Why Your Copilot Rollout is a Security Nightmare: The Microsoft Purview Strategy

1
00:00:00,000 --> 00:00:04,080
Co-pilot might be the most efficient, unauthorized auditor your company has ever seen.

2
00:00:04,080 --> 00:00:06,680
It doesn't need to break your permissions to cause a crisis.

3
00:00:06,680 --> 00:00:10,440
It just turns weak access into instant answers, and all that old protection you got from

4
00:00:10,440 --> 00:00:14,360
messy sites, buried folders, and forgotten file names stops working.

5
00:00:14,360 --> 00:00:16,520
The second someone types a good prompt.

6
00:00:16,520 --> 00:00:18,680
Think about any tenant with weak access controls.

7
00:00:18,680 --> 00:00:23,480
If you ask Co-pilot to summarize leadership pay, pull HR policy drafts, or find confidential

8
00:00:23,480 --> 00:00:27,160
planning docs, it will surface that content in seconds as long as the user technically

9
00:00:27,160 --> 00:00:28,160
has access.

10
00:00:28,160 --> 00:00:32,040
It isn't an AI defect or a bug in the software, it is a massive data exposure problem that

11
00:00:32,040 --> 00:00:33,800
AI makes visible at scale.

12
00:00:33,800 --> 00:00:37,720
In 2026 this is exactly where things break, you have fast roll outs meeting old permissions

13
00:00:37,720 --> 00:00:39,400
and conversational retrieval.

14
00:00:39,400 --> 00:00:43,160
If you want to stay ahead of Co-pilot governance, you should subscribe, because the real question

15
00:00:43,160 --> 00:00:47,600
now isn't whether Co-pilot is risky, it's about what model of control still works when

16
00:00:47,600 --> 00:00:49,680
friction disappears.

17
00:00:49,680 --> 00:00:52,320
The model that broke, security through obscurity.

18
00:00:52,320 --> 00:00:57,320
For years, a lot of Microsoft 365 security depended on something nobody wanted to admit.

19
00:00:57,320 --> 00:01:00,040
Most of your safety came from low discoverability.

20
00:01:00,040 --> 00:01:03,600
Files were technically accessible to the wrong people, but they were just too hard to find.

21
00:01:03,600 --> 00:01:07,920
They sat in deep share point libraries, old team sites, forgotten project folders, personal

22
00:01:07,920 --> 00:01:11,160
one drives, and mail threads that nobody would ever search properly.

23
00:01:11,160 --> 00:01:14,920
You didn't have good governance, you had friction posing as protection, and it lasted because

24
00:01:14,920 --> 00:01:18,800
most people never had the time or patience to test the edges of their own access.

25
00:01:18,800 --> 00:01:20,600
What typically happened is simple.

26
00:01:20,600 --> 00:01:21,600
Permissions drifted over time.

27
00:01:21,600 --> 00:01:25,960
A site got shared too broadly during a project, or a folder inherited access it shouldn't

28
00:01:25,960 --> 00:01:27,880
have kept after a deadline passed.

29
00:01:27,880 --> 00:01:32,120
Maybe a finance file stayed open to a wider group after a reog, or legal drafts lived in

30
00:01:32,120 --> 00:01:35,000
a place that felt obscure enough to seem safe.

31
00:01:35,000 --> 00:01:38,800
None of that ever got fixed, because the damage felt limited in day to day work, people

32
00:01:38,800 --> 00:01:39,800
navigate.

33
00:01:39,800 --> 00:01:41,160
They search, then they give up.

34
00:01:41,160 --> 00:01:44,520
The bad permission stays there, and nobody feels the risk because the effort required to

35
00:01:44,520 --> 00:01:47,640
exploit it is still too high for a normal employee.

36
00:01:47,640 --> 00:01:49,920
But Co-pilot runs on another model entirely.

37
00:01:49,920 --> 00:01:54,000
It works through context, permissions, search, and Microsoft Graph signals across every

38
00:01:54,000 --> 00:01:56,240
piece of content a user can already reach.

39
00:01:56,240 --> 00:01:57,840
The starting point changes completely.

40
00:01:57,840 --> 00:02:00,120
A user no longer needs to remember the file name.

41
00:02:00,120 --> 00:02:01,600
They don't need the site URL.

42
00:02:01,600 --> 00:02:04,760
They don't even need to know whether the document lives in SharePoint 1 Drive or an old

43
00:02:04,760 --> 00:02:05,760
email.

44
00:02:05,760 --> 00:02:09,160
They just ask a question in natural language, and Co-pilot does the heavy lifting for them.

45
00:02:09,160 --> 00:02:10,600
That distinction matters a lot.

46
00:02:10,600 --> 00:02:12,120
Co-pilot doesn't create new access.

47
00:02:12,120 --> 00:02:15,640
It removes the effort needed to use the access you already gave people.

48
00:02:15,640 --> 00:02:19,640
Once you see that clearly the whole security conversation changes, because the failure

49
00:02:19,640 --> 00:02:21,960
isn't in the model answering the question.

50
00:02:21,960 --> 00:02:24,200
The failure sits in the permission model feeding it.

51
00:02:24,200 --> 00:02:26,240
The scale of that problem isn't theoretical.

