4 ways to double down on Copilot for Microsoft 365 governance

Copilot Governance Featured

Manage the risks of Copilot for Microsoft 365, like oversharing, granting the wrong access, and sprawl, with these high-impact strategies for optimizing governance and security.

Generative AI tools like Copilot are increasingly becoming embedded in our work environments. Consider this: 77% of Copilot for Microsoft 365 users say they can’t live without it. Wow, that happened quickly! 

Copilot for Microsoft 365 is a double-edged sword. On the one hand, it can boost creativity and efficiency. But on the other hand, it brings new challenges to the table.

According to 71% of IT leaders, Copilot introduces additional security risks. Plus, there’s a higher chance your colleagues might overshare or let data run wild (the dreaded sprawl). If your current M365 governance approach isn’t adapted to this new way of work, Copilot will spotlight those weaknesses in no time.

So, before you get too swept up in the excitement, it’s time to take action! In this article, we cover practical, high-impact strategies for optimizing your governance strategy and policies around content management, security, and access. In no time, you’ll find it easier to maintain a compliant environment that empowers your team to use Copilot for Microsoft 365 effectively. Let’s go! 


1. Ensure the right people have access to the right things

Part of a smooth Microsoft 365 Copilot deployment involves making sure that the organizational data the virtual assistant handles stays confidential. Strengthen your access controls with the following recommendations.

Review user permissions  

When managing SharePoint permissions, it’s best practice to follow the Zero Trust cybersecurity principle of “least privileged access.” That means you should only grant the minimum permissions a user needs to carry out their particular job responsibilities for their roles and nothing more. 

For example, only an HR manager may need to see personal information about your employees, such as salary details and social security numbers. Or, different members of your sales team may only need to see the client data relevant to their assignments. By doing this, you can cut down on any unintentional mishandling of data by your team and also scale back your potential attack surface if a hacker does end up infiltrating your system. 

Before assigning your Copilot for Microsoft 365 licenses, review the existing permissions for each user. 

  • Use groups for permission management instead of assigning permissions directly to individual users. This keeps everything consistent, reduces the risk of anything slipping through the cracks, and, best of all, makes your workday a lot easier.  
  • Dedicate time to regularly review and update permissions to make sure they are always appropriate for your current work environment.
  • Leverage SharePoint permission inheritance to streamline permission management for sub-sites. 

Migrate content to the right places with the right permissions 

Whenever you’re migrating content, make sure to correctly map your identities! That way, the same users who had access to files and folders before the migration will continue to be able to access them afterward—which is key to maintaining a steady workflow and preventing disruptions in productivity. (And, of course, to avoid a situation where suddenly users can access data that is inappropriate for their roles.)

Identify and remove unnecessary access privileges for external users to prevent accidental data exposure. Keep your information safe and ensure only the right people have access 

To accomplish this as an IT admin, proactively engage with team and group owners to make sure they review who has access to their resources. In other words, you need to conduct regular access reviews.  

For example, you can use the reporting available in the SharePoint admin center to review SharePoint sites where users created the most sharing links for files in folders.

Screenshot 2024 05 29 At 4.25.45 pm

As a global admin, you can also view all the guest users in your teams in the “Manage teams” tab of the Microsoft Teams admin center. From there, you can see a list of all your teams, along with the number of guests each one has. Then, if you want to know who exactly these guests are in each team, you can click on an individual team to see. 

Screenshot 2024 05 29 At 4.47.03 pm

Review existing public teams in Microsoft Teams 

In an effort to keep content accessible and make collaboration easier, many organizations will enable the “Public Teams” feature on Microsoft Teams. These are open to anyone in the organization if they want to join. However, this also means that unintended recipients could be listening in on confidential discussions if you aren’t careful.  

To tighten up your security, visit your Teams admin center to see if you’re managing your guest access appropriately and determine whether any teams need restricted access so you can avoid sharing sensitive information.  

Manage Teams

2. Minimize sprawl by cleaning up orphaned teams or team sites 

People love Copilot because it opens up new ways to create content. That benefit, however, can come with a downside.

Without a good governance plan, adding content can create a messy environment full of unmanaged and duplicated resources. If your IT team doesn’t know about this content, you may need to divert your focus from important strategic projects to spend time on reactive clean-up. That will make it a lot harder to maintain a secure, productive, and compliant Microsoft 365 environment! 

So, how can you avoid sprawl from taking over your online workspace? Here are a few ways:

Implement a clear governance strategy 

Define and execute a governance strategy that outlines how the people in your organization will create, manage, and access your data, applications, and services.  

To do this well and consistently enforce the strategy from the get-go, start by building the right infrastructure and effectively communicate the strategy to all of your end users. Thankfully, third-party tools like ShareGate let you automate your governance for Microsoft 365 and simplify that work. 

Consolidate apps and services 

When you only provide access to the apps and services that your end users actually need, your organization will end up improving security, streamlining operations, and reducing costs. Sounds like a win-win-win, right?  

So whenever you procure a new resource, look into whether your organization already uses an app or service that does something similar. That way, you can avoid unnecessary complexity, avoid unnecessary duplicates, and prevent creating more entry points for hackers. 

Increase Microsoft 365 adoption 

As part of your Copilot for Microsoft 365 preparation, you’ll want to encourage your users to stick within the M365 environment when they’re looking for a particular application to tackle their tasks. This will help you prevent sprawl, make sure all applications are compatible with each other, and that your entire IT system is integrated.  

