Apple Podcasts
Spotify
Youtube Music
Spreaker
Podchaser
Amazon Music
Copilot might be the most efficient unauthorized auditor your company has ever deployed. It doesn’t hack permissions. It doesn’t break security controls.
It simply turns existing access into instant answers. All the protection you thought you had — buried folders, messy SharePoint sites, forgotten file names — disappears the moment someone writes the right prompt. In a weakly governed tenant, Copilot can:
- Summarize leadership compensation
- Surface HR drafts
- Pull confidential planning documents
It’s a data exposure problem at scale.
⚠️ THE MODEL THAT BROKE: SECURITY THROUGH OBSCURITY
For years, many Microsoft 365 environments relied on something nobody openly acknowledged:
👉 Low discoverability = protection Files were:
- Overshared
- Poorly structured
- Hard to find
- Permissions drifted over time
- Sites stayed open after projects ended
- Sensitive files remained accessible to the wrong people
🚨 WHY COPILOT CHANGES EVERYTHING
Copilot removes the effort.
- No need for file names
- No need for locations
- No need to know where data lives
- From hidden access → to usable access
- From friction-based safety → to instant exposure
- ~16% of critical data is overshared
- ~800,000+ files are at risk in the average org
Copilot just makes it visible.
🧠 THE REAL RISK: THE ACCIDENTAL INSIDER
This isn’t about hackers. It’s about:
- Normal employees
- Valid access
- Legitimate questions
- No malicious intent
- No security breach
- Just faster access to the wrong data
Most rollouts don’t fail because of the tool. They fail because organizations don’t understand their data. Missing baseline:
- What is sensitive?
- Where does it live?
- Who has access?
- What can Copilot surface?
- 71% cite governance as the top barrier
- Only 17% scale beyond pilot
Many leaders fund Copilot before funding visibility. The result:
- Early excitement
- Followed by security concerns
- Then rollout paralysis
1. OVERSHARED FILES BECOME VISIBLE
- Copilot surfaces hidden documents instantly
- HR, finance, legal data appears unexpectedly
- Clutter no longer protects anything
- Weak connector boundaries
- Scope creep across data sources
- Poor separation between use cases
3. NO VISIBILITY = NO TRUST
- No prompt tracking
- No resource traceability
- No clear audit trail
- Security teams can’t validate risk
- Leaders lose confidence
- Scaling stops
Copilot works on context, so governance must follow context.
KEY SHIFT:
👉 Labels are no longer compliance artifacts
👉 Labels become decision signals
🔍 THE OPERATING MODEL: CLOSED-LOOP GOVERNANCE
Governance doesn’t end with policy. It starts there.
YOU NEED:
- Audit visibility
- Interaction tracking
- Resource-level insight
- Monitor usage
- Analyze interactions
- Adjust policies
- Improve continuously
- From access control → to context control
- From static governance → to adaptive governance
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.
🚀 Want to be part of m365.fm?
Then stop just listening… and start showing up.
👉 Connect with me on LinkedIn and let’s make something happen:
- 🎙️ Be a podcast guest and share your story
- 🎧 Host your own episode (yes, seriously)
- 💡 Pitch topics the community actually wants to hear
- 🌍 Build your personal brand in the Microsoft 365 space
This isn’t just a podcast — it’s a platform for people who take action.
🔥 Most people wait. The best ones don’t.
👉 Connect with me on LinkedIn and send me a message:
"I want in"
Let’s build something awesome 👊
1
00:00:00,000 --> 00:00:04,080
Co-pilot might be the most efficient, unauthorized auditor your company has ever seen.
2
00:00:04,080 --> 00:00:06,680
It doesn't need to break your permissions to cause a crisis.
3
00:00:06,680 --> 00:00:10,440
It just turns weak access into instant answers, and all that old protection you got from
4
00:00:10,440 --> 00:00:14,360
messy sites, buried folders, and forgotten file names stops working.
5
00:00:14,360 --> 00:00:16,520
The second someone types a good prompt.
6
00:00:16,520 --> 00:00:18,680
Think about any tenant with weak access controls.
7
00:00:18,680 --> 00:00:23,480
If you ask Co-pilot to summarize leadership pay, pull HR policy drafts, or find confidential
8
00:00:23,480 --> 00:00:27,160
planning docs, it will surface that content in seconds as long as the user technically
9
00:00:27,160 --> 00:00:28,160
has access.
10
00:00:28,160 --> 00:00:32,040
It isn't an AI defect or a bug in the software, it is a massive data exposure problem that
11
00:00:32,040 --> 00:00:33,800
AI makes visible at scale.
12
00:00:33,800 --> 00:00:37,720
In 2026 this is exactly where things break, you have fast roll outs meeting old permissions
13
00:00:37,720 --> 00:00:39,400
and conversational retrieval.
14
00:00:39,400 --> 00:00:43,160
If you want to stay ahead of Co-pilot governance, you should subscribe, because the real question
15
00:00:43,160 --> 00:00:47,600
now isn't whether Co-pilot is risky, it's about what model of control still works when
16
00:00:47,600 --> 00:00:49,680
friction disappears.
17
00:00:49,680 --> 00:00:52,320
The model that broke, security through obscurity.
18
00:00:52,320 --> 00:00:57,320
For years, a lot of Microsoft 365 security depended on something nobody wanted to admit.
19
00:00:57,320 --> 00:01:00,040
Most of your safety came from low discoverability.
20
00:01:00,040 --> 00:01:03,600
Files were technically accessible to the wrong people, but they were just too hard to find.
21
00:01:03,600 --> 00:01:07,920
They sat in deep share point libraries, old team sites, forgotten project folders, personal
22
00:01:07,920 --> 00:01:11,160
one drives, and mail threads that nobody would ever search properly.
23
00:01:11,160 --> 00:01:14,920
You didn't have good governance, you had friction posing as protection, and it lasted because
24
00:01:14,920 --> 00:01:18,800
most people never had the time or patience to test the edges of their own access.
25
00:01:18,800 --> 00:01:20,600
What typically happened is simple.
26
00:01:20,600 --> 00:01:21,600
Permissions drifted over time.
27
00:01:21,600 --> 00:01:25,960
A site got shared too broadly during a project, or a folder inherited access it shouldn't
28
00:01:25,960 --> 00:01:27,880
have kept after a deadline passed.
29
00:01:27,880 --> 00:01:32,120
Maybe a finance file stayed open to a wider group after a reog, or legal drafts lived in
30
00:01:32,120 --> 00:01:35,000
a place that felt obscure enough to seem safe.
31
00:01:35,000 --> 00:01:38,800
None of that ever got fixed, because the damage felt limited in day to day work, people
32
00:01:38,800 --> 00:01:39,800
navigate.
33
00:01:39,800 --> 00:01:41,160
They search, then they give up.
34
00:01:41,160 --> 00:01:44,520
The bad permission stays there, and nobody feels the risk because the effort required to
35
00:01:44,520 --> 00:01:47,640
exploit it is still too high for a normal employee.
36
00:01:47,640 --> 00:01:49,920
But Co-pilot runs on another model entirely.
37
00:01:49,920 --> 00:01:54,000
It works through context, permissions, search, and Microsoft Graph signals across every
38
00:01:54,000 --> 00:01:56,240
piece of content a user can already reach.
39
00:01:56,240 --> 00:01:57,840
The starting point changes completely.
40
00:01:57,840 --> 00:02:00,120
A user no longer needs to remember the file name.
41
00:02:00,120 --> 00:02:01,600
They don't need the site URL.
42
00:02:01,600 --> 00:02:04,760
They don't even need to know whether the document lives in SharePoint 1 Drive or an old
43
00:02:04,760 --> 00:02:05,760
email.
44
00:02:05,760 --> 00:02:09,160
They just ask a question in natural language, and Co-pilot does the heavy lifting for them.
45
00:02:09,160 --> 00:02:10,600
That distinction matters a lot.
46
00:02:10,600 --> 00:02:12,120
Co-pilot doesn't create new access.
47
00:02:12,120 --> 00:02:15,640
It removes the effort needed to use the access you already gave people.
48
00:02:15,640 --> 00:02:19,640
Once you see that clearly the whole security conversation changes, because the failure
49
00:02:19,640 --> 00:02:21,960
isn't in the model answering the question.
50
00:02:21,960 --> 00:02:24,200
The failure sits in the permission model feeding it.
51
00:02:24,200 --> 00:02:26,240
The scale of that problem isn't theoretical.
52
00:02:26,240 --> 00:02:30,720
Research shows that 16% of business critical data is overshared, and the average organization
53
00:02:30,720 --> 00:02:33,840
has about 802,000 files at risk right now.
54
00:02:33,840 --> 00:02:37,200
That number tells you something uncomfortable about the old way of doing things.
55
00:02:37,200 --> 00:02:38,760
The exposure was already there.
56
00:02:38,760 --> 00:02:42,440
Most of it just stayed dormant because your employees weren't acting like professional
57
00:02:42,440 --> 00:02:47,360
search engines all day, and one level deeper permissions drift makes this even worse.
58
00:02:47,360 --> 00:02:50,520
Research used in risk training shows that only a tiny share of granted permissions is
59
00:02:50,520 --> 00:02:51,520
ever actively used.
60
00:02:51,520 --> 00:02:53,800
But the rest of those permissions just sit there.
61
00:02:53,800 --> 00:02:55,520
They are quiet and unchecked.
62
00:02:55,520 --> 00:02:59,160
This means your tenant likely contains a huge amount of access that nobody needs anymore,
63
00:02:59,160 --> 00:03:03,280
but nobody notices until AI turns that stale access into working context.
64
00:03:03,280 --> 00:03:05,240
This is how the accidental insider threat grows.
65
00:03:05,240 --> 00:03:08,040
We aren't talking about a malicious actor or a compromised account.
66
00:03:08,040 --> 00:03:11,640
It's just a normal employee with a valid identity asking a reasonable question and getting
67
00:03:11,640 --> 00:03:12,640
an unreasonable answer.
68
00:03:12,640 --> 00:03:14,440
They weren't trying to steal anything.
69
00:03:14,440 --> 00:03:16,160
They were just trying to work faster.
70
00:03:16,160 --> 00:03:19,640
But the system answered them using data that should never have been reachable in that
71
00:03:19,640 --> 00:03:20,640
moment.
72
00:03:20,640 --> 00:03:23,600
Before Copilot, human limits slowed that process down.
73
00:03:23,600 --> 00:03:24,960
Search terms had to be specific.
74
00:03:24,960 --> 00:03:26,920
Users stayed inside one app at a time.
75
00:03:26,920 --> 00:03:31,280
They rarely connected dots across SharePoint, OneDrive and Outlook, unless they already knew
76
00:03:31,280 --> 00:03:33,200
exactly where to look.
77
00:03:33,200 --> 00:03:34,200
Copilot collapses that effort.