52
00:02:26,240 --> 00:02:30,720
Research shows that 16% of business critical data is overshared, and the average organization

53
00:02:30,720 --> 00:02:33,840
has about 802,000 files at risk right now.

54
00:02:33,840 --> 00:02:37,200
That number tells you something uncomfortable about the old way of doing things.

55
00:02:37,200 --> 00:02:38,760
The exposure was already there.

56
00:02:38,760 --> 00:02:42,440
Most of it just stayed dormant because your employees weren't acting like professional

57
00:02:42,440 --> 00:02:47,360
search engines all day, and one level deeper permissions drift makes this even worse.

58
00:02:47,360 --> 00:02:50,520
Research used in risk training shows that only a tiny share of granted permissions is

59
00:02:50,520 --> 00:02:51,520
ever actively used.

60
00:02:51,520 --> 00:02:53,800
But the rest of those permissions just sit there.

61
00:02:53,800 --> 00:02:55,520
They are quiet and unchecked.

62
00:02:55,520 --> 00:02:59,160
This means your tenant likely contains a huge amount of access that nobody needs anymore,

63
00:02:59,160 --> 00:03:03,280
but nobody notices until AI turns that stale access into working context.

64
00:03:03,280 --> 00:03:05,240
This is how the accidental insider threat grows.

65
00:03:05,240 --> 00:03:08,040
We aren't talking about a malicious actor or a compromised account.

66
00:03:08,040 --> 00:03:11,640
It's just a normal employee with a valid identity asking a reasonable question and getting

67
00:03:11,640 --> 00:03:12,640
an unreasonable answer.

68
00:03:12,640 --> 00:03:14,440
They weren't trying to steal anything.

69
00:03:14,440 --> 00:03:16,160
They were just trying to work faster.

70
00:03:16,160 --> 00:03:19,640
But the system answered them using data that should never have been reachable in that

71
00:03:19,640 --> 00:03:20,640
moment.

72
00:03:20,640 --> 00:03:23,600
Before Copilot, human limits slowed that process down.

73
00:03:23,600 --> 00:03:24,960
Search terms had to be specific.

74
00:03:24,960 --> 00:03:26,920
Users stayed inside one app at a time.

75
00:03:26,920 --> 00:03:31,280
They rarely connected dots across SharePoint, OneDrive and Outlook, unless they already knew

76
00:03:31,280 --> 00:03:33,200
exactly where to look.

77
00:03:33,200 --> 00:03:34,200
Copilot collapses that effort.

78
00:03:34,200 --> 00:03:35,320
You ask once.

79
00:03:35,320 --> 00:03:36,320
It searches broadly.

80
00:03:36,320 --> 00:03:37,800
It assembles context.

81
00:03:37,800 --> 00:03:41,800
And the old assumption that obscurity gives you breathing room finally falls apart.

82
00:03:41,800 --> 00:03:45,240
Once that clicks, the rollout mistake gets obvious.

83
00:03:45,240 --> 00:03:46,240
Why rollout stall?

84
00:03:46,240 --> 00:03:48,040
The governance gap before scale.

85
00:03:48,040 --> 00:03:52,080
Most Copilot rollouts don't stall because users hate the tool, but rather because the company

86
00:03:52,080 --> 00:03:55,800
turned on the AI before it understood the shape of its own access.

87
00:03:55,800 --> 00:03:57,720
That is the pattern we see everywhere.

88
00:03:57,720 --> 00:03:59,840
Licenses get funded and pilot groups get announced.

89
00:03:59,840 --> 00:04:02,560
Then a few executives try it out and some early wins show up.

90
00:04:02,560 --> 00:04:07,040
But then the momentum hits a wall when security, compliance and IT start asking basic questions

91
00:04:07,040 --> 00:04:08,640
that nobody bothered to answer up front.

92
00:04:08,640 --> 00:04:12,600
They want to know what counts as sensitive content, where that data lives right now, and

93
00:04:12,600 --> 00:04:14,400
who can actually reach it today.

94
00:04:14,400 --> 00:04:18,880
Most importantly, they need to know what exactly Copilot can pull into a response from that mess.

95
00:04:18,880 --> 00:04:22,640
That missing baseline is the real blocker and it has nothing to do with the license cost

96
00:04:22,640 --> 00:04:24,240
or the quality of your prompts.

97
00:04:24,240 --> 00:04:27,600
The problem sits one layer lower in the operating facts of your tenant.

98
00:04:27,600 --> 00:04:31,400
If you can't map your sensitive data or verify who has access to it, you aren't actually

99
00:04:31,400 --> 00:04:33,160
scaling AI in a meaningful way.

100
00:04:33,160 --> 00:04:37,040
You are simply scaling uncertainty and people across the organization start to feel that

101
00:04:37,040 --> 00:04:38,400
tension very quickly.

102
00:04:38,400 --> 00:04:42,000
This is exactly where a lot of organizations are sitting right now, caught somewhere between

103
00:04:42,000 --> 00:04:43,960
a pilot and a controlled rollout.

104
00:04:43,960 --> 00:04:47,160
They aren't fully stopped, but they aren't truly ready to go big either.

105
00:04:47,160 --> 00:04:50,760
They have seen enough activity to know Copilot can help, but they don't have enough confidence

106
00:04:50,760 --> 00:04:52,720
to expand the footprint cleanly.

