Skip to main content
dp666

Copilot readiness starts with permissions, not licenses

·9 mins
Microsoft 365 Copilot Security Governance Sharepoint Purview Entra Id

Copilot readiness is not a license assignment problem. It is an access boundary problem. If the tenant already overshares, Copilot only makes the blast radius easier to query.

That is the part that gets lost in adoption decks.

A Copilot license enables the experience. It does not make SharePoint clean. It does not remove broad sharing links. It does not review stale guests. It does not make an app registration less terrifying.

Microsoft’s own architecture guidance is clear: Microsoft 365 Copilot works inside the Microsoft 365 service boundary and uses Microsoft Graph to ground responses in data the signed-in user is allowed to access. It honors existing Microsoft 365 security, compliance, privacy, Conditional Access, MFA, and information protection controls.

Good.

That is also the problem.

This is not a Copilot deployment guide. It is not a licensing checklist. It is a pre-rollout access review pattern.

The sentence that matters
#

The sentence is not this:

Copilot is secure.

That is too vague to be operational.

The sentence is this:

Copilot respects the access model already in place.

That changes the whole readiness conversation.

If a user can already read a file, site, email in their working context, chat, meeting transcript, or connected data source, Copilot may be able to help that user find, summarize, reason over, or reuse it. If the user cannot access it, Copilot should not cross that boundary.

So the real readiness question is not whether the license assignment works.

It is whether the access model deserves to be amplified.

Licenses are plumbing
#

Yes, licenses matter. So do app versions, network endpoints, Exchange Online mailboxes, Teams settings, OneDrive, Loop, Whiteboard, and all the other enablement plumbing.

That is not readiness. That is deployment.

Readiness is uglier.

Readiness asks:

  • Who can read sensitive content today?
  • Why can they read it?
  • Who owns that decision?
  • When was it last reviewed?
  • Which access paths bypass the model people think they have?
  • Which controls can prove what happened after Copilot is enabled?

If those questions are uncomfortable, the tenant is not waiting for Copilot.

The tenant is waiting for governance.

Start with SharePoint and OneDrive
#

Most Copilot anxiety is SharePoint permission anxiety wearing an AI hoodie.

Start there.

Not because everything else is clean. Because SharePoint and OneDrive are where collaboration debt usually becomes visible.

Look for the boring things that cause real incidents:

  • sites with very large audiences
  • Everyone except external users
  • broad organization links
  • Anyone links
  • broken permission inheritance
  • old project sites that nobody owns
  • inactive sites with sensitive content
  • libraries where the permission model only makes sense to the person who left in 2021

There is an important nuance here.

An Anyone link or a People in your organization link is not the same thing as directly adding the whole tenant to a site.

But broad links are still access paths. They are transferable. They are easy to forget. They are hard to reason about at scale. And once those links spread, your effective access model becomes much wider than your nice architecture diagram.

A readiness review that ignores link sprawl is theatre.

Stale guests are still principals
#

External collaboration is not the problem. Forgotten collaboration is.

Guest users are security principals. They have assignments, group memberships, site access, Teams access, and sometimes years of historical permissions that nobody remembers granting.

This is not Copilot-specific. That is exactly why it matters.

Copilot readiness is a good forcing function to clean up guest access because it asks a simple question:

Are we comfortable with the access boundary we already have?

If the answer is no, use the tools that already exist. Inactive guest insights. Access reviews. Guest expiration. Group owner review. Removal workflows with a recovery window.

Do not wait for an AI project to discover that collaboration never had an end date.

App registrations are a different blast radius
#

Do not confuse user-scoped access with app-only access.

In delegated Microsoft Graph access, the app acts on behalf of a signed-in user. The app cannot access data the user cannot access.

In application permissions, the app acts as itself. No signed-in user. No user boundary. The permission defines the blast radius.

That distinction matters when Copilot programs grow the usual ecosystem around them:

  • connectors
  • agents
  • plugins
  • automation
  • reporting jobs
  • cleanup scripts
  • security dashboards

This is not because vanilla Microsoft 365 Copilot secretly uses every over-permissioned app registration in your tenant. It does not.

This is because AI readiness projects tend to create new integrations, and integrations love broad Graph permissions if nobody stops them.

Files.Read.All as an application permission is not a casual grant. Neither is Sites.Read.All, Group.ReadWrite.All, or anything else ending in .All that touches collaboration data.

Prefer the least privileged permission. Prefer selected or resource-scoped patterns where supported. Require an owner. Require a reason. Require an expiry or review point.

If the app cannot explain why it needs tenant-wide application access, it does not get tenant-wide application access.

Hard stop.

Connectors can make this worse
#

Microsoft 365 Copilot connectors are useful because they bring external data into the Microsoft 365 Copilot experience.

That also makes them dangerous when the permission model is lazy.

Microsoft documents two important connector permission shapes:

  • respect access from the source system
  • visible to everyone in the organization

One of those is governance. The other is a future incident report if the data source contains sensitive content.