78
00:03:34,200 --> 00:03:35,320
You ask once.
79
00:03:35,320 --> 00:03:36,320
It searches broadly.
80
00:03:36,320 --> 00:03:37,800
It assembles context.
81
00:03:37,800 --> 00:03:41,800
And the old assumption that obscurity gives you breathing room finally falls apart.
82
00:03:41,800 --> 00:03:45,240
Once that clicks, the rollout mistake gets obvious.
83
00:03:45,240 --> 00:03:46,240
Why rollout stall?
84
00:03:46,240 --> 00:03:48,040
The governance gap before scale.
85
00:03:48,040 --> 00:03:52,080
Most Copilot rollouts don't stall because users hate the tool, but rather because the company
86
00:03:52,080 --> 00:03:55,800
turned on the AI before it understood the shape of its own access.
87
00:03:55,800 --> 00:03:57,720
That is the pattern we see everywhere.
88
00:03:57,720 --> 00:03:59,840
Licenses get funded and pilot groups get announced.
89
00:03:59,840 --> 00:04:02,560
Then a few executives try it out and some early wins show up.
90
00:04:02,560 --> 00:04:07,040
But then the momentum hits a wall when security, compliance and IT start asking basic questions
91
00:04:07,040 --> 00:04:08,640
that nobody bothered to answer up front.
92
00:04:08,640 --> 00:04:12,600
They want to know what counts as sensitive content, where that data lives right now, and
93
00:04:12,600 --> 00:04:14,400
who can actually reach it today.
94
00:04:14,400 --> 00:04:18,880
Most importantly, they need to know what exactly Copilot can pull into a response from that mess.
95
00:04:18,880 --> 00:04:22,640
That missing baseline is the real blocker and it has nothing to do with the license cost
96
00:04:22,640 --> 00:04:24,240
or the quality of your prompts.
97
00:04:24,240 --> 00:04:27,600
The problem sits one layer lower in the operating facts of your tenant.
98
00:04:27,600 --> 00:04:31,400
If you can't map your sensitive data or verify who has access to it, you aren't actually
99
00:04:31,400 --> 00:04:33,160
scaling AI in a meaningful way.
100
00:04:33,160 --> 00:04:37,040
You are simply scaling uncertainty and people across the organization start to feel that
101
00:04:37,040 --> 00:04:38,400
tension very quickly.
102
00:04:38,400 --> 00:04:42,000
This is exactly where a lot of organizations are sitting right now, caught somewhere between
103
00:04:42,000 --> 00:04:43,960
a pilot and a controlled rollout.
104
00:04:43,960 --> 00:04:47,160
They aren't fully stopped, but they aren't truly ready to go big either.
105
00:04:47,160 --> 00:04:50,760
They have seen enough activity to know Copilot can help, but they don't have enough confidence
106
00:04:50,760 --> 00:04:52,720
to expand the footprint cleanly.
107
00:04:52,720 --> 00:04:56,040
That's why so many programs get stuck in an awkward middle-state where leadership once
108
00:04:56,040 --> 00:05:01,000
momentum, while legal and security are demanding evidence that the data is safe.
109
00:05:01,000 --> 00:05:04,560
Admins are then left trying to clean up years of inherited access after the AI conversation
110
00:05:04,560 --> 00:05:05,560
has already started.
111
00:05:05,560 --> 00:05:11,880
The adoption data from 2025 survey research lines up with this reality showing that 71%
112
00:05:11,880 --> 00:05:14,520
of people cited governance as their top barrier.
113
00:05:14,520 --> 00:05:18,320
Only 17% of companies had managed to scale beyond their initial pilots, which should tell
114
00:05:18,320 --> 00:05:21,520
executives something pretty direct about the current landscape.
115
00:05:21,520 --> 00:05:23,720
The bottleneck isn't a lack of interest from the workforce.
116
00:05:23,720 --> 00:05:26,560
The bottleneck is a lack of control from the top.
117
00:05:26,560 --> 00:05:30,320
Companies aren't struggling to imagine use cases, but they are struggling to trust the
118
00:05:30,320 --> 00:05:34,400
data boundary around those use cases, and the baseline they skipped isn't some abstract
119
00:05:34,400 --> 00:05:38,160
concept, because it really comes down to four practical questions.
120
00:05:38,160 --> 00:05:42,640
You need to know what data is sensitive and where that data sits across SharePoint, OneDrive,
121
00:05:42,640 --> 00:05:43,880
Exchange and Teams.
122
00:05:43,880 --> 00:05:47,600
You have to identify who has access now, including stale group memberships and inherited
123
00:05:47,600 --> 00:05:49,480
permissions that everyone forgot about.
124
00:05:49,480 --> 00:05:53,600
Finally, you must understand what Copilot can actually surface from those parts when someone
125
00:05:53,600 --> 00:05:55,320
asks a natural language question.
126
00:05:55,320 --> 00:06:00,120
Until those four answers exist, rollout decisions are mostly just guesswork, dressed up as innovation.
127
00:06:00,120 --> 00:06:03,640
A lot of leaders make the same budget mistake here by funding the experience before they
128
00:06:03,640 --> 00:06:04,640
fund the visibility.
129
00:06:04,640 --> 00:06:08,840
They buy more copilot seats before they invest in the controls that tell them whether those
130
00:06:08,840 --> 00:06:10,600
seats are safe to expand.
131
00:06:10,600 --> 00:06:14,400
That approach sounds fast and ambitious, but it creates the exact friction that kills momentum
132
00:06:14,400 --> 00:06:15,400
later on.
133
00:06:15,400 --> 00:06:20,040
The moment your risk teams see unclear exposure, every conversation about scaling the tool turns
134
00:06:20,040 --> 00:06:21,920
into a long drawn out debate.
135
00:06:21,920 --> 00:06:25,600
So what does minimum viable governance look like before you go for a broader rollout?
136
00:06:25,600 --> 00:06:29,200
It isn't a giant transformation program, but rather a simple control stack that gives
137
00:06:29,200 --> 00:06:30,680
you a real line of sight.
138
00:06:30,680 --> 00:06:34,920
You start with sensitivity labels that mean something operational instead of just being compliance
139
00:06:34,920 --> 00:06:35,920
paperwork.
140
00:06:35,920 --> 00:06:39,760
You add access reviews so all permissions don't keep drifting forward untouched and you
141
00:06:39,760 --> 00:06:43,960
run an oversharing scan across the place's copilot will draw from most.
142
00:06:43,960 --> 00:06:47,840
Make sure your audit is turned on so you can see interactions and access resources, then
143
00:06:47,840 --> 00:06:52,240
put prompt level controls in place so risky grounding paths don't slip through by default.
144
00:06:52,240 --> 00:06:56,080
Taking these steps doesn't kill the value of the AI, it actually protects that value for
145
00:06:56,080 --> 00:06:57,080
the long term.
146
00:06:57,080 --> 00:07:01,160
Once that baseline exists, you can expand copilot on safer ground instead of rolling it into blind
147
00:07:01,160 --> 00:07:03,280
spots and hoping the tenant behaves.
148
00:07:03,280 --> 00:07:07,320
The smart executive move isn't to push harder on scale right away, but to pause long enough
149
00:07:07,320 --> 00:07:09,680
to stop convenience from turning into exposure.
150
00:07:09,680 --> 00:07:14,400
This becomes very concrete when you look at how these failures actually show up in production.
151
00:07:14,400 --> 00:07:17,200
Three failure patterns every copilot team should expect.
152
00:07:17,200 --> 00:07:21,080
The first failure pattern is the simplest and that is exactly why it catches so many smart
153
00:07:21,080 --> 00:07:22,560
people off guard.
154
00:07:22,560 --> 00:07:23,880
Overshared files stop hiding.
155
00:07:23,880 --> 00:07:28,320
A user asks a plain question that sounds perfectly normal for work and copilot brings back
156
00:07:28,320 --> 00:07:30,760
content from places nobody thought to check.
157
00:07:30,760 --> 00:07:35,240
This includes HR drafts, finance workbooks, legal notes and leadership planning decks.
158
00:07:35,240 --> 00:07:39,200
These files weren't newly exposed by the AI but natural language turns broad access into
159
00:07:39,200 --> 00:07:43,320
usable access and the old mess of SharePoint structure stops slowing people down.
160
00:07:43,320 --> 00:07:47,720
In most organizations, those files sit inside a mountain of digital clutter like old team
161
00:07:47,720 --> 00:07:50,280
sites and project spaces that never got cleaned up.
162
00:07:50,280 --> 00:07:54,400
There are broad member groups and shared links that nobody ever bothered to revoke.
163
00:07:54,400 --> 00:07:58,960
People assume the clutter protects them because no one remembers where anything is located.
164
00:07:58,960 --> 00:08:02,920
Then someone asks the system to show them draft compensation ranges or summarise planning
165
00:08:02,920 --> 00:08:06,000
documents for next quarter and the AI does the stitching.
166
00:08:06,000 --> 00:08:09,480
That is the moment this breaks because the user didn't bypass any security.
167
00:08:09,480 --> 00:08:11,120
They just stop needing to know where to look.
168
00:08:11,120 --> 00:08:15,440
This matters operationally because it fundamentally changes how data exposure happens in the
169
00:08:15,440 --> 00:08:16,720
modern workplace.
170
00:08:16,720 --> 00:08:21,480
For copilot, risky access often stayed theoretical because the files were too hard to find.
171
00:08:21,480 --> 00:08:25,520
Now that access becomes practical and fast, a person with no bad intent can land on material
172
00:08:25,520 --> 00:08:30,360
they were never expected to use in that context and once that answer appears in a chat response.
173
00:08:30,360 --> 00:08:32,600
The governance discussion gets much harder.
174
00:08:32,600 --> 00:08:35,520
The issue is no longer hidden in some buried permission entry.
175
00:08:35,520 --> 00:08:37,840
It is visible in plain language right there on the screen.
176
00:08:37,840 --> 00:08:41,600
The second pattern sits in copilot studio and this is where many teams wrongly assume
177
00:08:41,600 --> 00:08:43,600
the main copilot controls will save them.
178
00:08:43,600 --> 00:08:44,600
They won't.
179
00:08:44,600 --> 00:08:49,160
The agents introduce another layer of design decisions around connectors, knowledge sources,
180
00:08:49,160 --> 00:08:50,880
grounding and environment rules.
181
00:08:50,880 --> 00:08:54,800
If those boundaries are loose, the agent can return information well outside the use case
182
00:08:54,800 --> 00:08:58,280
it was built for even when the builder thought the setup looked narrow enough.
183
00:08:58,280 --> 00:09:02,800
What typically happens is the agent connects to SharePoint and a few internal APIs but nobody
184
00:09:02,800 --> 00:09:06,160
draws a hard line around what the agent should never touch.