107
00:04:52,720 --> 00:04:56,040
That's why so many programs get stuck in an awkward middle-state where leadership once

108
00:04:56,040 --> 00:05:01,000
momentum, while legal and security are demanding evidence that the data is safe.

109
00:05:01,000 --> 00:05:04,560
Admins are then left trying to clean up years of inherited access after the AI conversation

110
00:05:04,560 --> 00:05:05,560
has already started.

111
00:05:05,560 --> 00:05:11,880
The adoption data from 2025 survey research lines up with this reality showing that 71%

112
00:05:11,880 --> 00:05:14,520
of people cited governance as their top barrier.

113
00:05:14,520 --> 00:05:18,320
Only 17% of companies had managed to scale beyond their initial pilots, which should tell

114
00:05:18,320 --> 00:05:21,520
executives something pretty direct about the current landscape.

115
00:05:21,520 --> 00:05:23,720
The bottleneck isn't a lack of interest from the workforce.

116
00:05:23,720 --> 00:05:26,560
The bottleneck is a lack of control from the top.

117
00:05:26,560 --> 00:05:30,320
Companies aren't struggling to imagine use cases, but they are struggling to trust the

118
00:05:30,320 --> 00:05:34,400
data boundary around those use cases, and the baseline they skipped isn't some abstract

119
00:05:34,400 --> 00:05:38,160
concept, because it really comes down to four practical questions.

120
00:05:38,160 --> 00:05:42,640
You need to know what data is sensitive and where that data sits across SharePoint, OneDrive,

121
00:05:42,640 --> 00:05:43,880
Exchange and Teams.

122
00:05:43,880 --> 00:05:47,600
You have to identify who has access now, including stale group memberships and inherited

123
00:05:47,600 --> 00:05:49,480
permissions that everyone forgot about.

124
00:05:49,480 --> 00:05:53,600
Finally, you must understand what Copilot can actually surface from those parts when someone

125
00:05:53,600 --> 00:05:55,320
asks a natural language question.

126
00:05:55,320 --> 00:06:00,120
Until those four answers exist, rollout decisions are mostly just guesswork, dressed up as innovation.

127
00:06:00,120 --> 00:06:03,640
A lot of leaders make the same budget mistake here by funding the experience before they

128
00:06:03,640 --> 00:06:04,640
fund the visibility.

129
00:06:04,640 --> 00:06:08,840
They buy more copilot seats before they invest in the controls that tell them whether those

130
00:06:08,840 --> 00:06:10,600
seats are safe to expand.

131
00:06:10,600 --> 00:06:14,400
That approach sounds fast and ambitious, but it creates the exact friction that kills momentum

132
00:06:14,400 --> 00:06:15,400
later on.

133
00:06:15,400 --> 00:06:20,040
The moment your risk teams see unclear exposure, every conversation about scaling the tool turns

134
00:06:20,040 --> 00:06:21,920
into a long drawn out debate.

135
00:06:21,920 --> 00:06:25,600
So what does minimum viable governance look like before you go for a broader rollout?

136
00:06:25,600 --> 00:06:29,200
It isn't a giant transformation program, but rather a simple control stack that gives

137
00:06:29,200 --> 00:06:30,680
you a real line of sight.

138
00:06:30,680 --> 00:06:34,920
You start with sensitivity labels that mean something operational instead of just being compliance

139
00:06:34,920 --> 00:06:35,920
paperwork.

140
00:06:35,920 --> 00:06:39,760
You add access reviews so all permissions don't keep drifting forward untouched and you

141
00:06:39,760 --> 00:06:43,960
run an oversharing scan across the place's copilot will draw from most.

142
00:06:43,960 --> 00:06:47,840
Make sure your audit is turned on so you can see interactions and access resources, then

143
00:06:47,840 --> 00:06:52,240
put prompt level controls in place so risky grounding paths don't slip through by default.

144
00:06:52,240 --> 00:06:56,080
Taking these steps doesn't kill the value of the AI, it actually protects that value for

145
00:06:56,080 --> 00:06:57,080
the long term.

146
00:06:57,080 --> 00:07:01,160
Once that baseline exists, you can expand copilot on safer ground instead of rolling it into blind

147
00:07:01,160 --> 00:07:03,280
spots and hoping the tenant behaves.

148
00:07:03,280 --> 00:07:07,320
The smart executive move isn't to push harder on scale right away, but to pause long enough

149
00:07:07,320 --> 00:07:09,680
to stop convenience from turning into exposure.

150
00:07:09,680 --> 00:07:14,400
This becomes very concrete when you look at how these failures actually show up in production.

151
00:07:14,400 --> 00:07:17,200
Three failure patterns every copilot team should expect.

152
00:07:17,200 --> 00:07:21,080
The first failure pattern is the simplest and that is exactly why it catches so many smart

153
00:07:21,080 --> 00:07:22,560
people off guard.

154
00:07:22,560 --> 00:07:23,880
Overshared files stop hiding.

155
00:07:23,880 --> 00:07:28,320
A user asks a plain question that sounds perfectly normal for work and copilot brings back

156
00:07:28,320 --> 00:07:30,760
content from places nobody thought to check.

157
00:07:30,760 --> 00:07:35,240
This includes HR drafts, finance workbooks, legal notes and leadership planning decks.

