5 essential steps to prepare for Microsoft 365 Copilot

Copilotrecap Featured

Whether you’re testing the waters for Microsoft 365 Copilot or not sure where to start, having a strategic plan is critical. Microsoft MVP Antonio Maio breaks it down and shares tips on preparing your organization.

Microsoft 365 offers an ever-expanding ocean of features and functionalities, especially with the introduction of tools like Copilot. But when organizations want to make the most of new and updated Microsoft tools, they face challenges like security, change management, and adoption.

Copilot has joined the scene as a premium productivity assistant, driven by generative AI and integrated across the Microsoft 365 suite. Using it, you can automate tasks, generate content, and enhance the user experience.

Our recent webinar garnered a lot of interest and questions, showing that many are eager to dive into the world of Copilot. To clear things up and answer your burning questions, Microsoft MVP Antonio Maio talked about what Copilot can do and shared tips on getting your organization ready.

Step 1: Understand the architecture of Copilot for Microsoft 365

Copilot for Microsoft 365 is an AI assistant integrated into your daily workflow.

Watch a quick overview of Copilot in Microsoft apps and see how it’s different from regular predictive AI:

Copilot uses the capabilities of Azure OpenAI’s large language models (LLMs) to assist you with various tasks within familiar Microsoft 365 applications like Teams, Word, and Excel.

What is Microsoft 365 Copilot? Key things IT pros should know.

Here are the key elements that make up the Copilot architecture:

  • Azure OpenAI service: Copilot uses pre-trained LLMs from Azure OpenAI, trained on massive datasets. These models perform tasks like text summarization, content creation, and information research.
  • Microsoft Graph integration: Copilot taps your data through the Microsoft Graph. That means it’s diving into your emails, chats, meetings, contacts, and documents—basically, anything relevant to you and your access permissions.
  • Semantic indexing: This next-generation search technology helps Copilot efficiently find relevant information within your content based on what you’re looking for, not just keywords.
  • Security and compliance: Copilot is built on Microsoft’s security framework, so you can trust it to play by the rules. It respects your permissions, keeps sensitive data safe, and ticks all the boxes for compliance.
  • Microsoft Responsible AI Framework: With Copilot, responsible AI is the name of the game. It follows Microsoft’s guidelines to ensure fairness, reliability, privacy, and transparency. It also looks for harmful content, like malicious prompts or unauthorized access attempts.

Understanding the flow

Let’s walk through how Copilot interaction works:

Copilot Architecture
Source: Antonio Maio, Microsoft MVP
  • User Enters a prompt: The prompt initiates the process, typically within an integrated M365 app like Teams, Word, or Outlook.
  • Pre-processing: The platform runs checks for harmful or malicious content, ensuring responsible use of Copilot. Safety first!
  • Accessing additional data: Next up, the prompt interacts with the Microsoft Graph, potentially accessing emails, files, calendars, contacts, and web information (if enabled).
  • LLM processing: Now, your modified prompt is sent to the LLMs, which are dedicated explicitly to Copilot. These LLMs are powered by Azure OpenAI and are ready to whip up a response just for you. 
  • Response generation: The LLMs respond based on the prompt and accessed data.
  • Post-processing: Copilot conducts further checks on the response. It looks for sensitive data and may apply a sensitivity label if needed.
  • User receives response: The final response is returned to the user within the M365 application.

Remember, Copilot for Microsoft 365 works nicely with other apps in the Microsoft 365 family, like SharePoint and Teams. It’s all part of the same service boundary, keeping everything nice and tidy. 

Your data remains right where it belongs, with just a few exceptions when you access external information online or through plugins, all under your organization’s control.

Step 2: Get the basics and essentials covered

Before diving headfirst into the exciting world of Copilot for Microsoft 365, it’s crucial to ensure your organization has the essential building blocks in place. Antonio walked us through the requirements, prerequisites, and key steps while preparing for Copilot.