185
00:09:06,160 --> 00:09:10,560
The project starts with a useful goal like support answers or policy look up but then
186
00:09:10,560 --> 00:09:12,120
the scope begins to creep.
187
00:09:12,120 --> 00:09:15,480
Other connector gets added and another source gets approved because someone wants broader
188
00:09:15,480 --> 00:09:16,800
coverage for convenience.
189
00:09:16,800 --> 00:09:20,480
Suddenly the agent isn't just answering one business question but is operating across
190
00:09:20,480 --> 00:09:24,920
mixed data estates with very weak separation and one level deeper the core problem isn't
191
00:09:24,920 --> 00:09:29,560
only the number of connectors you have it is the design of the boundary itself an agent inherits
192
00:09:29,560 --> 00:09:33,720
risk from every source every identity path and every environment rule that surrounds
193
00:09:33,720 --> 00:09:34,720
it.
194
00:09:34,720 --> 00:09:36,000
Research makes this pretty clear.
195
00:09:36,000 --> 00:09:40,120
Copilot studio needs its own DLP and connector governance approach and those protections
196
00:09:40,120 --> 00:09:44,920
don't come automatically just because the main Microsoft 365 experience is governed.
197
00:09:44,920 --> 00:09:49,480
The security question shifts from whether you built an agent to what exact data boundary
198
00:09:49,480 --> 00:09:53,480
you built around it then you hit the third pattern and this one damages trust even when
199
00:09:53,480 --> 00:09:55,880
no major data exposure is actually confirmed.
200
00:09:55,880 --> 00:09:57,360
You simply can't see enough.
201
00:09:57,360 --> 00:10:00,800
The organization rolls out copilot and users start interacting with it but the monitoring
202
00:10:00,800 --> 00:10:04,200
model stays thin while responses reference files and mail.
203
00:10:04,200 --> 00:10:07,920
There is no shared view of prompts and no clear trail of access resources which means
204
00:10:07,920 --> 00:10:12,720
there is no easy way to separate a normal interaction from a risky one that leaves security teams
205
00:10:12,720 --> 00:10:15,640
and executives working from a set of dangerous assumptions.
206
00:10:15,640 --> 00:10:20,400
Per view audit logs can capture these interactions including the sensitivity context but only if
207
00:10:20,400 --> 00:10:25,640
the organization is treating audit as a core part of the rollout because later is too late.
208
00:10:25,640 --> 00:10:29,120
Once questions come in from legal or a business owner who thinks something sensitive showed
209
00:10:29,120 --> 00:10:31,280
up in a response you need hard evidence.
210
00:10:31,280 --> 00:10:35,080
You need to know who asked what resource was touched and whether a web search path was
211
00:10:35,080 --> 00:10:36,080
involved.
212
00:10:36,080 --> 00:10:39,960
Throughout those details every investigation turns into a slow and messy process.
213
00:10:39,960 --> 00:10:43,240
The cost here isn't just forensic because your policy tuning suffers as well.
214
00:10:43,240 --> 00:10:46,360
If you can't observe how people are actually using copilot you can't tell whether your
215
00:10:46,360 --> 00:10:49,320
controls are too weak or hitting the wrong patterns.
216
00:10:49,320 --> 00:10:53,160
You also can't prove the system is safe enough to scale which means trust starts to erode
217
00:10:53,160 --> 00:10:55,000
from both sides of the business.
218
00:10:55,000 --> 00:10:59,200
Risk teams think governance is blind while business teams think security is blocking progress
219
00:10:59,200 --> 00:11:00,200
without any proof.
220
00:11:00,200 --> 00:11:01,880
The answer isn't shutting copilot off.
221
00:11:01,880 --> 00:11:05,720
The answer is changing the control model so discovery, agent behavior and visibility are
222
00:11:05,720 --> 00:11:08,680
governed on purpose instead of being left to drift.
223
00:11:08,680 --> 00:11:12,080
The purview strategy build the perimeter around context.
224
00:11:12,080 --> 00:11:14,200
The old control model has to change.
225
00:11:14,200 --> 00:11:17,440
We can't just rely on wider lockdowns or random exceptions anymore.
226
00:11:17,440 --> 00:11:21,000
We need a model that follows context because that is exactly how copilot works.
227
00:11:21,000 --> 00:11:24,840
This is the moment where Microsoft purview starts to matter as an operating system for
228
00:11:24,840 --> 00:11:28,720
AI governance rather than just a compliance console that people open once a year during
229
00:11:28,720 --> 00:11:29,720
audits.
230
00:11:29,720 --> 00:11:30,720
It all starts with labels.
231
00:11:30,720 --> 00:11:35,040
Most companies treat sensitivity labels like stickers that are helpful for policy, records
232
00:11:35,040 --> 00:11:39,400
or compliance reporting, but that approach is far too passive for AI.
233
00:11:39,400 --> 00:11:42,360
In a copilot environment labels need to become decision signals.
234
00:11:42,360 --> 00:11:46,800
They have to tell downstream controls what content can be processed, what should be blocked,
235
00:11:46,800 --> 00:11:48,880
and where stricter rules should apply.
236
00:11:48,880 --> 00:11:53,000
If your labels are missing, inconsistent or limited to a small part of the tenant, your
237
00:11:53,000 --> 00:11:55,280
policy logic starts weak and it stays weak.
238
00:11:55,280 --> 00:11:58,200
That label first model represents the real shift.
239
00:11:58,200 --> 00:12:02,040
You classify the content first and then the policy follows that classification.
240
00:12:02,040 --> 00:12:03,600
It is never the other way around.
241
00:12:03,600 --> 00:12:07,520
Instead of building endless lists of sites and hoping admins remember to update them,
242
00:12:07,520 --> 00:12:09,880
you let the state of the content drive the enforcement.
243
00:12:09,880 --> 00:12:13,680
This matters because the location of information changes all the time, while the business meaning
244
00:12:13,680 --> 00:12:15,360
of that information usually stays the same.
245
00:12:15,360 --> 00:12:19,640
A finance document is still a finance document even if it moves to a new folder and a confidential
246
00:12:19,640 --> 00:12:23,640
strategy file is still sensitive even if a team reorganizes around it.
247
00:12:23,640 --> 00:12:27,320
Purview gives you a way to make that meaning usable across the board.
248
00:12:27,320 --> 00:12:31,320
This strategy gets much stronger with adaptive scopes, which finally reached general availability
249
00:12:31,320 --> 00:12:33,240
in March of 2026.
250
00:12:33,240 --> 00:12:37,520
For that update, teams were stuck with static sharepoint targeting and site limits that
251
00:12:37,520 --> 00:12:40,880
simply did not fit the shape of large, complex environments.
252
00:12:40,880 --> 00:12:45,000
That old approach breaks down quickly because manual lists age badly and sites change owners
253
00:12:45,000 --> 00:12:46,000
without warning.
254
00:12:46,000 --> 00:12:50,240
New spaces appear faster than policies can ever catch up, and old exclusions often stay
255
00:12:50,240 --> 00:12:52,600
in place long after they stop making sense.
256
00:12:52,600 --> 00:12:57,040
In an AI rollout, that lag becomes a dangerous control gap because copilot moves at query speed
257
00:12:57,040 --> 00:12:59,320
while your governance moves at admin speed.
258
00:12:59,320 --> 00:13:02,040
Adaptive scopes change the entire targeting model.
259
00:13:02,040 --> 00:13:06,600
Instead of naming every single location one by one, your policy can include or exclude sharepoint
260
00:13:06,600 --> 00:13:10,160
sites using labels, metadata and business rules.
261
00:13:10,160 --> 00:13:14,920
This means you can shape the access boundary for copilot based on what the site actually is,
262
00:13:14,920 --> 00:13:18,200
how it has been classified or whether it fits into an approved pattern.
263
00:13:18,200 --> 00:13:21,520
The point here isn't to block every sensitive file from all AI use.
264
00:13:21,520 --> 00:13:26,040
The goal is to reduce oversharing exposure without shutting down the useful parts of copilot
265
00:13:26,040 --> 00:13:27,200
for ordinary work.
266
00:13:27,200 --> 00:13:29,160
That is where the executive value lives.
267
00:13:29,160 --> 00:13:33,680
You do not need to make a binary choice between being totally open or completely closed.
268
00:13:33,680 --> 00:13:38,840
You can preserve productivity on lower risk content while tightening the path around regulated,
269
00:13:38,840 --> 00:13:40,640
strategic or restricted material.
270
00:13:40,640 --> 00:13:45,040
Because adaptive scopes remove the old site count limits and the manual upkeep problem,
271
00:13:45,040 --> 00:13:48,880
the control model finally starts to match the scale of a real enterprise.
272
00:13:48,880 --> 00:13:52,040
Then the bound removes one layer closer to the interaction itself.
273
00:13:52,040 --> 00:13:55,680
Prompt level DLP matters because stored files are no longer the only risk surface you
274
00:13:55,680 --> 00:13:56,920
have to worry about.
275
00:13:56,920 --> 00:14:01,320
The user prompt is now part of the data path and the response coming back is part of that
276
00:14:01,320 --> 00:14:02,320
path too.
277
00:14:02,320 --> 00:14:06,480
If a user enters sensitive information types into copilot or if a request tries to pull
278
00:14:06,480 --> 00:14:11,200
risky content through an external grounding path, you need policy at that exact moment.
279
00:14:11,200 --> 00:14:13,960
Having a policy at the file level is no longer enough.
280
00:14:13,960 --> 00:14:16,320
Microsoft expanded these capabilities in 2026.
281
00:14:16,320 --> 00:14:20,560
Per view DLP can now inspect prompts for sensitive information types and apply controls
282
00:14:20,560 --> 00:14:23,880
to both Microsoft 365 copilot and copilot chat.
283
00:14:23,880 --> 00:14:27,840
For external web grounding scenarios, policies can restrict that search path while still
284
00:14:27,840 --> 00:14:31,640
allowing internal Microsoft Graph grounding when your licensing supports it.
285
00:14:31,640 --> 00:14:35,580
This is a much more useful control than a blanket stop because it cuts off risky external
286
00:14:35,580 --> 00:14:38,160
flows without killing the entire interaction.
287
00:14:38,160 --> 00:14:39,560
Keep this one sentence in your head.
288
00:14:39,560 --> 00:14:41,160
The new data boundary is the prompt.
289
00:14:41,160 --> 00:14:42,760
That is where modern work actually begins.
290
00:14:42,760 --> 00:14:47,560
A person asks a question, the system interprets it and the retrieval process starts.
291
00:14:47,560 --> 00:14:51,560
If your controls only live at the storage level, you have already missed the most important
292
00:14:51,560 --> 00:14:52,840
part of the exchange.
293
00:14:52,840 --> 00:14:56,720
Microsoft level DLP brings governance into the actual moment of use, which is exactly where
294
00:14:56,720 --> 00:14:58,000
risk appears first.