158
00:07:35,240 --> 00:07:39,200
These files weren't newly exposed by the AI but natural language turns broad access into

159
00:07:39,200 --> 00:07:43,320
usable access and the old mess of SharePoint structure stops slowing people down.

160
00:07:43,320 --> 00:07:47,720
In most organizations, those files sit inside a mountain of digital clutter like old team

161
00:07:47,720 --> 00:07:50,280
sites and project spaces that never got cleaned up.

162
00:07:50,280 --> 00:07:54,400
There are broad member groups and shared links that nobody ever bothered to revoke.

163
00:07:54,400 --> 00:07:58,960
People assume the clutter protects them because no one remembers where anything is located.

164
00:07:58,960 --> 00:08:02,920
Then someone asks the system to show them draft compensation ranges or summarise planning

165
00:08:02,920 --> 00:08:06,000
documents for next quarter and the AI does the stitching.

166
00:08:06,000 --> 00:08:09,480
That is the moment this breaks because the user didn't bypass any security.

167
00:08:09,480 --> 00:08:11,120
They just stop needing to know where to look.

168
00:08:11,120 --> 00:08:15,440
This matters operationally because it fundamentally changes how data exposure happens in the

169
00:08:15,440 --> 00:08:16,720
modern workplace.

170
00:08:16,720 --> 00:08:21,480
For copilot, risky access often stayed theoretical because the files were too hard to find.

171
00:08:21,480 --> 00:08:25,520
Now that access becomes practical and fast, a person with no bad intent can land on material

172
00:08:25,520 --> 00:08:30,360
they were never expected to use in that context and once that answer appears in a chat response.

173
00:08:30,360 --> 00:08:32,600
The governance discussion gets much harder.

174
00:08:32,600 --> 00:08:35,520
The issue is no longer hidden in some buried permission entry.

175
00:08:35,520 --> 00:08:37,840
It is visible in plain language right there on the screen.

176
00:08:37,840 --> 00:08:41,600
The second pattern sits in copilot studio and this is where many teams wrongly assume

177
00:08:41,600 --> 00:08:43,600
the main copilot controls will save them.

178
00:08:43,600 --> 00:08:44,600
They won't.

179
00:08:44,600 --> 00:08:49,160
The agents introduce another layer of design decisions around connectors, knowledge sources,

180
00:08:49,160 --> 00:08:50,880
grounding and environment rules.

181
00:08:50,880 --> 00:08:54,800
If those boundaries are loose, the agent can return information well outside the use case

182
00:08:54,800 --> 00:08:58,280
it was built for even when the builder thought the setup looked narrow enough.

183
00:08:58,280 --> 00:09:02,800
What typically happens is the agent connects to SharePoint and a few internal APIs but nobody

184
00:09:02,800 --> 00:09:06,160
draws a hard line around what the agent should never touch.

185
00:09:06,160 --> 00:09:10,560
The project starts with a useful goal like support answers or policy look up but then

186
00:09:10,560 --> 00:09:12,120
the scope begins to creep.

187
00:09:12,120 --> 00:09:15,480
Other connector gets added and another source gets approved because someone wants broader

188
00:09:15,480 --> 00:09:16,800
coverage for convenience.

189
00:09:16,800 --> 00:09:20,480
Suddenly the agent isn't just answering one business question but is operating across

190
00:09:20,480 --> 00:09:24,920
mixed data estates with very weak separation and one level deeper the core problem isn't

191
00:09:24,920 --> 00:09:29,560
only the number of connectors you have it is the design of the boundary itself an agent inherits

192
00:09:29,560 --> 00:09:33,720
risk from every source every identity path and every environment rule that surrounds

193
00:09:33,720 --> 00:09:34,720
it.

194
00:09:34,720 --> 00:09:36,000
Research makes this pretty clear.

195
00:09:36,000 --> 00:09:40,120
Copilot studio needs its own DLP and connector governance approach and those protections

196
00:09:40,120 --> 00:09:44,920
don't come automatically just because the main Microsoft 365 experience is governed.

197
00:09:44,920 --> 00:09:49,480
The security question shifts from whether you built an agent to what exact data boundary

198
00:09:49,480 --> 00:09:53,480
you built around it then you hit the third pattern and this one damages trust even when

199
00:09:53,480 --> 00:09:55,880
no major data exposure is actually confirmed.

200
00:09:55,880 --> 00:09:57,360
You simply can't see enough.

201
00:09:57,360 --> 00:10:00,800
The organization rolls out copilot and users start interacting with it but the monitoring

202
00:10:00,800 --> 00:10:04,200
model stays thin while responses reference files and mail.

203
00:10:04,200 --> 00:10:07,920
There is no shared view of prompts and no clear trail of access resources which means

204
00:10:07,920 --> 00:10:12,720
there is no easy way to separate a normal interaction from a risky one that leaves security teams

205
00:10:12,720 --> 00:10:15,640
and executives working from a set of dangerous assumptions.

206
00:10:15,640 --> 00:10:20,400
Per view audit logs can capture these interactions including the sensitivity context but only if

207
00:10:20,400 --> 00:10:25,640
the organization is treating audit as a core part of the rollout because later is too late.

208
00:10:25,640 --> 00:10:29,120
Once questions come in from legal or a business owner who thinks something sensitive showed

209
00:10:29,120 --> 00:10:31,280
up in a response you need hard evidence.

