Copilot has the potential to fundamentally change your company’s data landscape – the possibilities go far beyond the imaginable. However, there are also risks: From outdated files to incorrect authorizations – such hurdles can make confidential data public or affect the precision of your Copilot queries. Proper preparation of your authorization and access structure can guarantee you a smooth start with this technology.
Rolling Out Microsoft Copilot: How to prevent incidents
In order to perfectly coordinate the authorizations and accesses in Microsoft Copilot, we must first understand what Copilot can and sees. In the course of this, we will also better understand what it cannot and does not see.
What Microsoft Copilot Sees
With Copilot, individual users or entire organizations can leverage the power of a large language model similar to ChatGPT. This makes it possible to perform analyses and search queries on all files to which you have access. This means that Copilot does not pose a threat in this respect, as it does not require any additional authorizations but is based on the existing authorization structure.
Why Could Copilot Still Be Problematic?
1. Issues with Permissions
When using Microsoft Copilot in companies, every process begins with a request from the user. This request could include searching for information, creating documents or automating routine tasks. Copilot then starts its queries, searching for all relevant information in all files accessible to the user. Through this access, Copilot can provide accurate results based on internal company data.
However, the introduction of Microsoft Copilot in companies often reveals unexpected challenges in the area of data administration and authorization management. If Copilot inadvertently exposes security vulnerabilities by accessing sensitive data in SharePoint that was hidden before its introduction, serious teething problems can arise. The resulting reputational damage within the organization can be significant, especially if trust in the decision makers and the technology itself is undermined.
A simple example illustrates the risk of using Microsoft Copilot: An accountant analyzes salary data for a cost center overview and initially stores this information securely in an accounting-restricted folder. However, for a presentation to senior management, she copies important salary details to a file that she stores in a publicly accessible folder. While this file would normally be difficult to find, Microsoft Copilot could provide unexpected answers to the question “What do my colleagues earn?” because it has access to the less protected folder.


2. Access to legacy data
A major problem when using technologies such as Microsoft Copilot is dealing with outdated files. For example, if we look at the folder “Produkpalette_Q3_2023”. This folder has been outdated for a long time. And WE, as employees, know that too. However, Copilot does not come to this conclusion by itself.
This can lead to Copilot working on the basis of this outdated information. And this in turn can lead to distorted results. Such situations raise questions about data integrity and highlight the need for more conscientious data maintenance and updating to fully leverage the value of Microsoft Copilot.
To-Do Before Introducing Microsoft Copilot
1. Prevent Access to Legacy Data
First of all, it is important to archive all files that are no longer required in order to avoid unnecessary confusion. Product lists, customer lists and documentation that are no longer required should be moved to clearly labeled archives. This process requires a thorough review of existing folder structures to ensure that only relevant data remains in active access. It can be helpful to define guidelines for the archiving period of individual document types to ensure systematic updating and cleansing of the data stock. Proper archiving not only helps to increase efficiency, but also promotes compliance with data protection guidelines.
2. Review Permissions
Revising the authorization structure is essential to ensure secure access to data and documents. While the tools available in the Microsoft Admin Center offer a good starting point, they can reach their limits in complex scenarios. We use a third-party tool that helps you quickly and clearly comply with the agreed guidelines in a time-efficient manner. We are happy to support you in implementing these practices in your company. Contact us for a free initial consultation.
3. Implement an Organization-Wide Policy for Using TAGS
In order to improve efficiency in the search and organization of documents, it is advisable to introduce a uniform policy for the use of tags within the organization. Tags help to quickly classify and retrieve information, which is especially beneficial in a time of information overload. When developing such a policy, relevant key terms, such as project names, department names or document types, should be defined. It is important to train all employees in the use of this policy to ensure consistent use of the tags and to exploit the full potential of this organizational aid. The co-pilot then automatically copies the necessary tags to the information it references. This prevents them from unintentionally disclosing classified information.
4. Welcome to the World of Copilot
Your authorizations and accesses are now ready for everyday work with Microsoft Copilot. Copilot serves as a powerful digital assistant that supports your work processes with automated tasks and intelligent suggestions. This technology offers the opportunity to optimize workflows and significantly increase productivity. It is crucial that all team members are familiarized with the functions and possibilities of Copilot to ensure successful integration into the daily work routine. Regular feedback and customization will help to effectively adapt Copilot to the specific needs of your business. We welcome you to a future where work is made easier and more efficient through intelligent support.
Information Material for a Successful Rollout of Microsoft Copilot

Leave A Comment