295
00:14:58,000 --> 00:15:02,080
This isn't just admin trivia, it is a major executive control decision.
296
00:15:02,080 --> 00:15:05,800
You have to decide which data should stay usable through copilot which conversations should
297
00:15:05,800 --> 00:15:09,320
stop and which prompts should never leave the internal boundary.
298
00:15:09,320 --> 00:15:12,680
These are business choices expressed through Per view policy.
299
00:15:12,680 --> 00:15:16,600
One more layer matters now because even a better context boundary wasn't enough on its own
300
00:15:16,600 --> 00:15:20,240
one storage location stopped being predictable.
301
00:15:20,240 --> 00:15:22,800
The 2026 shift most teams missed.
302
00:15:22,800 --> 00:15:24,720
All gloop and expanded enforcement.
303
00:15:24,720 --> 00:15:28,640
There was still a gap in the system and a lot of teams missed it because they assumed
304
00:15:28,640 --> 00:15:31,440
cloud controls meant complete controls they didn't.
305
00:15:31,440 --> 00:15:36,120
For a long time, protection behavior across Microsoft 365 copilot could vary depending
306
00:15:36,120 --> 00:15:39,680
on where the office file lived and how the interaction happened.
307
00:15:39,680 --> 00:15:43,760
This meant leaders were hearing a clean story about policy coverage while admins were still
308
00:15:43,760 --> 00:15:47,240
dealing with uneven enforcement parts underneath the surface.
309
00:15:47,240 --> 00:15:51,180
When AI is involved, uneven usually means untrusted because people don't care if the
310
00:15:51,180 --> 00:15:52,940
architecture explains the problem.
311
00:15:52,940 --> 00:15:55,860
They only care whether the same rule holds up every single time.
312
00:15:55,860 --> 00:15:58,700
Early 2026 exposed that problem in a big way.
313
00:15:58,700 --> 00:16:02,300
The trust hit that happened between January and February around how copilot handled protected
314
00:16:02,300 --> 00:16:06,180
email content showed that assumptions about labels were not enough.
315
00:16:06,180 --> 00:16:09,420
Microsoft addressed the specific defect but the broader lesson was much bigger than the
316
00:16:09,420 --> 00:16:10,420
bug itself.
317
00:16:10,420 --> 00:16:14,220
You could not treat protection promises as finished just because a policy existed in the
318
00:16:14,220 --> 00:16:15,220
portal.
319
00:16:15,220 --> 00:16:18,980
You had to care about where enforcement really happened, which workloads were fully covered
320
00:16:18,980 --> 00:16:21,340
and which gaps were still closing in the background.
321
00:16:21,340 --> 00:16:23,700
This is where all glute matters in the 2026 story.
322
00:16:23,700 --> 00:16:28,340
It was the layer that completed broader DLP enforcement for copilot across all storage
323
00:16:28,340 --> 00:16:32,780
locations, including local and cloud office files, with a rollout spanning from late March
324
00:16:32,780 --> 00:16:35,140
to late April of 2026.
325
00:16:35,140 --> 00:16:38,020
In plain language, the decision path finally got more consistent.
326
00:16:38,020 --> 00:16:42,660
A labeled word, Excel or PowerPoint file was no longer just a cloud-only governance question.
327
00:16:42,660 --> 00:16:46,340
The same control logic could now apply more broadly across the places where people actually
328
00:16:46,340 --> 00:16:47,340
do their work.
329
00:16:47,340 --> 00:16:50,500
That sounds technical, but the business consequence is very simple.
330
00:16:50,500 --> 00:16:54,580
There are now fewer blind spots between where your content lives and where copilot can process
331
00:16:54,580 --> 00:16:55,580
it.
332
00:16:55,580 --> 00:16:59,220
Before this expansion, many organizations were still carrying a split in their mental model
333
00:16:59,220 --> 00:17:03,340
where cloud content felt governed, but everything else felt uncertain.
334
00:17:03,340 --> 00:17:07,940
Work does not stay neatly inside one storage assumption and users do not think in those boundaries
335
00:17:07,940 --> 00:17:10,140
when they open files or ask questions.
336
00:17:10,140 --> 00:17:14,100
If the policy model stops at one location type, then the real operating boundary is much
337
00:17:14,100 --> 00:17:16,060
weaker than leadership thinks it is.
338
00:17:16,060 --> 00:17:19,980
With all-group closing more of that gap, Perview gets closer to something leaders can actually
339
00:17:19,980 --> 00:17:20,980
trust.
340
00:17:20,980 --> 00:17:24,820
It isn't perfect coverage by slogan, but it provides broader consistency in the enforcement
341
00:17:24,820 --> 00:17:25,820
path.
342
00:17:25,820 --> 00:17:29,860
This leads to safer decisions around copilot use in word, Excel and PowerPoint, regardless
343
00:17:29,860 --> 00:17:34,260
of where the file sits, and it creates a cleaner governance story for organizations trying
344
00:17:34,260 --> 00:17:36,500
to reduce exceptions before they scale.
345
00:17:36,500 --> 00:17:39,860
Still, nobody should treat this as instant magic.
346
00:17:39,860 --> 00:17:43,380
Policy changes do not appear everywhere the second you click the publish button.
347
00:17:43,380 --> 00:17:48,740
Microsoft documents clear deployment and propagation delays for DLP, which often take 24 hours
348
00:17:48,740 --> 00:17:51,980
for most users and up to 48 hours in some cases.
349
00:17:51,980 --> 00:17:55,580
These delays depend on workloads, devices, connectivity and sync state.
350
00:17:55,580 --> 00:17:59,340
A mature team does not publish a rule at 9 in the morning and assume the whole environment
351
00:17:59,340 --> 00:18:00,660
is governed by 10.
352
00:18:00,660 --> 00:18:02,740
The operating model has to respect that delay.
353
00:18:02,740 --> 00:18:06,420
You have to test first, verify the sync status and check whether the right workloads are
354
00:18:06,420 --> 00:18:08,420
actually evaluating the policy.
355
00:18:08,420 --> 00:18:12,420
Watch the rollout state in your tenant before you try to enforce things with confidence.
356
00:18:12,420 --> 00:18:16,700
This sequence matters because AI governance fails when teams confuse policy intent with policy
357
00:18:16,700 --> 00:18:17,700
reality.
358
00:18:17,700 --> 00:18:20,020
The setting might exist, but the estate hasn't caught up yet.
359
00:18:20,020 --> 00:18:23,500
If you roll forward on that assumption, you create another trust problem, the moment a
360
00:18:23,500 --> 00:18:25,860
blocked interaction goes through somewhere it shouldn't.
361
00:18:25,860 --> 00:18:29,780
Once enforcement becomes broader and more consistent, the next challenge shows up fast.
362
00:18:29,780 --> 00:18:33,340
You still need proof that the controls are working and you need a way to adjust them
363
00:18:33,340 --> 00:18:34,980
as usage patterns change.
364
00:18:34,980 --> 00:18:38,660
The operating layer, audit, tuning and closed loop governance.
365
00:18:38,660 --> 00:18:40,980
After you set the policy, you need the evidence.
366
00:18:40,980 --> 00:18:44,780
The leadership team skipped this part because they think governance is finished once the rules
367
00:18:44,780 --> 00:18:45,780
are written.
368
00:18:45,780 --> 00:18:47,780
It isn't.
369
00:18:47,780 --> 00:18:50,820
A live co-pilot environment never stops moving.
370
00:18:50,820 --> 00:18:53,700
And the only way to manage that reality is through audit data.
371
00:18:53,700 --> 00:18:57,500
You need to see how people are actually using the system and exactly what content the system
372
00:18:57,500 --> 00:18:58,900
is touching in response.
373
00:18:58,900 --> 00:19:02,780
Per view gives you that visibility, but only if you treat it like a control surface instead
374
00:19:02,780 --> 00:19:04,620
of a basic records tool.
375
00:19:04,620 --> 00:19:09,020
Co-pilot audit data captures the interactions, the resources accessed, the site URLs and
376
00:19:09,020 --> 00:19:12,020
the sensitivity labels involved in every single prompt.
377
00:19:12,020 --> 00:19:16,140
This matters because it turns a vague sense of concern into something you can actually review.
378
00:19:16,140 --> 00:19:19,420
You can inspect which files were touched and how a response was grounded which means you
379
00:19:19,420 --> 00:19:21,300
aren't guessing about risks anymore.
380
00:19:21,300 --> 00:19:22,620
That helps with compliance.
381
00:19:22,620 --> 00:19:24,300
But the real value here is operational.
382
00:19:24,300 --> 00:19:25,940
You can finally prove safe usage.
383
00:19:25,940 --> 00:19:27,300
You can investigate misuse.
384
00:19:27,300 --> 00:19:31,020
You can defend your rollout decisions with hard evidence instead of a gut feeling.
385
00:19:31,020 --> 00:19:34,340
When something looks wrong, you don't have to argue based on screenshots or someone's
386
00:19:34,340 --> 00:19:37,100
memory because you are working from the actual records.
387
00:19:37,100 --> 00:19:41,380
This same visibility is what allows you to improve your policy tuning over time.
388
00:19:41,380 --> 00:19:45,340
If your people are hitting blocks on safe prompts, you can refine the rules to let them work.
389
00:19:45,340 --> 00:19:49,100
If risky patterns are slipping through your internal grounding, you can tighten the policy
390
00:19:49,100 --> 00:19:50,860
exactly where it's failing.
391
00:19:50,860 --> 00:19:54,460
This shortens the time it takes to adjust your settings, which is one of the few matrix
392
00:19:54,460 --> 00:19:56,380
executives should actually care about.
393
00:19:56,380 --> 00:19:59,820
It measures whether your control model can keep up with the speed of the product.
394
00:19:59,820 --> 00:20:02,780
This is where closed loop governance starts to make sense.
395
00:20:02,780 --> 00:20:04,100
Interaction signals feed the review.
396
00:20:04,100 --> 00:20:08,620
The review drives the policy updates, the policy updates change future interactions.
397
00:20:08,620 --> 00:20:09,620
That is the loop.
398
00:20:09,620 --> 00:20:11,820
It isn't a one time project or a massive policy dump.
399
00:20:11,820 --> 00:20:15,980
It is a living system where real usage patterns shape your next control decision.
400
00:20:15,980 --> 00:20:19,940
That is the maturity line for co-pilot governance as we head toward 2026.
401
00:20:19,940 --> 00:20:23,380
Static rules will not keep pace with changing prompts or new agent behaviors.
402
00:20:23,380 --> 00:20:27,700
The teams that scale safely will be the ones that monitor, learn and adjust before a small
403
00:20:27,700 --> 00:20:29,780
drift turns into a major exposure.