210
00:10:31,280 --> 00:10:35,080
You need to know who asked what resource was touched and whether a web search path was

211
00:10:35,080 --> 00:10:36,080
involved.

212
00:10:36,080 --> 00:10:39,960
Throughout those details every investigation turns into a slow and messy process.

213
00:10:39,960 --> 00:10:43,240
The cost here isn't just forensic because your policy tuning suffers as well.

214
00:10:43,240 --> 00:10:46,360
If you can't observe how people are actually using copilot you can't tell whether your

215
00:10:46,360 --> 00:10:49,320
controls are too weak or hitting the wrong patterns.

216
00:10:49,320 --> 00:10:53,160
You also can't prove the system is safe enough to scale which means trust starts to erode

217
00:10:53,160 --> 00:10:55,000
from both sides of the business.

218
00:10:55,000 --> 00:10:59,200
Risk teams think governance is blind while business teams think security is blocking progress

219
00:10:59,200 --> 00:11:00,200
without any proof.

220
00:11:00,200 --> 00:11:01,880
The answer isn't shutting copilot off.

221
00:11:01,880 --> 00:11:05,720
The answer is changing the control model so discovery, agent behavior and visibility are

222
00:11:05,720 --> 00:11:08,680
governed on purpose instead of being left to drift.

223
00:11:08,680 --> 00:11:12,080
The purview strategy build the perimeter around context.

224
00:11:12,080 --> 00:11:14,200
The old control model has to change.

225
00:11:14,200 --> 00:11:17,440
We can't just rely on wider lockdowns or random exceptions anymore.

226
00:11:17,440 --> 00:11:21,000
We need a model that follows context because that is exactly how copilot works.

227
00:11:21,000 --> 00:11:24,840
This is the moment where Microsoft purview starts to matter as an operating system for

228
00:11:24,840 --> 00:11:28,720
AI governance rather than just a compliance console that people open once a year during

229
00:11:28,720 --> 00:11:29,720
audits.

230
00:11:29,720 --> 00:11:30,720
It all starts with labels.

231
00:11:30,720 --> 00:11:35,040
Most companies treat sensitivity labels like stickers that are helpful for policy, records

232
00:11:35,040 --> 00:11:39,400
or compliance reporting, but that approach is far too passive for AI.

233
00:11:39,400 --> 00:11:42,360
In a copilot environment labels need to become decision signals.

234
00:11:42,360 --> 00:11:46,800
They have to tell downstream controls what content can be processed, what should be blocked,

235
00:11:46,800 --> 00:11:48,880
and where stricter rules should apply.

236
00:11:48,880 --> 00:11:53,000
If your labels are missing, inconsistent or limited to a small part of the tenant, your

237
00:11:53,000 --> 00:11:55,280
policy logic starts weak and it stays weak.

238
00:11:55,280 --> 00:11:58,200
That label first model represents the real shift.

239
00:11:58,200 --> 00:12:02,040
You classify the content first and then the policy follows that classification.

240
00:12:02,040 --> 00:12:03,600
It is never the other way around.

241
00:12:03,600 --> 00:12:07,520
Instead of building endless lists of sites and hoping admins remember to update them,

242
00:12:07,520 --> 00:12:09,880
you let the state of the content drive the enforcement.

243
00:12:09,880 --> 00:12:13,680
This matters because the location of information changes all the time, while the business meaning

244
00:12:13,680 --> 00:12:15,360
of that information usually stays the same.

245
00:12:15,360 --> 00:12:19,640
A finance document is still a finance document even if it moves to a new folder and a confidential

246
00:12:19,640 --> 00:12:23,640
strategy file is still sensitive even if a team reorganizes around it.

247
00:12:23,640 --> 00:12:27,320
Purview gives you a way to make that meaning usable across the board.

248
00:12:27,320 --> 00:12:31,320
This strategy gets much stronger with adaptive scopes, which finally reached general availability

249
00:12:31,320 --> 00:12:33,240
in March of 2026.

250
00:12:33,240 --> 00:12:37,520
For that update, teams were stuck with static sharepoint targeting and site limits that

251
00:12:37,520 --> 00:12:40,880
simply did not fit the shape of large, complex environments.

252
00:12:40,880 --> 00:12:45,000
That old approach breaks down quickly because manual lists age badly and sites change owners

253
00:12:45,000 --> 00:12:46,000
without warning.

254
00:12:46,000 --> 00:12:50,240
New spaces appear faster than policies can ever catch up, and old exclusions often stay

255
00:12:50,240 --> 00:12:52,600
in place long after they stop making sense.

256
00:12:52,600 --> 00:12:57,040
In an AI rollout, that lag becomes a dangerous control gap because copilot moves at query speed

257
00:12:57,040 --> 00:12:59,320
while your governance moves at admin speed.

258
00:12:59,320 --> 00:13:02,040
Adaptive scopes change the entire targeting model.

259
00:13:02,040 --> 00:13:06,600
Instead of naming every single location one by one, your policy can include or exclude sharepoint

260
00:13:06,600 --> 00:13:10,160
sites using labels, metadata and business rules.

261
00:13:10,160 --> 00:13:14,920
This means you can shape the access boundary for copilot based on what the site actually is,

262
00:13:14,920 --> 00:13:18,200
how it has been classified or whether it fits into an approved pattern.

