The files are the product. Client matters, settlement figures, fee arrangements, deal terms, financial data, and employment records make up the deliverable โ and the confidentiality of that material is the whole business model. Yet these files often live in environments that were never properly scoped.
The reason is structural. “Just give them access for the Henderson matter” is how it starts. The matter closes. The access is never removed. Eighteen months later, that person has read permissions on a folder they have no current reason to be in. Multiply that across five years of staff changes, project onboarding, ad-hoc Teams channels, and external sharing links that never expired โ and you end up with a permission environment that nobody fully understands.
If the permission exists, Copilot can use it. Whether it was granted with appropriate scope is not part of the calculation.
Microsoft now acknowledges this directly. Their deployment blueprint for Copilot rollouts organises the work around three pillars: remediate oversharing, set up guardrails, and meet AI regulatory requirements. Oversharing remediation comes first โ because it has to be addressed before any rollout produces a useful result.
What Copilot Can Return in a Tenant With Broad Permissions
Here are five real examples of what Copilot can surface when broad permissions exist and haven’t been audited:
“What is everyone’s salary?” Returns the compensation spreadsheet HR shared with a hiring manager during a recruitment process eighteen months earlier. The file remained shared after the hiring manager got promoted.
“Summarise the [client] case.” Pulls content from a SharePoint site set up for a different team. A user added during a one-off project two years ago still has the permission that was never removed โ and Copilot returns a full summary to them.
“What deals are we currently working on?” Aggregates content from M&A data rooms that were never properly closed, pipeline trackers in personal OneDrives shared once for a partner meeting, and prospect lists in a Teams channel that grew beyond its original membership. The output is a consolidated view of the firm’s entire commercial pipeline.
“Find everything mentioning [former employee].” Surfaces the termination memo, the severance calculation, the performance review that preceded the exit, and email threads saved to SharePoint. Material that was never intended to be findable below partner level shows up in a single query.
“What’s our markup on [client] engagements?” Outputs the internal pricing sheet shared during a proposal process so two people could review it. The link was never restricted. The file was never moved. The numbers come back when Copilot is asked.
The question of who would ask any of these queries is separate from the question of what Copilot can return. Microsoft’s deployment guidance focuses on the latter โ and recommends a permissions review before Copilot is enabled at any scale.
Why a “Small Pilot” Is Rarely as Contained as People Think
Running a limited pilot feels like a safe middle ground. In practice, the way most firms set them up tends to produce the highest-risk version of the trial.
The three or four people picked for a pilot are almost always senior. Senior staff have the broadest access of anyone in the firm โ which means any searches they run have the widest possible scope. A pilot with three senior partners produces a higher-risk preview of Copilot than a pilot with three junior staff.
And pilots drift. Licences get reassigned when a partner decides they’re not using one. The person who ends up with the licence is often whoever asked most recently โ not whoever has the most appropriate access profile.
Microsoft’s audit logs will show you what was asked after the fact. But the asking can’t be reversed. Once a Copilot summary has been returned to a user, that information cannot be recalled.
The Cleanup That Should Happen Before Any Trial
Before you click “start trial,” four pieces of work make the difference between a useful test and a disclosure event.
SharePoint Sharing Audit
SharePoint Advanced Management includes a content management assessment that surfaces permission issues, oversharing patterns, and inactive sites. If your tenant has never been reviewed, this is the first place to look. The report identifies which sites are shared more broadly than they should be โ and it’s usually eye-opening.
OneDrive External Share Review
Look at files shared outside the organisation that were never recalled. These are particularly common in legal and accounting firms where files get sent to clients for review and then simply forgotten.
Teams Membership Review
Confirm that channel membership still reflects who should actually have access to the files stored there. Channels that grew during an active project and were never trimmed are a frequent source of unintended access โ especially in growing businesses across Brisbane and Mackay where teams shift quickly.
Sensitivity Labels for Confidential Content
Microsoft Purview sensitivity labels are the mechanism that tells Microsoft 365 which content is confidential. Once applied, you can use Data Loss Prevention policies to exclude labelled items from Copilot processing entirely, and use encryption settings that block Copilot from reading the content without explicit permission.
Without sensitivity labels in place, Copilot has no way to treat a client settlement document differently from a catering invoice.
These four pieces of work generally take four to eight weeks for a firm in the 25-to-100-person range. Some of it can be handled by your IT Support or Managed Services provider. The most sensitive parts โ like deciding which document categories deserve which sensitivity label โ are best handled with input from the partners or owners who actually understand the material.
The One Question to Send Your IT Provider
Before you make any decision about Copilot, send this to whoever manages your Microsoft 365 environment:
“Can you show me a report of every file in our tenant that’s accessible to more than ten people, and flag the ones containing client names, salary figures, or financial data?”
If they can produce something useful within a few days, your environment has been managed actively. The report won’t be a perfect audit โ but it will show you the shape of the problem and give you a real starting point.
If the answer is “we’d need to enable some things first” โ that itself is informative. It means the SharePoint sharing reports have never been run, and the tenant has never been reviewed from a permissions perspective. That’s the real answer to your Copilot readiness question. And the audit needs to happen before any trial does.
Frequently Asked Questions
Does Microsoft 365 Copilot Have Access to My Files by Default?
Copilot has access to whatever the signed-in user has access to, scoped by Microsoft Graph and existing SharePoint, OneDrive, and Exchange permissions. Copilot cannot reach files outside the user’s existing permission set.
Can Sensitivity Labels Stop Copilot From Reading Certain Files?
Yes. Microsoft Purview sensitivity labels with encryption can block Copilot from reading the content. Files require the user to have specific usage rights (EXTRACT and VIEW) for Copilot to interact with them. Data Loss Prevention policies can also exclude labelled items from Copilot processing entirely.
Is a Small Copilot Pilot a Safe Way to Test It?
A pilot is fine if the pilot users have limited access to sensitive content. The common mistake is running a pilot with senior staff โ who tend to have the broadest access in the firm.
How Long Does It Take to Prepare a Tenant for Copilot?
For a firm with several years of accumulated content, preparation usually takes four to eight weeks. The work involves a SharePoint sharing audit, an external share review, a Teams membership review, and sensitivity label application.
What Does Microsoft Say About Copilot Oversharing Risk?
Microsoft publishes a deployment blueprint that organises Copilot security work around three pillars: remediating oversharing, setting up guardrails, and meeting AI regulatory requirements. The oversharing pillar is the one that should be addressed before any Copilot trial.
Sources and Further Reading
Microsoft Learn: Microsoft 365 Copilot blueprint for oversharing โ Microsoft’s official guidance on managing oversharing risk during a Copilot deployment.
Microsoft Learn: Configure a secure and governed foundation for Microsoft 365 Copilot โ how Copilot accesses data and what controls apply.
Microsoft Learn: Get ready for Copilot with SharePoint Advanced Management โ the SharePoint assessment tool for identifying permission and oversharing issues.
Microsoft Learn: Use Microsoft Purview to manage Copilot security and compliance โ how sensitivity labels and DLP policies interact with Copilot.
If you haven’t reviewed your Microsoft 365 tenant in a while, that review is worth doing whether or not Copilot is on your roadmap. Your IT Support provider should be able to run the SharePoint sharing report and walk you through what it shows.
And if you don’t have a provider โ or you’re not getting clear answers from your current one โ feel free to reach out to us and we’ll help you sort it out.
—