404
00:20:29,780 --> 00:20:34,180
So before you buy that next wave of licenses, you have a very simple decision to make.
405
00:20:34,180 --> 00:20:35,180
This is the shift.
406
00:20:35,180 --> 00:20:36,980
Co-pilot didn't create a data problem.
407
00:20:36,980 --> 00:20:39,420
It just exposed the one that was already sitting in your tenant.
408
00:20:39,420 --> 00:20:42,980
The companies that handle this well will be the ones that stop treating this rollout
409
00:20:42,980 --> 00:20:46,180
like a license project and start treating it like a governance decision.
410
00:20:46,180 --> 00:20:49,380
If you are leading this rollout, you need to pause your expansion until the per view
411
00:20:49,380 --> 00:20:50,940
baseline is real.
412
00:20:50,940 --> 00:20:52,780
You need labeling that drives policy.
413
00:20:52,780 --> 00:20:54,300
You need a review of oversharing.
414
00:20:54,300 --> 00:20:55,780
You need audit visibility.
415
00:20:55,780 --> 00:20:59,020
And you need prompt level DLP where risky interactions have to stop.
416
00:20:59,020 --> 00:21:02,220
That is the line between control adoption and avoidable exposure.
417
00:21:02,220 --> 00:21:05,500
If you do that work now, you get a cleaner rollout and clearer access boundaries, which
418
00:21:05,500 --> 00:21:09,580
means fewer ugly surprises later when your usage starts to grow.
419
00:21:09,580 --> 00:21:13,260
If this changed how you think about co-pilot governance, leave a review.
420
00:21:13,260 --> 00:21:14,860
It helps more teams find this.
421
00:21:14,860 --> 00:21:18,340
And connect with me, Mirko Peters, on LinkedIn, and send me the next topic you want me to
00:00:00,000 --> 00:00:04,080
Co-pilot might be the most efficient, unauthorized auditor your company has ever seen.
2
00:00:04,080 --> 00:00:06,680
It doesn't need to break your permissions to cause a crisis.
3
00:00:06,680 --> 00:00:10,440
It just turns weak access into instant answers, and all that old protection you got from
4
00:00:10,440 --> 00:00:14,360
messy sites, buried folders, and forgotten file names stops working.
5
00:00:14,360 --> 00:00:16,520
The second someone types a good prompt.
6
00:00:16,520 --> 00:00:18,680
Think about any tenant with weak access controls.
7
00:00:18,680 --> 00:00:23,480
If you ask Co-pilot to summarize leadership pay, pull HR policy drafts, or find confidential
8
00:00:23,480 --> 00:00:27,160
planning docs, it will surface that content in seconds as long as the user technically
9
00:00:27,160 --> 00:00:28,160
has access.
10
00:00:28,160 --> 00:00:32,040
It isn't an AI defect or a bug in the software, it is a massive data exposure problem that
11
00:00:32,040 --> 00:00:33,800
AI makes visible at scale.
12
00:00:33,800 --> 00:00:37,720
In 2026 this is exactly where things break, you have fast roll outs meeting old permissions
13
00:00:37,720 --> 00:00:39,400
and conversational retrieval.
14
00:00:39,400 --> 00:00:43,160
If you want to stay ahead of Co-pilot governance, you should subscribe, because the real question
15
00:00:43,160 --> 00:00:47,600
now isn't whether Co-pilot is risky, it's about what model of control still works when
16
00:00:47,600 --> 00:00:49,680
friction disappears.
17
00:00:49,680 --> 00:00:52,320
The model that broke, security through obscurity.
18
00:00:52,320 --> 00:00:57,320
For years, a lot of Microsoft 365 security depended on something nobody wanted to admit.
19
00:00:57,320 --> 00:01:00,040
Most of your safety came from low discoverability.
20
00:01:00,040 --> 00:01:03,600
Files were technically accessible to the wrong people, but they were just too hard to find.
21
00:01:03,600 --> 00:01:07,920
They sat in deep share point libraries, old team sites, forgotten project folders, personal
22
00:01:07,920 --> 00:01:11,160
one drives, and mail threads that nobody would ever search properly.
23
00:01:11,160 --> 00:01:14,920
You didn't have good governance, you had friction posing as protection, and it lasted because
24
00:01:14,920 --> 00:01:18,800
most people never had the time or patience to test the edges of their own access.
25
00:01:18,800 --> 00:01:20,600
What typically happened is simple.
26
00:01:20,600 --> 00:01:21,600
Permissions drifted over time.
27
00:01:21,600 --> 00:01:25,960
A site got shared too broadly during a project, or a folder inherited access it shouldn't
28
00:01:25,960 --> 00:01:27,880
have kept after a deadline passed.
29
00:01:27,880 --> 00:01:32,120
Maybe a finance file stayed open to a wider group after a reog, or legal drafts lived in
30
00:01:32,120 --> 00:01:35,000
a place that felt obscure enough to seem safe.
31
00:01:35,000 --> 00:01:38,800
None of that ever got fixed, because the damage felt limited in day to day work, people
32
00:01:38,800 --> 00:01:39,800
navigate.
33
00:01:39,800 --> 00:01:41,160
They search, then they give up.
34
00:01:41,160 --> 00:01:44,520
The bad permission stays there, and nobody feels the risk because the effort required to
35
00:01:44,520 --> 00:01:47,640
exploit it is still too high for a normal employee.
36
00:01:47,640 --> 00:01:49,920
But Co-pilot runs on another model entirely.
37
00:01:49,920 --> 00:01:54,000
It works through context, permissions, search, and Microsoft Graph signals across every
38
00:01:54,000 --> 00:01:56,240
piece of content a user can already reach.
39
00:01:56,240 --> 00:01:57,840
The starting point changes completely.
40
00:01:57,840 --> 00:02:00,120
A user no longer needs to remember the file name.
41
00:02:00,120 --> 00:02:01,600
They don't need the site URL.
42
00:02:01,600 --> 00:02:04,760
They don't even need to know whether the document lives in SharePoint 1 Drive or an old
43
00:02:04,760 --> 00:02:05,760
email.
44
00:02:05,760 --> 00:02:09,160
They just ask a question in natural language, and Co-pilot does the heavy lifting for them.
45
00:02:09,160 --> 00:02:10,600
That distinction matters a lot.
46
00:02:10,600 --> 00:02:12,120
Co-pilot doesn't create new access.
47
00:02:12,120 --> 00:02:15,640
It removes the effort needed to use the access you already gave people.
48
00:02:15,640 --> 00:02:19,640
Once you see that clearly the whole security conversation changes, because the failure
49
00:02:19,640 --> 00:02:21,960
isn't in the model answering the question.
50
00:02:21,960 --> 00:02:24,200
The failure sits in the permission model feeding it.
51
00:02:24,200 --> 00:02:26,240
The scale of that problem isn't theoretical.
52
00:02:26,240 --> 00:02:30,720
Research shows that 16% of business critical data is overshared, and the average organization
53
00:02:30,720 --> 00:02:33,840
has about 802,000 files at risk right now.
54
00:02:33,840 --> 00:02:37,200
That number tells you something uncomfortable about the old way of doing things.
55
00:02:37,200 --> 00:02:38,760
The exposure was already there.
56
00:02:38,760 --> 00:02:42,440
Most of it just stayed dormant because your employees weren't acting like professional
57
00:02:42,440 --> 00:02:47,360
search engines all day, and one level deeper permissions drift makes this even worse.
58
00:02:47,360 --> 00:02:50,520
Research used in risk training shows that only a tiny share of granted permissions is
59
00:02:50,520 --> 00:02:51,520
ever actively used.
60
00:02:51,520 --> 00:02:53,800
But the rest of those permissions just sit there.
61
00:02:53,800 --> 00:02:55,520
They are quiet and unchecked.
62
00:02:55,520 --> 00:02:59,160
This means your tenant likely contains a huge amount of access that nobody needs anymore,
63
00:02:59,160 --> 00:03:03,280
but nobody notices until AI turns that stale access into working context.
64
00:03:03,280 --> 00:03:05,240
This is how the accidental insider threat grows.
65
00:03:05,240 --> 00:03:08,040
We aren't talking about a malicious actor or a compromised account.
66
00:03:08,040 --> 00:03:11,640
It's just a normal employee with a valid identity asking a reasonable question and getting
67
00:03:11,640 --> 00:03:12,640
an unreasonable answer.
68
00:03:12,640 --> 00:03:14,440
They weren't trying to steal anything.
69
00:03:14,440 --> 00:03:16,160
They were just trying to work faster.
70
00:03:16,160 --> 00:03:19,640
But the system answered them using data that should never have been reachable in that
71
00:03:19,640 --> 00:03:20,640
moment.
72
00:03:20,640 --> 00:03:23,600
Before Copilot, human limits slowed that process down.
73
00:03:23,600 --> 00:03:24,960
Search terms had to be specific.
74
00:03:24,960 --> 00:03:26,920
Users stayed inside one app at a time.
75
00:03:26,920 --> 00:03:31,280
They rarely connected dots across SharePoint, OneDrive and Outlook, unless they already knew
76
00:03:31,280 --> 00:03:33,200
exactly where to look.
77
00:03:33,200 --> 00:03:34,200
Copilot collapses that effort.
78
00:03:34,200 --> 00:03:35,320
You ask once.
79
00:03:35,320 --> 00:03:36,320
It searches broadly.
80
00:03:36,320 --> 00:03:37,800
It assembles context.
81
00:03:37,800 --> 00:03:41,800
And the old assumption that obscurity gives you breathing room finally falls apart.
82
00:03:41,800 --> 00:03:45,240
Once that clicks, the rollout mistake gets obvious.
83
00:03:45,240 --> 00:03:46,240
Why rollout stall?
84
00:03:46,240 --> 00:03:48,040
The governance gap before scale.
85
00:03:48,040 --> 00:03:52,080
Most Copilot rollouts don't stall because users hate the tool, but rather because the company
86
00:03:52,080 --> 00:03:55,800
turned on the AI before it understood the shape of its own access.
87
00:03:55,800 --> 00:03:57,720
That is the pattern we see everywhere.
88
00:03:57,720 --> 00:03:59,840
Licenses get funded and pilot groups get announced.
89
00:03:59,840 --> 00:04:02,560
Then a few executives try it out and some early wins show up.
90
00:04:02,560 --> 00:04:07,040
But then the momentum hits a wall when security, compliance and IT start asking basic questions
91
00:04:07,040 --> 00:04:08,640
that nobody bothered to answer up front.
92
00:04:08,640 --> 00:04:12,600
They want to know what counts as sensitive content, where that data lives right now, and
93
00:04:12,600 --> 00:04:14,400
who can actually reach it today.
94
00:04:14,400 --> 00:04:18,880
Most importantly, they need to know what exactly Copilot can pull into a response from that mess.