263
00:13:18,200 --> 00:13:21,520
The point here isn't to block every sensitive file from all AI use.

264
00:13:21,520 --> 00:13:26,040
The goal is to reduce oversharing exposure without shutting down the useful parts of copilot

265
00:13:26,040 --> 00:13:27,200
for ordinary work.

266
00:13:27,200 --> 00:13:29,160
That is where the executive value lives.

267
00:13:29,160 --> 00:13:33,680
You do not need to make a binary choice between being totally open or completely closed.

268
00:13:33,680 --> 00:13:38,840
You can preserve productivity on lower risk content while tightening the path around regulated,

269
00:13:38,840 --> 00:13:40,640
strategic or restricted material.

270
00:13:40,640 --> 00:13:45,040
Because adaptive scopes remove the old site count limits and the manual upkeep problem,

271
00:13:45,040 --> 00:13:48,880
the control model finally starts to match the scale of a real enterprise.

272
00:13:48,880 --> 00:13:52,040
Then the bound removes one layer closer to the interaction itself.

273
00:13:52,040 --> 00:13:55,680
Prompt level DLP matters because stored files are no longer the only risk surface you

274
00:13:55,680 --> 00:13:56,920
have to worry about.

275
00:13:56,920 --> 00:14:01,320
The user prompt is now part of the data path and the response coming back is part of that

276
00:14:01,320 --> 00:14:02,320
path too.

277
00:14:02,320 --> 00:14:06,480
If a user enters sensitive information types into copilot or if a request tries to pull

278
00:14:06,480 --> 00:14:11,200
risky content through an external grounding path, you need policy at that exact moment.

279
00:14:11,200 --> 00:14:13,960
Having a policy at the file level is no longer enough.

280
00:14:13,960 --> 00:14:16,320
Microsoft expanded these capabilities in 2026.

281
00:14:16,320 --> 00:14:20,560
Per view DLP can now inspect prompts for sensitive information types and apply controls

282
00:14:20,560 --> 00:14:23,880
to both Microsoft 365 copilot and copilot chat.

283
00:14:23,880 --> 00:14:27,840
For external web grounding scenarios, policies can restrict that search path while still

284
00:14:27,840 --> 00:14:31,640
allowing internal Microsoft Graph grounding when your licensing supports it.

285
00:14:31,640 --> 00:14:35,580
This is a much more useful control than a blanket stop because it cuts off risky external

286
00:14:35,580 --> 00:14:38,160
flows without killing the entire interaction.

287
00:14:38,160 --> 00:14:39,560
Keep this one sentence in your head.

288
00:14:39,560 --> 00:14:41,160
The new data boundary is the prompt.

289
00:14:41,160 --> 00:14:42,760
That is where modern work actually begins.

290
00:14:42,760 --> 00:14:47,560
A person asks a question, the system interprets it and the retrieval process starts.

291
00:14:47,560 --> 00:14:51,560
If your controls only live at the storage level, you have already missed the most important

292
00:14:51,560 --> 00:14:52,840
part of the exchange.

293
00:14:52,840 --> 00:14:56,720
Microsoft level DLP brings governance into the actual moment of use, which is exactly where

294
00:14:56,720 --> 00:14:58,000
risk appears first.

295
00:14:58,000 --> 00:15:02,080
This isn't just admin trivia, it is a major executive control decision.

296
00:15:02,080 --> 00:15:05,800
You have to decide which data should stay usable through copilot which conversations should

297
00:15:05,800 --> 00:15:09,320
stop and which prompts should never leave the internal boundary.

298
00:15:09,320 --> 00:15:12,680
These are business choices expressed through Per view policy.

299
00:15:12,680 --> 00:15:16,600
One more layer matters now because even a better context boundary wasn't enough on its own

300
00:15:16,600 --> 00:15:20,240
one storage location stopped being predictable.

301
00:15:20,240 --> 00:15:22,800
The 2026 shift most teams missed.

302
00:15:22,800 --> 00:15:24,720
All gloop and expanded enforcement.

303
00:15:24,720 --> 00:15:28,640
There was still a gap in the system and a lot of teams missed it because they assumed

304
00:15:28,640 --> 00:15:31,440
cloud controls meant complete controls they didn't.

305
00:15:31,440 --> 00:15:36,120
For a long time, protection behavior across Microsoft 365 copilot could vary depending

306
00:15:36,120 --> 00:15:39,680
on where the office file lived and how the interaction happened.

307
00:15:39,680 --> 00:15:43,760
This meant leaders were hearing a clean story about policy coverage while admins were still

308
00:15:43,760 --> 00:15:47,240
dealing with uneven enforcement parts underneath the surface.

309
00:15:47,240 --> 00:15:51,180
When AI is involved, uneven usually means untrusted because people don't care if the

310
00:15:51,180 --> 00:15:52,940
architecture explains the problem.

311
00:15:52,940 --> 00:15:55,860
They only care whether the same rule holds up every single time.

312
00:15:55,860 --> 00:15:58,700
Early 2026 exposed that problem in a big way.

313
00:15:58,700 --> 00:16:02,300
The trust hit that happened between January and February around how copilot handled protected

314
00:16:02,300 --> 00:16:06,180
email content showed that assumptions about labels were not enough.