Connector permissions need to match the intended visibility model. Not the fastest setup path. Not the demo path. Not the “we will fix it later” path.

Later is where security work goes to die.

Groups are permission factories
#

Microsoft 365 groups, Teams, mail-enabled security groups, dynamic groups, nested groups, old migration groups, temporary project groups that became permanent by accident.

This is where access becomes folklore.

If nobody owns the group, nobody owns the access decision. If nobody reviews the membership, the group becomes a permission landfill. If the group controls a site, a team, a mailbox, a Planner plan, and half a department’s files, the blast radius is not small just because the display name sounds harmless.

Copilot does not invent that problem.

It removes friction from using the data inside it.

That is enough.

Purview is not decoration
#

Microsoft Purview is not there to make the governance slide look expensive.

For Copilot readiness, Purview is where several important controls become operational:

  • sensitivity labels
  • encryption
  • data loss prevention
  • audit
  • eDiscovery
  • retention
  • data lifecycle management
  • data security posture management

Labels matter more when they enforce something. A footer is not a security boundary. Encryption is.

When sensitivity labels apply encryption, Copilot needs the right usage rights, such as VIEW and EXTRACT, before it can interact with the content. That is a real control.

DLP for Copilot matters when certain sensitive information types, labels, files, emails, or prompts should not be processed in the way users ask. Audit matters when someone asks what Copilot referenced. Retention matters when prompts and responses become discoverable business records.

This is not compliance theatre.

This is the difference between “we think Copilot behaved” and “we can investigate what happened.”

Use emergency brakes carefully
#

There is a place for temporary controls.

Restricted Content Discovery can reduce accidental discovery of high-risk sites in Copilot and organization-wide search while remediation is happening. But it does not fix permissions. The access model underneath is still the access model underneath.

Restricted Access Control is stronger. It constrains site access to defined groups, even where previous permissions or links existed. That can be the right control for business-critical sites.

But neither control is a maturity model.

They are guardrails while you repair ownership, access, labels, lifecycle, and review discipline.

If your Copilot readiness plan is only “hide the scary sites from discovery,” it is not readiness. It is postponement with a nicer name.

What I would check before assigning licenses broadly
#

I would not start with a tenant-wide score. Scores become theatre fast.

I would start with questions that force ownership.

  1. Which SharePoint and OneDrive locations combine sensitive data, broad access, and weak ownership?
  2. Which sites are inactive, ownerless, or built on broken permission inheritance?
  3. Which external users still have access after the collaboration ended?
  4. Which Microsoft 365 groups and Teams have no meaningful owner or lifecycle?
  5. Which app registrations and service principals have high-impact Microsoft Graph application permissions?
  6. Which connectors expose external data, and do they preserve source access controls?
  7. Which sensitive content is unlabeled, unprotected, or missing retention rules?
  8. Which Copilot interactions can we audit, investigate, retain, or delete when policy requires it?
  9. Which interim restrictions are in place, and who owns removing them after remediation?

That is enough to find the real work.

No scoring weights required. No proprietary assessment model required. No tenant screenshots required.

Just access reality.

The rollout pattern
#

A sane rollout looks boring.

That is a compliment.

Baseline the exposure first. Use the controls and reports that already exist: SharePoint Advanced Management Content Management Assessment, data access governance reports, Microsoft Purview DSPM data risk assessments, and Entra access reviews. Find the ugly intersections: sensitive content, broad audience, stale guests, weak ownership.

Apply temporary controls only where needed. Do not turn every governance gap into a permanent discovery block.

Fix the access. Remove broad links where they are not justified. Rescope sharing to specific users or groups. Clean up stale guests. Review high-impact groups. Review app-only permissions. Validate connector permissions.

Then pilot Copilot with users who represent real data boundaries. Not only IT. Not only champions. Not only the people with clean mailboxes and demo-friendly documents.

Use people who will hit the actual edge cases. Then watch what happens.

Use Purview audit. Use DSPM and data risk assessments where available. Ask users what Copilot found that surprised them.

That sentence is gold.

Surprise is where the permission model is lying to you.

Tradeoffs
#

Cleaning everything before enabling Copilot is usually unrealistic.

Enabling everything without cleanup is reckless.

So pick the control plane deliberately.

Restricting discovery can reduce exposure, but it can also reduce legitimate findability. Aggressive guest cleanup can break active collaboration if nobody owns the exception process. DLP can prevent risky processing, but bad policy design creates user pain and shadow workflows. Labeling without encryption may educate users but not enforce the boundary. App consent lockdown slows delivery, but tenant-wide application permissions should be slow.

That is the job.

Security is not the absence of tradeoffs. It is making the tradeoffs visible before the blast radius makes them visible for you.

The actual readiness test
#

Copilot does not create a new access model. It reflects the one you already have.

If that model is clean, Copilot feels controlled. If that model is a museum of broad links, stale guests, orphaned groups, and app-only permissions from five projects ago, Copilot will not create the mess.

It will make the mess useful.

Start with access. Then assign the license.