95
00:04:18,880 --> 00:04:22,640
That missing baseline is the real blocker and it has nothing to do with the license cost
96
00:04:22,640 --> 00:04:24,240
or the quality of your prompts.
97
00:04:24,240 --> 00:04:27,600
The problem sits one layer lower in the operating facts of your tenant.
98
00:04:27,600 --> 00:04:31,400
If you can't map your sensitive data or verify who has access to it, you aren't actually
99
00:04:31,400 --> 00:04:33,160
scaling AI in a meaningful way.
100
00:04:33,160 --> 00:04:37,040
You are simply scaling uncertainty and people across the organization start to feel that
101
00:04:37,040 --> 00:04:38,400
tension very quickly.
102
00:04:38,400 --> 00:04:42,000
This is exactly where a lot of organizations are sitting right now, caught somewhere between
103
00:04:42,000 --> 00:04:43,960
a pilot and a controlled rollout.
104
00:04:43,960 --> 00:04:47,160
They aren't fully stopped, but they aren't truly ready to go big either.
105
00:04:47,160 --> 00:04:50,760
They have seen enough activity to know Copilot can help, but they don't have enough confidence
106
00:04:50,760 --> 00:04:52,720
to expand the footprint cleanly.
107
00:04:52,720 --> 00:04:56,040
That's why so many programs get stuck in an awkward middle-state where leadership once
108
00:04:56,040 --> 00:05:01,000
momentum, while legal and security are demanding evidence that the data is safe.
109
00:05:01,000 --> 00:05:04,560
Admins are then left trying to clean up years of inherited access after the AI conversation
110
00:05:04,560 --> 00:05:05,560
has already started.
111
00:05:05,560 --> 00:05:11,880
The adoption data from 2025 survey research lines up with this reality showing that 71%
112
00:05:11,880 --> 00:05:14,520
of people cited governance as their top barrier.
113
00:05:14,520 --> 00:05:18,320
Only 17% of companies had managed to scale beyond their initial pilots, which should tell
114
00:05:18,320 --> 00:05:21,520
executives something pretty direct about the current landscape.
115
00:05:21,520 --> 00:05:23,720
The bottleneck isn't a lack of interest from the workforce.
116
00:05:23,720 --> 00:05:26,560
The bottleneck is a lack of control from the top.
117
00:05:26,560 --> 00:05:30,320
Companies aren't struggling to imagine use cases, but they are struggling to trust the
118
00:05:30,320 --> 00:05:34,400
data boundary around those use cases, and the baseline they skipped isn't some abstract
119
00:05:34,400 --> 00:05:38,160
concept, because it really comes down to four practical questions.
120
00:05:38,160 --> 00:05:42,640
You need to know what data is sensitive and where that data sits across SharePoint, OneDrive,
121
00:05:42,640 --> 00:05:43,880
Exchange and Teams.
122
00:05:43,880 --> 00:05:47,600
You have to identify who has access now, including stale group memberships and inherited
123
00:05:47,600 --> 00:05:49,480
permissions that everyone forgot about.
124
00:05:49,480 --> 00:05:53,600
Finally, you must understand what Copilot can actually surface from those parts when someone
125
00:05:53,600 --> 00:05:55,320
asks a natural language question.
126
00:05:55,320 --> 00:06:00,120
Until those four answers exist, rollout decisions are mostly just guesswork, dressed up as innovation.
127
00:06:00,120 --> 00:06:03,640
A lot of leaders make the same budget mistake here by funding the experience before they
128
00:06:03,640 --> 00:06:04,640
fund the visibility.
129
00:06:04,640 --> 00:06:08,840
They buy more copilot seats before they invest in the controls that tell them whether those
130
00:06:08,840 --> 00:06:10,600
seats are safe to expand.
131
00:06:10,600 --> 00:06:14,400
That approach sounds fast and ambitious, but it creates the exact friction that kills momentum
132
00:06:14,400 --> 00:06:15,400
later on.
133
00:06:15,400 --> 00:06:20,040
The moment your risk teams see unclear exposure, every conversation about scaling the tool turns
134
00:06:20,040 --> 00:06:21,920
into a long drawn out debate.
135
00:06:21,920 --> 00:06:25,600
So what does minimum viable governance look like before you go for a broader rollout?
136
00:06:25,600 --> 00:06:29,200
It isn't a giant transformation program, but rather a simple control stack that gives
137
00:06:29,200 --> 00:06:30,680
you a real line of sight.
138
00:06:30,680 --> 00:06:34,920
You start with sensitivity labels that mean something operational instead of just being compliance
139
00:06:34,920 --> 00:06:35,920
paperwork.
140
00:06:35,920 --> 00:06:39,760
You add access reviews so all permissions don't keep drifting forward untouched and you
141
00:06:39,760 --> 00:06:43,960
run an oversharing scan across the place's copilot will draw from most.
142
00:06:43,960 --> 00:06:47,840
Make sure your audit is turned on so you can see interactions and access resources, then
143
00:06:47,840 --> 00:06:52,240
put prompt level controls in place so risky grounding paths don't slip through by default.
144
00:06:52,240 --> 00:06:56,080
Taking these steps doesn't kill the value of the AI, it actually protects that value for
145
00:06:56,080 --> 00:06:57,080
the long term.
146
00:06:57,080 --> 00:07:01,160
Once that baseline exists, you can expand copilot on safer ground instead of rolling it into blind
147
00:07:01,160 --> 00:07:03,280
spots and hoping the tenant behaves.
148
00:07:03,280 --> 00:07:07,320
The smart executive move isn't to push harder on scale right away, but to pause long enough
149
00:07:07,320 --> 00:07:09,680
to stop convenience from turning into exposure.
150
00:07:09,680 --> 00:07:14,400
This becomes very concrete when you look at how these failures actually show up in production.
151
00:07:14,400 --> 00:07:17,200
Three failure patterns every copilot team should expect.
152
00:07:17,200 --> 00:07:21,080
The first failure pattern is the simplest and that is exactly why it catches so many smart
153
00:07:21,080 --> 00:07:22,560
people off guard.
154
00:07:22,560 --> 00:07:23,880
Overshared files stop hiding.
155
00:07:23,880 --> 00:07:28,320
A user asks a plain question that sounds perfectly normal for work and copilot brings back
156
00:07:28,320 --> 00:07:30,760
content from places nobody thought to check.
157
00:07:30,760 --> 00:07:35,240
This includes HR drafts, finance workbooks, legal notes and leadership planning decks.
158
00:07:35,240 --> 00:07:39,200
These files weren't newly exposed by the AI but natural language turns broad access into
159
00:07:39,200 --> 00:07:43,320
usable access and the old mess of SharePoint structure stops slowing people down.
160
00:07:43,320 --> 00:07:47,720
In most organizations, those files sit inside a mountain of digital clutter like old team
161
00:07:47,720 --> 00:07:50,280
sites and project spaces that never got cleaned up.
162
00:07:50,280 --> 00:07:54,400
There are broad member groups and shared links that nobody ever bothered to revoke.
163
00:07:54,400 --> 00:07:58,960
People assume the clutter protects them because no one remembers where anything is located.
164
00:07:58,960 --> 00:08:02,920
Then someone asks the system to show them draft compensation ranges or summarise planning
165
00:08:02,920 --> 00:08:06,000
documents for next quarter and the AI does the stitching.
166
00:08:06,000 --> 00:08:09,480
That is the moment this breaks because the user didn't bypass any security.
167
00:08:09,480 --> 00:08:11,120
They just stop needing to know where to look.
168
00:08:11,120 --> 00:08:15,440
This matters operationally because it fundamentally changes how data exposure happens in the
169
00:08:15,440 --> 00:08:16,720
modern workplace.
170
00:08:16,720 --> 00:08:21,480
For copilot, risky access often stayed theoretical because the files were too hard to find.
171
00:08:21,480 --> 00:08:25,520
Now that access becomes practical and fast, a person with no bad intent can land on material
172
00:08:25,520 --> 00:08:30,360
they were never expected to use in that context and once that answer appears in a chat response.
173
00:08:30,360 --> 00:08:32,600
The governance discussion gets much harder.
174
00:08:32,600 --> 00:08:35,520
The issue is no longer hidden in some buried permission entry.
175
00:08:35,520 --> 00:08:37,840
It is visible in plain language right there on the screen.
176
00:08:37,840 --> 00:08:41,600
The second pattern sits in copilot studio and this is where many teams wrongly assume
177
00:08:41,600 --> 00:08:43,600
the main copilot controls will save them.
178
00:08:43,600 --> 00:08:44,600
They won't.
179
00:08:44,600 --> 00:08:49,160
The agents introduce another layer of design decisions around connectors, knowledge sources,
180
00:08:49,160 --> 00:08:50,880
grounding and environment rules.
181
00:08:50,880 --> 00:08:54,800
If those boundaries are loose, the agent can return information well outside the use case
182
00:08:54,800 --> 00:08:58,280
it was built for even when the builder thought the setup looked narrow enough.
183
00:08:58,280 --> 00:09:02,800
What typically happens is the agent connects to SharePoint and a few internal APIs but nobody
184
00:09:02,800 --> 00:09:06,160
draws a hard line around what the agent should never touch.
185
00:09:06,160 --> 00:09:10,560
The project starts with a useful goal like support answers or policy look up but then
186
00:09:10,560 --> 00:09:12,120
the scope begins to creep.
187
00:09:12,120 --> 00:09:15,480
Other connector gets added and another source gets approved because someone wants broader
188
00:09:15,480 --> 00:09:16,800
coverage for convenience.
189
00:09:16,800 --> 00:09:20,480
Suddenly the agent isn't just answering one business question but is operating across
190
00:09:20,480 --> 00:09:24,920
mixed data estates with very weak separation and one level deeper the core problem isn't
191
00:09:24,920 --> 00:09:29,560
only the number of connectors you have it is the design of the boundary itself an agent inherits
192
00:09:29,560 --> 00:09:33,720
risk from every source every identity path and every environment rule that surrounds
193
00:09:33,720 --> 00:09:34,720
it.
194
00:09:34,720 --> 00:09:36,000
Research makes this pretty clear.
195
00:09:36,000 --> 00:09:40,120
Copilot studio needs its own DLP and connector governance approach and those protections
196
00:09:40,120 --> 00:09:44,920
don't come automatically just because the main Microsoft 365 experience is governed.
197
00:09:44,920 --> 00:09:49,480
The security question shifts from whether you built an agent to what exact data boundary
198
00:09:49,480 --> 00:09:53,480
you built around it then you hit the third pattern and this one damages trust even when
199
00:09:53,480 --> 00:09:55,880
no major data exposure is actually confirmed.
200
00:09:55,880 --> 00:09:57,360
You simply can't see enough.
201
00:09:57,360 --> 00:10:00,800
The organization rolls out copilot and users start interacting with it but the monitoring
202
00:10:00,800 --> 00:10:04,200
model stays thin while responses reference files and mail.