315
00:16:06,180 --> 00:16:09,420
Microsoft addressed the specific defect but the broader lesson was much bigger than the

316
00:16:09,420 --> 00:16:10,420
bug itself.

317
00:16:10,420 --> 00:16:14,220
You could not treat protection promises as finished just because a policy existed in the

318
00:16:14,220 --> 00:16:15,220
portal.

319
00:16:15,220 --> 00:16:18,980
You had to care about where enforcement really happened, which workloads were fully covered

320
00:16:18,980 --> 00:16:21,340
and which gaps were still closing in the background.

321
00:16:21,340 --> 00:16:23,700
This is where all glute matters in the 2026 story.

322
00:16:23,700 --> 00:16:28,340
It was the layer that completed broader DLP enforcement for copilot across all storage

323
00:16:28,340 --> 00:16:32,780
locations, including local and cloud office files, with a rollout spanning from late March

324
00:16:32,780 --> 00:16:35,140
to late April of 2026.

325
00:16:35,140 --> 00:16:38,020
In plain language, the decision path finally got more consistent.

326
00:16:38,020 --> 00:16:42,660
A labeled word, Excel or PowerPoint file was no longer just a cloud-only governance question.

327
00:16:42,660 --> 00:16:46,340
The same control logic could now apply more broadly across the places where people actually

328
00:16:46,340 --> 00:16:47,340
do their work.

329
00:16:47,340 --> 00:16:50,500
That sounds technical, but the business consequence is very simple.

330
00:16:50,500 --> 00:16:54,580
There are now fewer blind spots between where your content lives and where copilot can process

331
00:16:54,580 --> 00:16:55,580
it.

332
00:16:55,580 --> 00:16:59,220
Before this expansion, many organizations were still carrying a split in their mental model

333
00:16:59,220 --> 00:17:03,340
where cloud content felt governed, but everything else felt uncertain.

334
00:17:03,340 --> 00:17:07,940
Work does not stay neatly inside one storage assumption and users do not think in those boundaries

335
00:17:07,940 --> 00:17:10,140
when they open files or ask questions.

336
00:17:10,140 --> 00:17:14,100
If the policy model stops at one location type, then the real operating boundary is much

337
00:17:14,100 --> 00:17:16,060
weaker than leadership thinks it is.

338
00:17:16,060 --> 00:17:19,980
With all-group closing more of that gap, Perview gets closer to something leaders can actually

339
00:17:19,980 --> 00:17:20,980
trust.

340
00:17:20,980 --> 00:17:24,820
It isn't perfect coverage by slogan, but it provides broader consistency in the enforcement

341
00:17:24,820 --> 00:17:25,820
path.

342
00:17:25,820 --> 00:17:29,860
This leads to safer decisions around copilot use in word, Excel and PowerPoint, regardless

343
00:17:29,860 --> 00:17:34,260
of where the file sits, and it creates a cleaner governance story for organizations trying

344
00:17:34,260 --> 00:17:36,500
to reduce exceptions before they scale.

345
00:17:36,500 --> 00:17:39,860
Still, nobody should treat this as instant magic.

346
00:17:39,860 --> 00:17:43,380
Policy changes do not appear everywhere the second you click the publish button.

347
00:17:43,380 --> 00:17:48,740
Microsoft documents clear deployment and propagation delays for DLP, which often take 24 hours

348
00:17:48,740 --> 00:17:51,980
for most users and up to 48 hours in some cases.

349
00:17:51,980 --> 00:17:55,580
These delays depend on workloads, devices, connectivity and sync state.

350
00:17:55,580 --> 00:17:59,340
A mature team does not publish a rule at 9 in the morning and assume the whole environment

351
00:17:59,340 --> 00:18:00,660
is governed by 10.

352
00:18:00,660 --> 00:18:02,740
The operating model has to respect that delay.

353
00:18:02,740 --> 00:18:06,420
You have to test first, verify the sync status and check whether the right workloads are

354
00:18:06,420 --> 00:18:08,420
actually evaluating the policy.

355
00:18:08,420 --> 00:18:12,420
Watch the rollout state in your tenant before you try to enforce things with confidence.

356
00:18:12,420 --> 00:18:16,700
This sequence matters because AI governance fails when teams confuse policy intent with policy

357
00:18:16,700 --> 00:18:17,700
reality.

358
00:18:17,700 --> 00:18:20,020
The setting might exist, but the estate hasn't caught up yet.

359
00:18:20,020 --> 00:18:23,500
If you roll forward on that assumption, you create another trust problem, the moment a

360
00:18:23,500 --> 00:18:25,860
blocked interaction goes through somewhere it shouldn't.

361
00:18:25,860 --> 00:18:29,780
Once enforcement becomes broader and more consistent, the next challenge shows up fast.

362
00:18:29,780 --> 00:18:33,340
You still need proof that the controls are working and you need a way to adjust them

363
00:18:33,340 --> 00:18:34,980
as usage patterns change.

364
00:18:34,980 --> 00:18:38,660
The operating layer, audit, tuning and closed loop governance.

365
00:18:38,660 --> 00:18:40,980
After you set the policy, you need the evidence.

366
00:18:40,980 --> 00:18:44,780
The leadership team skipped this part because they think governance is finished once the rules

367
00:18:44,780 --> 00:18:45,780
are written.