  • First, you’ll need a Microsoft Enterprise ID or Azure AD account. 
  • Ensure you’ve got Microsoft 365 Apps deployed on your users’ desktops and that connected experiences like Copilot are turned on. 
  • Remember, Copilot doesn’t work in Word, Excel, PowerPoint, or OneNote if connected experiences are disabled.
  • Ensure you have the appropriate licensing in place. Copilot is an add-on license to existing Microsoft 365 plans like E3, E5, or Business Standard.

Also, make sure to set your update channel for Microsoft 365 Apps to Current Channel or Monthly Enterprise Channel to access all the latest Copilot features.


  • You must have a OneDrive for Business account to use Copilot in OneDrive.
  • Enabling the new Outlook Experience in the Outlook Client app is necessary for Copilot usage in Outlook. 
  • If you plan to use Copilot to summarize your meeting recordings in Microsoft Teams or Teams Phone, turn on transcriptions or meeting recordings beforehand. 
  • For Microsoft Loop and Whiteboard, head over to the M365 Admin Center and make sure they’re enabled there.

Once you’ve validated the requirements and prerequisites, align your network with Microsoft 365 network connectivity principles. Microsoft provides comprehensive documentation on network architectures to manage Microsoft 365 traffic securely. You’ll want to ensure that network traffic destined for Microsoft 365 connects to the closest front-end servers to the user’s location for optimal performance.

Get your content in Microsoft 365

Moving your content into Microsoft 365 is simple. Because Copilot is compatible with both internal and external content, using tools like ShareGate becomes imperative for seamless migration.

ShareGate supports migrating content from various sources into SharePoint, including file shares, Google Drive, Box, and other cloud platforms. It can also move content within Microsoft 365 to ensure it is accessible to Copilot. Additionally, ShareGate preserves permissions, data, and metadata, allowing for content modernization during migration.

By covering these basics and essentials, you’ll lay a solid foundation for using Copilot’s capabilities effectively within your organization.

Step 3: Draft a governance framework for content management, security, and access

Assessing, cleaning up, and governing SharePoint permissions are key to getting your organization ready for Microsoft 365 Copilot integration.

Check out some governance tips for Microsoft 365 Copilot:

Copilot will have access to the same information you do, so ensure your permissions are in a good state. 

The following tools can help you with this task:

SharePoint Advanced Management

SharePoint Advanced Management includes Data Access Governance reports and shows you exactly when sharing happens throughout your tenant and where sensitive data is located with sensitivity labels.

Microsoft Graph Data Connect for SharePoint (MGDC)

Next comes the MGDC for SharePoint combined with Azure Synapse and Power BI. MGDC gives you big data tools for analyzing permissions and other information within SharePoint online. This can be useful for large enterprise-class tenants with thousands of sites, users, and files.

Third-party tools

Overseeing the overall governance of your tenant is no small task. ShareGate supports organizations at every step in lifecycle management, securing and managing access, and ongoing Microsoft 365 management.

Lifecycle management

  • Clean up inactive teams. 
  • Ensure each team and group has an owner before it’s orphaned. 
  • Create workspace provisioning templates. 
  • Delegate policy settings to users and owners. 
  • Fill the gaps in information on your workspaces, hands-free!

Secure and manage access

  • Our Permissions Matrix Report is your springboard to manage permissions across tenants. 
  • Apply custom security settings or right-size permissions to the needs of each team. 
  • Manage external sharing and guest access—see who’s shared what, with whom, and when. 
  • Manage membership to ensure that each team and group has an owner before it’s orphaned. 

Ongoing M365 management

Microsoft Entra ID access reviews

Built into Microsoft Entra ID, access reviews can be done for SharePoint sites to assess and attest permissions regularly. Regular access reviews, like those provided by Microsoft Enterprise ID Access Reviews, can help maintain the environment’s integrity and security over time.

Step 4: Secure, classify, and keep it fresh

Whether you’re testing the Copilot waters for M365 or looking to get started, ensuring your data is secure, classified, and well-managed is crucial. This protects sensitive information and keeps things organized and efficient. 

To do that, Antonio recommended using Microsoft Purview.

Classify data: You can start using sensitivity labels to classify and protect data within Microsoft 365. 

Use Microsoft Purview Information Protection: Imagine you have a secret document you only want certain people to see. Microsoft Purview Information Protection can automatically classify and protect that document, ensuring it doesn’t fall into the wrong hands. Copilot works with Purview, so you can be confident your data is secure.