203
00:10:04,200 --> 00:10:07,920
There is no shared view of prompts and no clear trail of access resources which means
204
00:10:07,920 --> 00:10:12,720
there is no easy way to separate a normal interaction from a risky one that leaves security teams
205
00:10:12,720 --> 00:10:15,640
and executives working from a set of dangerous assumptions.
206
00:10:15,640 --> 00:10:20,400
Per view audit logs can capture these interactions including the sensitivity context but only if
207
00:10:20,400 --> 00:10:25,640
the organization is treating audit as a core part of the rollout because later is too late.
208
00:10:25,640 --> 00:10:29,120
Once questions come in from legal or a business owner who thinks something sensitive showed
209
00:10:29,120 --> 00:10:31,280
up in a response you need hard evidence.
210
00:10:31,280 --> 00:10:35,080
You need to know who asked what resource was touched and whether a web search path was
211
00:10:35,080 --> 00:10:36,080
involved.
212
00:10:36,080 --> 00:10:39,960
Throughout those details every investigation turns into a slow and messy process.
213
00:10:39,960 --> 00:10:43,240
The cost here isn't just forensic because your policy tuning suffers as well.
214
00:10:43,240 --> 00:10:46,360
If you can't observe how people are actually using copilot you can't tell whether your
215
00:10:46,360 --> 00:10:49,320
controls are too weak or hitting the wrong patterns.
216
00:10:49,320 --> 00:10:53,160
You also can't prove the system is safe enough to scale which means trust starts to erode
217
00:10:53,160 --> 00:10:55,000
from both sides of the business.
218
00:10:55,000 --> 00:10:59,200
Risk teams think governance is blind while business teams think security is blocking progress
219
00:10:59,200 --> 00:11:00,200
without any proof.
220
00:11:00,200 --> 00:11:01,880
The answer isn't shutting copilot off.
221
00:11:01,880 --> 00:11:05,720
The answer is changing the control model so discovery, agent behavior and visibility are
222
00:11:05,720 --> 00:11:08,680
governed on purpose instead of being left to drift.
223
00:11:08,680 --> 00:11:12,080
The purview strategy build the perimeter around context.
224
00:11:12,080 --> 00:11:14,200
The old control model has to change.
225
00:11:14,200 --> 00:11:17,440
We can't just rely on wider lockdowns or random exceptions anymore.
226
00:11:17,440 --> 00:11:21,000
We need a model that follows context because that is exactly how copilot works.
227
00:11:21,000 --> 00:11:24,840
This is the moment where Microsoft purview starts to matter as an operating system for
228
00:11:24,840 --> 00:11:28,720
AI governance rather than just a compliance console that people open once a year during
229
00:11:28,720 --> 00:11:29,720
audits.
230
00:11:29,720 --> 00:11:30,720
It all starts with labels.
231
00:11:30,720 --> 00:11:35,040
Most companies treat sensitivity labels like stickers that are helpful for policy, records
232
00:11:35,040 --> 00:11:39,400
or compliance reporting, but that approach is far too passive for AI.
233
00:11:39,400 --> 00:11:42,360
In a copilot environment labels need to become decision signals.
234
00:11:42,360 --> 00:11:46,800
They have to tell downstream controls what content can be processed, what should be blocked,
235
00:11:46,800 --> 00:11:48,880
and where stricter rules should apply.
236
00:11:48,880 --> 00:11:53,000
If your labels are missing, inconsistent or limited to a small part of the tenant, your
237
00:11:53,000 --> 00:11:55,280
policy logic starts weak and it stays weak.
238
00:11:55,280 --> 00:11:58,200
That label first model represents the real shift.
239
00:11:58,200 --> 00:12:02,040
You classify the content first and then the policy follows that classification.
240
00:12:02,040 --> 00:12:03,600
It is never the other way around.
241
00:12:03,600 --> 00:12:07,520
Instead of building endless lists of sites and hoping admins remember to update them,
242
00:12:07,520 --> 00:12:09,880
you let the state of the content drive the enforcement.
243
00:12:09,880 --> 00:12:13,680
This matters because the location of information changes all the time, while the business meaning
244
00:12:13,680 --> 00:12:15,360
of that information usually stays the same.
245
00:12:15,360 --> 00:12:19,640
A finance document is still a finance document even if it moves to a new folder and a confidential
246
00:12:19,640 --> 00:12:23,640
strategy file is still sensitive even if a team reorganizes around it.
247
00:12:23,640 --> 00:12:27,320
Purview gives you a way to make that meaning usable across the board.
248
00:12:27,320 --> 00:12:31,320
This strategy gets much stronger with adaptive scopes, which finally reached general availability
249
00:12:31,320 --> 00:12:33,240
in March of 2026.
250
00:12:33,240 --> 00:12:37,520
For that update, teams were stuck with static sharepoint targeting and site limits that
251
00:12:37,520 --> 00:12:40,880
simply did not fit the shape of large, complex environments.
252
00:12:40,880 --> 00:12:45,000
That old approach breaks down quickly because manual lists age badly and sites change owners
253
00:12:45,000 --> 00:12:46,000
without warning.
254
00:12:46,000 --> 00:12:50,240
New spaces appear faster than policies can ever catch up, and old exclusions often stay
255
00:12:50,240 --> 00:12:52,600
in place long after they stop making sense.
256
00:12:52,600 --> 00:12:57,040
In an AI rollout, that lag becomes a dangerous control gap because copilot moves at query speed
257
00:12:57,040 --> 00:12:59,320
while your governance moves at admin speed.
258
00:12:59,320 --> 00:13:02,040
Adaptive scopes change the entire targeting model.
259
00:13:02,040 --> 00:13:06,600
Instead of naming every single location one by one, your policy can include or exclude sharepoint
260
00:13:06,600 --> 00:13:10,160
sites using labels, metadata and business rules.
261
00:13:10,160 --> 00:13:14,920
This means you can shape the access boundary for copilot based on what the site actually is,
262
00:13:14,920 --> 00:13:18,200
how it has been classified or whether it fits into an approved pattern.
263
00:13:18,200 --> 00:13:21,520
The point here isn't to block every sensitive file from all AI use.
264
00:13:21,520 --> 00:13:26,040
The goal is to reduce oversharing exposure without shutting down the useful parts of copilot
265
00:13:26,040 --> 00:13:27,200
for ordinary work.
266
00:13:27,200 --> 00:13:29,160
That is where the executive value lives.
267
00:13:29,160 --> 00:13:33,680
You do not need to make a binary choice between being totally open or completely closed.
268
00:13:33,680 --> 00:13:38,840
You can preserve productivity on lower risk content while tightening the path around regulated,
269
00:13:38,840 --> 00:13:40,640
strategic or restricted material.
270
00:13:40,640 --> 00:13:45,040
Because adaptive scopes remove the old site count limits and the manual upkeep problem,
271
00:13:45,040 --> 00:13:48,880
the control model finally starts to match the scale of a real enterprise.
272
00:13:48,880 --> 00:13:52,040
Then the bound removes one layer closer to the interaction itself.
273
00:13:52,040 --> 00:13:55,680
Prompt level DLP matters because stored files are no longer the only risk surface you
274
00:13:55,680 --> 00:13:56,920
have to worry about.
275
00:13:56,920 --> 00:14:01,320
The user prompt is now part of the data path and the response coming back is part of that
276
00:14:01,320 --> 00:14:02,320
path too.
277
00:14:02,320 --> 00:14:06,480
If a user enters sensitive information types into copilot or if a request tries to pull
278
00:14:06,480 --> 00:14:11,200
risky content through an external grounding path, you need policy at that exact moment.
279
00:14:11,200 --> 00:14:13,960
Having a policy at the file level is no longer enough.
280
00:14:13,960 --> 00:14:16,320
Microsoft expanded these capabilities in 2026.
281
00:14:16,320 --> 00:14:20,560
Per view DLP can now inspect prompts for sensitive information types and apply controls
282
00:14:20,560 --> 00:14:23,880
to both Microsoft 365 copilot and copilot chat.
283
00:14:23,880 --> 00:14:27,840
For external web grounding scenarios, policies can restrict that search path while still
284
00:14:27,840 --> 00:14:31,640
allowing internal Microsoft Graph grounding when your licensing supports it.
285
00:14:31,640 --> 00:14:35,580
This is a much more useful control than a blanket stop because it cuts off risky external
286
00:14:35,580 --> 00:14:38,160
flows without killing the entire interaction.
287
00:14:38,160 --> 00:14:39,560
Keep this one sentence in your head.
288
00:14:39,560 --> 00:14:41,160
The new data boundary is the prompt.
289
00:14:41,160 --> 00:14:42,760
That is where modern work actually begins.
290
00:14:42,760 --> 00:14:47,560
A person asks a question, the system interprets it and the retrieval process starts.
291
00:14:47,560 --> 00:14:51,560
If your controls only live at the storage level, you have already missed the most important
292
00:14:51,560 --> 00:14:52,840
part of the exchange.
293
00:14:52,840 --> 00:14:56,720
Microsoft level DLP brings governance into the actual moment of use, which is exactly where
294
00:14:56,720 --> 00:14:58,000
risk appears first.
295
00:14:58,000 --> 00:15:02,080
This isn't just admin trivia, it is a major executive control decision.
296
00:15:02,080 --> 00:15:05,800
You have to decide which data should stay usable through copilot which conversations should
297
00:15:05,800 --> 00:15:09,320
stop and which prompts should never leave the internal boundary.
298
00:15:09,320 --> 00:15:12,680
These are business choices expressed through Per view policy.
299
00:15:12,680 --> 00:15:16,600
One more layer matters now because even a better context boundary wasn't enough on its own
300
00:15:16,600 --> 00:15:20,240
one storage location stopped being predictable.
301
00:15:20,240 --> 00:15:22,800
The 2026 shift most teams missed.
302
00:15:22,800 --> 00:15:24,720
All gloop and expanded enforcement.
303
00:15:24,720 --> 00:15:28,640
There was still a gap in the system and a lot of teams missed it because they assumed
304
00:15:28,640 --> 00:15:31,440
cloud controls meant complete controls they didn't.
305
00:15:31,440 --> 00:15:36,120
For a long time, protection behavior across Microsoft 365 copilot could vary depending
306
00:15:36,120 --> 00:15:39,680
on where the office file lived and how the interaction happened.
307
00:15:39,680 --> 00:15:43,760
This meant leaders were hearing a clean story about policy coverage while admins were still
308
00:15:43,760 --> 00:15:47,240
dealing with uneven enforcement parts underneath the surface.
309
00:15:47,240 --> 00:15:51,180
When AI is involved, uneven usually means untrusted because people don't care if the
310
00:15:51,180 --> 00:15:52,940
architecture explains the problem.
