Table of Contents
Preparing a Microsoft 365 Tenant for Microsoft 365 Copilot
I was asked to list the most important steps I would take to prepare a Microsoft 365 tenant for the deployment of Microsoft 365 Copilot. It’s an interesting question at a time when Microsoft would claim that their campaign to convince organizations to embrace Copilot is gaining momentum. In their FY26 Q2 results, Microsoft claimed 15 million paid seats. Three months later, Microsoft’s FY26 Q3 results reported an increase to 20 million paid seats. I guess a lot of big Copilot deals came in during Q3.
In any case, 20 million paid Microsoft 365 Copilot seats is still less than 4.5% of the Microsoft 365 installed base, so there’s still plenty of room for growth.
For the purpose of this article, let’s assume that management has approved the purchase of Microsoft 365 Copilot licenses, and the organization understands the advantages they expect to gain from AI. We’ll also assume that user training is being prepared and will be ready for delivery to the chosen recipients of Copilot licenses. I know that these are major assumptions, but we have to start somewhere.
In this context, somewhere means the IT plan to introduce Microsoft 365 Copilot in a measured way that protects sensitive content.
The first thing I would do is to assign a small number of Copilot licenses to user accounts. You need to validate the other steps, and that can only be done with real user activity. Ideally, assign the licenses via group-based licensing rather than direct assignments. It will make Copilot license management easier over the long run.
Restrict Copilot Access to Content
Next, prepare the tenant for Restricted Content Discovery (RCD). Most Copilot issues are due to historically bad sharing behavior. RCD is the block to stop Copilot finding and using files stored in confidential sites. Preparation means drawing up a list of those sites and then setting site properties to enable RCD. It’s better to be safe than sorry, so if there’s any doubt, enable RCD for a site. You can always turn RCD off later if a business need establishes that Copilot should consume the information from the site.
Site administrators can configure RCD for their sites. Administrators should know the value of the content stored in their sites, so this is a useful feature to have. However, administrators can also disable RCD for a site, and that might lead to inadvertent data disclosure, so administrators must be coached to ask before they disable RCD.
If the tenant doesn’t use sensitivity labels, now is a good time to start. RCD blocks complete sites; sensitivity labels can be used in conjunction with the DLP policy for Copilot to block access for individual files. Document authors should know if their files contain sensitive information, and in this case, they can apply the appropriate sensitivity label to stop Copilot Chat and agents using the document content in responses. DLP policies can also stop Copilot processing prompts which contain sensitive data or stop Copilot using web (Bing) searches to ground prompts.
Limiting Work IQ is Key at the Start
You might think that I am too focused on blocking Copilot access to information. According to Microsoft, Work IQ is the intelligence layer that personalizes Microsoft 365 Copilot for an organization and depends heavily on the information stored in a tenant. Work IQ is the trump card for Microsoft 365 Copilot but allowing AI access to information stored in SharePoint Online, OneDrive for Business, Teams, and Exchange Online is a doubt-edged sword. Too much access is likely to end in tears because Copilot will exhibit its immense ability to find and regurgitate information that people would prefer not to emerge, if people care to ask. For example, you don’t want people to prompt Copilot about topics like salaries and receive some interesting responses that the company would prefer to remain secret. It’s better when Copilot can only respond with curated information (Figure 1).
On the other hand, allowing too little access to Microsoft 365 sources removes much of the value that Microsoft 365 Copilot can deliver, so a balance is needed. Seeking balance does not mean taking risk. IT departments that don’t deploy RCD and don’t allow users to protect their most confidential files won’t be thanked if sensitive data like board minutes, salary details, or proposed HR policies leak out. And that’s why I start by locking access down during the early deployment while gathering evidence for which sites should be available. Remember, if a leak happens through Copilot, it will be difficult to regain user confidence in the security of AI tools.
Much More to Do
Establishing strong guiderails for Copilot with RCD and DLP sets a foundation for deployment success. However, there’s tons of work to be done to maintain success, including leveraging the reports available through SharePoint Advanced Management (a subset of which, including RCD, is licensed through Microsoft 365 Copilot) to understand how content is shared within the organization. Then there’s deciding on which sites are authoritative for the organization, setting reasonable values for company-wide sharing links (which automatically make information available to Copilot), and so on.
The point is that restricting access early in a Microsoft 365 Copilot deployment liberates time to consider and implement all the other ways to exert control over Copilot. That control will become increasingly important as we progress further into the world of agents – whether we like that or not.
Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365. Only humans contribute to our work!