Purview Data Lifecycle: Not all data needs to stay around forever. You must have a plan for dealing with outdated information to free up space and comply with regulations. So, what options do you have? 

  • Archive: Move your data to a separate, lower-cost storage location for long-term access.
  • Delete: Permanently remove any data that’s no longer needed.
  • Apply a retention policy: Set rules for how long to keep different data types.
  • Microsoft Purview Data Lifecycle and Records Management: Use Purview’s tools to automate retention and disposal processes.

Copilot integrates with Microsoft Purview Data Lifecycle and Records Management. It enables you to apply retention policies to Copilot prompts and responses, ensuring your data complies with regulations and frees up valuable storage space.

Purview’s eDiscovery Premium: Purview’s eDiscovery Premium also helps you search for and hold onto relevant Copilot prompts and responses. This is crucial for legal compliance and investigations.

Good news!

Automation is the foundation of optimal security and compliance in a world where digital landscapes are dynamic and risks are ever-present. ShareGate, your automation master, ensures that your Microsoft 365 governance strategy is proactive, robust, and at the forefront of real-time risk management, allowing IT to focus on other priorities.

Step 5: Gear up for Copilot end-user training for quick and secure adoption

Now that you’ve prepared your data and environment, it’s time to ensure your users have a smooth and secure Copilot experience. 

Microsoft has provided some great content to get you started: a Microsoft Copilot center of excellence adoption guide.

  • Training program: Develop a Copilot adoption program and a Center of Excellence to address questions like how to interact with Copilot, what experiences are available, and what makes a good prompt. 
  • Support center: Create a support center where users can find information about Copilot, such as how to provide context, use expectations, and point it to data sources.
  • Prompt engineering: Teach users about prompt engineering, which involves creating a clear goal for answering prompts and providing context, expectations, and data sources.
  • Validation: Inform users that they should validate all responses within Copilot, as generative AI tools are not built for accuracy and require a healthy degree of skepticism.
  • Communication: Establish a champions program to help colleagues who are early adopters of Copilot to assist others in their adoption journey.

Key takeaways

Preparing your organization for Microsoft 365 Copilot involves establishing a solid foundation and preparing for how the latest advancements in generative AI and Copilot can impact your organization.

These five high-level points are a good place to start:

  • Assess how permissions and access control are managed in SharePoint, OneDrive, and Teams. 
  • Establish a governance framework for future permission and access control practices in M365.
  • Equip your team with best practices for storing, sharing, and collaborating in Microsoft 365.
  • Implement security measures and data classification to protect sensitive information.
  • Continuously monitor and optimize Copilot’s performance to maximize benefits and ensure a smooth user experience.

Microsoft 365 Copilot Q&A

Our webinar on how to prepare your organization for M365 Copilot sparked a lot of discussion and a ton of live questions. We’ve rounded up some of the top questions during our webinar and combined them with Antonio’s expertise to create our M365 Copilot Q&A!

Copilot indexes information accessible within the organization’s Microsoft 365 environment. It scans and uses documents that users have access to within their tenant. However, it cannot access documents shared from external sources or different tenants.

Can the LLM be trained on organization-specific documents/templates to make it more familiar, such that responses are most relevant to the given organization?

There is no direct way to train the LLM (Large Language Model) on organization-specific documents or templates. However, Copilot uses the content in your Microsoft 365 tenant to generate responses, so the more relevant and specific content you have in your tenant, the more tailored the responses will be to your organization.

How can Copilot get better for an organization? What should users or IT pros expect out of Microsoft in terms of quality growth over time?

Copilot is constantly learning and evolving. As the underlying language model is exposed to more data and interactions, it better provides accurate and relevant responses to your prompts. Microsoft also regularly updates new features, improving Copilot’s overall performance and functionality. Expect to see ongoing advancements in quality.

What did you think of this article?

Recommended by our team

Getting started is easy

Try ShareGate free for 15 days. No credit card required.

Icon Copilot

WEBINAR Is your SharePoint content Copilot-ready?