To help make sure they follow that plan, train your employees on how to use all of your Microsoft tools so they’ll feel more comfortable in adopting them. Remember, to help them stick to your governance policies, this training should highlight the importance of securely managing your data when interacting with the environment.  

Monitor usage and performance 

Insight is a superpower! If you don’t know how your team uses the Microsoft environment, how can you tackle any potential problems? Detailed reporting is the key to understanding what’s going on in SharePoint and Teams and staying ahead of the game.  

To keep everything running smoothly and securely, run reports regularly and conduct audits. By reviewing user access permissions and usage trends, you can pinpoint any issues or weaknesses, like underused services or performance bottlenecks, and then take the appropriate action to fix them.  

Optimize content search 

One common piece of feedback from end users in a Microsoft 365 environment? They can’t find the content they’re looking for! That might happen because their organization hasn’t properly optimized, classified, and organized its data. Other times, it might be because they’re dealing with clutter from sprawl.   

When you streamline how they navigate your applications by fine-tuning your settings, improving your metadata, and refining your site structure, you can erase that chaos and make their search effortless. That will also make it easier for you to protect your data, since you’ll be more on top of your valuable assets. 

Implement a provisioning strategy 

Ultimately, you can manage sprawl by setting up guardrails for your users to follow when they create their workspaces in Microsoft 365.  

Microsoft MVP Richard Harbridge shared his advice for building an effective Microsoft 365 provisioning strategy, including: 

  • Leveraging metadata when creating a new SharePoint site or team to add context to the space, so users understand its purpose and sensitivity level 
  • Creating a post-creation ask policy that lets users establish a space first and then provide critical information for their reasons behind creating it 
  • Designing directory experiences that help you get a comprehensive understanding of all existing spaces in Microsoft 365 
  • Establishing an automated request process for new sites and teams. 

Archive team content 

Archiving is necessary to reduce clutter and sprawl. By shifting outdated or less frequently accessed content to a separate storage location, you can free up valuable space for the resources you use more often. It will also improve how your systems perform and cut down on the noise of irrelevant information that prevents your team from accomplishing their tasks quickly.  

Bonus: You’ll also store that content in a secure location, where it will remain available if you need to restore it! 


3. Minimize oversharing 

Operating in a digitized business environment means dealing with an ever-growing massive volume of content that, if not managed effectively, can lead to oversharing: users distributing the wrong content to the wrong people.  

To avoid that, it’s critical to understand which data is being shown to which audiences. In 2023, Microsoft introduced SharePoint Advanced Management, an add-on with advanced content management and security features that can help you with this project. Among these is the option for Data Access Governance (DAG) reports, which give you highly specific details about exactly when sharing happens throughout your tenant.  

For example, you can get a list of sites where users created the highest number of “Anyone links” that let any user access files and folders without signing in. Or you can see an overview of the sites with the highest number of documents classified with sensitivity labels.  

Then, you can use that information to strengthen your security and compliance! For example, you can apply a “restricted access control (RAC) policy” that lets you restrict access to a Microsoft 365 Group-connected site for only the parent Microsoft 365 group’s existing members or all organizational OneDrives to a designated set of users. 


4. Automate Microsoft 365 governance 

This all sounds like a lot of work, right? Earlier, we touched on the idea of automation – and that’s something you should absolutely embrace to achieve effective IT governance that boosts productivity. When your IT team can offload certain tasks, they can focus their brain power on more strategic and value-added projects.  

They can also do this confidently if they leverage a third-party tool, like ShareGate.

ShareGate offers a wide range of features to reduce the time you spend managing your Microsoft 365 environment. With this speedy and easy time-saver, you can: 

  • Oversee guest access hands-free 
  • Automate the process of cleaning up orphaned and inactive site 
  • Leverage customized pre-built templates for quickly creating new (and compliant!) SharePoint sites  
  • Access centralized pre-built reports on the activity in your environment that give you actionable information for tweaking your setup before you experience a major issue 
  • Effortless upgrade how you set up your SharePoint architecture so that you organize your content based on the way your end users actually work 
  • Automate your governance and how you resolve common issues, like getting owners to delete inactive teams, classify their new teams with sensitivity tags, or review externally shared links—just to name a few! 

Harness the power of Copilot with a secure Microsoft 365 environment 

Unfortunately, manually maintaining your Microsoft 365 governance to keep your data secure is challenging. Microsoft doesn’t make it easy to find all the information or tools you need; they’re scattered across the immense sea of Microsoft 365 documentation and admin centers. That makes for very inefficient governance! The process is inherently complicated and risky, and there’s so much that can go wrong: missed security updates, inconsistent policy enforcement, inaccurate data classification, insufficiently restrictive access controls… you get the picture!  

As your users interact with Copilot for Microsoft 365, it can expose the cracks in your current governance approach and the unaddressed risks in your environment. 

Just ShareGate it! Book your demo today and see how ShareGate can help you make your biggest Microsoft 365 admin jobs easy.

What did you think of this article?

Recommended by our team

Your biggest Microsoft 365 jobs, made easy

15-day full-featured trial—no strings, no credit card.

Spot Icon

Smooth Google migration  Migrate from Google Drive to M365 the right way