311
00:15:52,940 --> 00:15:55,860
They only care whether the same rule holds up every single time.
312
00:15:55,860 --> 00:15:58,700
Early 2026 exposed that problem in a big way.
313
00:15:58,700 --> 00:16:02,300
The trust hit that happened between January and February around how copilot handled protected
314
00:16:02,300 --> 00:16:06,180
email content showed that assumptions about labels were not enough.
315
00:16:06,180 --> 00:16:09,420
Microsoft addressed the specific defect but the broader lesson was much bigger than the
316
00:16:09,420 --> 00:16:10,420
bug itself.
317
00:16:10,420 --> 00:16:14,220
You could not treat protection promises as finished just because a policy existed in the
318
00:16:14,220 --> 00:16:15,220
portal.
319
00:16:15,220 --> 00:16:18,980
You had to care about where enforcement really happened, which workloads were fully covered
320
00:16:18,980 --> 00:16:21,340
and which gaps were still closing in the background.
321
00:16:21,340 --> 00:16:23,700
This is where all glute matters in the 2026 story.
322
00:16:23,700 --> 00:16:28,340
It was the layer that completed broader DLP enforcement for copilot across all storage
323
00:16:28,340 --> 00:16:32,780
locations, including local and cloud office files, with a rollout spanning from late March
324
00:16:32,780 --> 00:16:35,140
to late April of 2026.
325
00:16:35,140 --> 00:16:38,020
In plain language, the decision path finally got more consistent.
326
00:16:38,020 --> 00:16:42,660
A labeled word, Excel or PowerPoint file was no longer just a cloud-only governance question.
327
00:16:42,660 --> 00:16:46,340
The same control logic could now apply more broadly across the places where people actually
328
00:16:46,340 --> 00:16:47,340
do their work.
329
00:16:47,340 --> 00:16:50,500
That sounds technical, but the business consequence is very simple.
330
00:16:50,500 --> 00:16:54,580
There are now fewer blind spots between where your content lives and where copilot can process
331
00:16:54,580 --> 00:16:55,580
it.
332
00:16:55,580 --> 00:16:59,220
Before this expansion, many organizations were still carrying a split in their mental model
333
00:16:59,220 --> 00:17:03,340
where cloud content felt governed, but everything else felt uncertain.
334
00:17:03,340 --> 00:17:07,940
Work does not stay neatly inside one storage assumption and users do not think in those boundaries
335
00:17:07,940 --> 00:17:10,140
when they open files or ask questions.
336
00:17:10,140 --> 00:17:14,100
If the policy model stops at one location type, then the real operating boundary is much
337
00:17:14,100 --> 00:17:16,060
weaker than leadership thinks it is.
338
00:17:16,060 --> 00:17:19,980
With all-group closing more of that gap, Perview gets closer to something leaders can actually
339
00:17:19,980 --> 00:17:20,980
trust.
340
00:17:20,980 --> 00:17:24,820
It isn't perfect coverage by slogan, but it provides broader consistency in the enforcement
341
00:17:24,820 --> 00:17:25,820
path.
342
00:17:25,820 --> 00:17:29,860
This leads to safer decisions around copilot use in word, Excel and PowerPoint, regardless
343
00:17:29,860 --> 00:17:34,260
of where the file sits, and it creates a cleaner governance story for organizations trying
344
00:17:34,260 --> 00:17:36,500
to reduce exceptions before they scale.
345
00:17:36,500 --> 00:17:39,860
Still, nobody should treat this as instant magic.
346
00:17:39,860 --> 00:17:43,380
Policy changes do not appear everywhere the second you click the publish button.
347
00:17:43,380 --> 00:17:48,740
Microsoft documents clear deployment and propagation delays for DLP, which often take 24 hours
348
00:17:48,740 --> 00:17:51,980
for most users and up to 48 hours in some cases.
349
00:17:51,980 --> 00:17:55,580
These delays depend on workloads, devices, connectivity and sync state.
350
00:17:55,580 --> 00:17:59,340
A mature team does not publish a rule at 9 in the morning and assume the whole environment
351
00:17:59,340 --> 00:18:00,660
is governed by 10.
352
00:18:00,660 --> 00:18:02,740
The operating model has to respect that delay.
353
00:18:02,740 --> 00:18:06,420
You have to test first, verify the sync status and check whether the right workloads are
354
00:18:06,420 --> 00:18:08,420
actually evaluating the policy.
355
00:18:08,420 --> 00:18:12,420
Watch the rollout state in your tenant before you try to enforce things with confidence.
356
00:18:12,420 --> 00:18:16,700
This sequence matters because AI governance fails when teams confuse policy intent with policy
357
00:18:16,700 --> 00:18:17,700
reality.
358
00:18:17,700 --> 00:18:20,020
The setting might exist, but the estate hasn't caught up yet.
359
00:18:20,020 --> 00:18:23,500
If you roll forward on that assumption, you create another trust problem, the moment a
360
00:18:23,500 --> 00:18:25,860
blocked interaction goes through somewhere it shouldn't.
361
00:18:25,860 --> 00:18:29,780
Once enforcement becomes broader and more consistent, the next challenge shows up fast.
362
00:18:29,780 --> 00:18:33,340
You still need proof that the controls are working and you need a way to adjust them
363
00:18:33,340 --> 00:18:34,980
as usage patterns change.
364
00:18:34,980 --> 00:18:38,660
The operating layer, audit, tuning and closed loop governance.
365
00:18:38,660 --> 00:18:40,980
After you set the policy, you need the evidence.
366
00:18:40,980 --> 00:18:44,780
The leadership team skipped this part because they think governance is finished once the rules
367
00:18:44,780 --> 00:18:45,780
are written.
368
00:18:45,780 --> 00:18:47,780
It isn't.
369
00:18:47,780 --> 00:18:50,820
A live co-pilot environment never stops moving.
370
00:18:50,820 --> 00:18:53,700
And the only way to manage that reality is through audit data.
371
00:18:53,700 --> 00:18:57,500
You need to see how people are actually using the system and exactly what content the system
372
00:18:57,500 --> 00:18:58,900
is touching in response.
373
00:18:58,900 --> 00:19:02,780
Per view gives you that visibility, but only if you treat it like a control surface instead
374
00:19:02,780 --> 00:19:04,620
of a basic records tool.
375
00:19:04,620 --> 00:19:09,020
Co-pilot audit data captures the interactions, the resources accessed, the site URLs and
376
00:19:09,020 --> 00:19:12,020
the sensitivity labels involved in every single prompt.
377
00:19:12,020 --> 00:19:16,140
This matters because it turns a vague sense of concern into something you can actually review.
378
00:19:16,140 --> 00:19:19,420
You can inspect which files were touched and how a response was grounded which means you
379
00:19:19,420 --> 00:19:21,300
aren't guessing about risks anymore.
380
00:19:21,300 --> 00:19:22,620
That helps with compliance.
381
00:19:22,620 --> 00:19:24,300
But the real value here is operational.
382
00:19:24,300 --> 00:19:25,940
You can finally prove safe usage.
383
00:19:25,940 --> 00:19:27,300
You can investigate misuse.
384
00:19:27,300 --> 00:19:31,020
You can defend your rollout decisions with hard evidence instead of a gut feeling.
385
00:19:31,020 --> 00:19:34,340
When something looks wrong, you don't have to argue based on screenshots or someone's
386
00:19:34,340 --> 00:19:37,100
memory because you are working from the actual records.
387
00:19:37,100 --> 00:19:41,380
This same visibility is what allows you to improve your policy tuning over time.
388
00:19:41,380 --> 00:19:45,340
If your people are hitting blocks on safe prompts, you can refine the rules to let them work.
389
00:19:45,340 --> 00:19:49,100
If risky patterns are slipping through your internal grounding, you can tighten the policy
390
00:19:49,100 --> 00:19:50,860
exactly where it's failing.
391
00:19:50,860 --> 00:19:54,460
This shortens the time it takes to adjust your settings, which is one of the few matrix
392
00:19:54,460 --> 00:19:56,380
executives should actually care about.
393
00:19:56,380 --> 00:19:59,820
It measures whether your control model can keep up with the speed of the product.
394
00:19:59,820 --> 00:20:02,780
This is where closed loop governance starts to make sense.
395
00:20:02,780 --> 00:20:04,100
Interaction signals feed the review.
396
00:20:04,100 --> 00:20:08,620
The review drives the policy updates, the policy updates change future interactions.
397
00:20:08,620 --> 00:20:09,620
That is the loop.
398
00:20:09,620 --> 00:20:11,820
It isn't a one time project or a massive policy dump.
399
00:20:11,820 --> 00:20:15,980
It is a living system where real usage patterns shape your next control decision.
400
00:20:15,980 --> 00:20:19,940
That is the maturity line for co-pilot governance as we head toward 2026.
401
00:20:19,940 --> 00:20:23,380
Static rules will not keep pace with changing prompts or new agent behaviors.
402
00:20:23,380 --> 00:20:27,700
The teams that scale safely will be the ones that monitor, learn and adjust before a small
403
00:20:27,700 --> 00:20:29,780
drift turns into a major exposure.
404
00:20:29,780 --> 00:20:34,180
So before you buy that next wave of licenses, you have a very simple decision to make.
405
00:20:34,180 --> 00:20:35,180
This is the shift.
406
00:20:35,180 --> 00:20:36,980
Co-pilot didn't create a data problem.
407
00:20:36,980 --> 00:20:39,420
It just exposed the one that was already sitting in your tenant.
408
00:20:39,420 --> 00:20:42,980
The companies that handle this well will be the ones that stop treating this rollout
409
00:20:42,980 --> 00:20:46,180
like a license project and start treating it like a governance decision.
410
00:20:46,180 --> 00:20:49,380
If you are leading this rollout, you need to pause your expansion until the per view
411
00:20:49,380 --> 00:20:50,940
baseline is real.
412
00:20:50,940 --> 00:20:52,780
You need labeling that drives policy.
413
00:20:52,780 --> 00:20:54,300
You need a review of oversharing.
414
00:20:54,300 --> 00:20:55,780
You need audit visibility.
415
00:20:55,780 --> 00:20:59,020
And you need prompt level DLP where risky interactions have to stop.
416
00:20:59,020 --> 00:21:02,220
That is the line between control adoption and avoidable exposure.
417
00:21:02,220 --> 00:21:05,500
If you do that work now, you get a cleaner rollout and clearer access boundaries, which
418
00:21:05,500 --> 00:21:09,580
means fewer ugly surprises later when your usage starts to grow.
419
00:21:09,580 --> 00:21:13,260
If this changed how you think about co-pilot governance, leave a review.
420
00:21:13,260 --> 00:21:14,860
It helps more teams find this.
421
00:21:14,860 --> 00:21:18,340
And connect with me, Mirko Peters, on LinkedIn, and send me the next topic you want me to