368
00:18:45,780 --> 00:18:47,780
It isn't.

369
00:18:47,780 --> 00:18:50,820
A live co-pilot environment never stops moving.

370
00:18:50,820 --> 00:18:53,700
And the only way to manage that reality is through audit data.

371
00:18:53,700 --> 00:18:57,500
You need to see how people are actually using the system and exactly what content the system

372
00:18:57,500 --> 00:18:58,900
is touching in response.

373
00:18:58,900 --> 00:19:02,780
Per view gives you that visibility, but only if you treat it like a control surface instead

374
00:19:02,780 --> 00:19:04,620
of a basic records tool.

375
00:19:04,620 --> 00:19:09,020
Co-pilot audit data captures the interactions, the resources accessed, the site URLs and

376
00:19:09,020 --> 00:19:12,020
the sensitivity labels involved in every single prompt.

377
00:19:12,020 --> 00:19:16,140
This matters because it turns a vague sense of concern into something you can actually review.

378
00:19:16,140 --> 00:19:19,420
You can inspect which files were touched and how a response was grounded which means you

379
00:19:19,420 --> 00:19:21,300
aren't guessing about risks anymore.

380
00:19:21,300 --> 00:19:22,620
That helps with compliance.

381
00:19:22,620 --> 00:19:24,300
But the real value here is operational.

382
00:19:24,300 --> 00:19:25,940
You can finally prove safe usage.

383
00:19:25,940 --> 00:19:27,300
You can investigate misuse.

384
00:19:27,300 --> 00:19:31,020
You can defend your rollout decisions with hard evidence instead of a gut feeling.

385
00:19:31,020 --> 00:19:34,340
When something looks wrong, you don't have to argue based on screenshots or someone's

386
00:19:34,340 --> 00:19:37,100
memory because you are working from the actual records.

387
00:19:37,100 --> 00:19:41,380
This same visibility is what allows you to improve your policy tuning over time.

388
00:19:41,380 --> 00:19:45,340
If your people are hitting blocks on safe prompts, you can refine the rules to let them work.

389
00:19:45,340 --> 00:19:49,100
If risky patterns are slipping through your internal grounding, you can tighten the policy

390
00:19:49,100 --> 00:19:50,860
exactly where it's failing.

391
00:19:50,860 --> 00:19:54,460
This shortens the time it takes to adjust your settings, which is one of the few matrix

392
00:19:54,460 --> 00:19:56,380
executives should actually care about.

393
00:19:56,380 --> 00:19:59,820
It measures whether your control model can keep up with the speed of the product.

394
00:19:59,820 --> 00:20:02,780
This is where closed loop governance starts to make sense.

395
00:20:02,780 --> 00:20:04,100
Interaction signals feed the review.

396
00:20:04,100 --> 00:20:08,620
The review drives the policy updates, the policy updates change future interactions.

397
00:20:08,620 --> 00:20:09,620
That is the loop.

398
00:20:09,620 --> 00:20:11,820
It isn't a one time project or a massive policy dump.

399
00:20:11,820 --> 00:20:15,980
It is a living system where real usage patterns shape your next control decision.

400
00:20:15,980 --> 00:20:19,940
That is the maturity line for co-pilot governance as we head toward 2026.

401
00:20:19,940 --> 00:20:23,380
Static rules will not keep pace with changing prompts or new agent behaviors.

402
00:20:23,380 --> 00:20:27,700
The teams that scale safely will be the ones that monitor, learn and adjust before a small

403
00:20:27,700 --> 00:20:29,780
drift turns into a major exposure.

404
00:20:29,780 --> 00:20:34,180
So before you buy that next wave of licenses, you have a very simple decision to make.

405
00:20:34,180 --> 00:20:35,180
This is the shift.

406
00:20:35,180 --> 00:20:36,980
Co-pilot didn't create a data problem.

407
00:20:36,980 --> 00:20:39,420
It just exposed the one that was already sitting in your tenant.

408
00:20:39,420 --> 00:20:42,980
The companies that handle this well will be the ones that stop treating this rollout

409
00:20:42,980 --> 00:20:46,180
like a license project and start treating it like a governance decision.

410
00:20:46,180 --> 00:20:49,380
If you are leading this rollout, you need to pause your expansion until the per view

411
00:20:49,380 --> 00:20:50,940
baseline is real.

412
00:20:50,940 --> 00:20:52,780
You need labeling that drives policy.

413
00:20:52,780 --> 00:20:54,300
You need a review of oversharing.

414
00:20:54,300 --> 00:20:55,780
You need audit visibility.

415
00:20:55,780 --> 00:20:59,020
And you need prompt level DLP where risky interactions have to stop.

416
00:20:59,020 --> 00:21:02,220
That is the line between control adoption and avoidable exposure.

417
00:21:02,220 --> 00:21:05,500
If you do that work now, you get a cleaner rollout and clearer access boundaries, which

418
00:21:05,500 --> 00:21:09,580
means fewer ugly surprises later when your usage starts to grow.

419
00:21:09,580 --> 00:21:13,260
If this changed how you think about co-pilot governance, leave a review.

420
00:21:13,260 --> 00:21:14,860
It helps more teams find this.

421
00:21:14,860 --> 00:21:18,340
And connect with me, Mirko Peters, on LinkedIn, and send me the next topic you want me to