The Problem Nobody Wants to Talk About
Microsoft 365 Copilot is an amplifier. Whatever state your tenant permissions are in right now — the overshared SharePoint sites, the “Everyone Except External Users” grants from 2019, the shared mailboxes with fifteen people who left two years ago — Copilot will find all of it and cheerfully surface it to anyone who asks.
This isn’t a Copilot bug. Copilot respects your existing permissions model. The problem is that your existing permissions model is almost certainly a mess. Every tenant I’ve audited has had at least one “oh no” moment during the oversharing assessment. Most have had several.
The readiness work isn’t optional. Skip it and you’re handing every licensed user a turbocharged search engine across every permission mistake you’ve ever made.
This checklist is what I use for pre-enablement audits. Each item includes what to check, the risk if you skip it, what “good” looks like, and how to verify it programmatically. It’s exhaustive on purpose — you can skip sections that don’t apply to your environment, but you can’t fix what you haven’t checked.
A note on the PowerShell and Graph API examples: These were accurate at the time of writing (March 2026). Microsoft renames cmdlets, deprecates parameters, and shuffles module versions regularly. Test everything in a sandbox tenant before running it in production. If you find something that’s changed, let me know and I’ll update it.
1. Licensing and Prerequisites
The boring stuff first. Get this wrong and nothing else matters.
1.1 Base Licence Validation
| |
|---|
| What to check | Every user targeted for Copilot has a qualifying base licence (M365 E3, E5, Business Standard, Business Premium, or equivalent). |
| Risk if missed | Copilot licence assignment will fail or user will have degraded functionality. |
| What good looks like | 100% of pilot users have a qualifying base licence assigned and active. |
# Graph PowerShell — list users and their assigned licence SKUs
Connect-MgGraph -Scopes "User.Read.All","Directory.Read.All"
Get-MgUser -All -Property DisplayName,AssignedLicenses |
Select-Object DisplayName, @{N='Licences';E={($_.AssignedLicenses.SkuId -join ', ')}}
GET https://graph.microsoft.com/v1.0/users?$select=displayName,assignedLicenses
1.2 Copilot Add-On Licence Assignment
| |
|---|
| What to check | The Microsoft 365 Copilot add-on SKU is assigned to each target user. |
| Risk if missed | User cannot access Copilot features despite having a base licence. |
| What good looks like | Copilot SKU (SKU ID: 639dec6b-bb19-468b-871c-c5c441c4b0cb for enterprise; verify current SKU for Business tier) assigned to all pilot users. |
# Check for Copilot licence assignment
$copilotSkuId = "639dec6b-bb19-468b-871c-c5c441c4b0cb"
Get-MgUser -All -Property DisplayName,AssignedLicenses |
Where-Object { $_.AssignedLicenses.SkuId -contains $copilotSkuId } |
Select-Object DisplayName
1.3 Microsoft 365 Apps Update Channel
| |
|---|
| What to check | Users are on Current Channel or Monthly Enterprise Channel for Microsoft 365 Apps. |
| Risk if missed | Copilot features will not appear in Office desktop apps. Semi-Annual Channel is not supported. |
| What good looks like | All Copilot-targeted devices report Current Channel or Monthly Enterprise Channel. |
# Check via Intune device configuration or registry
# Registry path on device:
# HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
# Value: CDNBaseUrl
# "492350f6-3a01-4f97-b9c0-c7c6ddf67d60" = Current Channel
# "55336b82-a18d-4dd6-b5f6-9e5095c314a6" = Monthly Enterprise Channel
# Via Intune Graph API — get device configurations
GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$select=deviceName,operatingSystem
1.4 Network Connectivity
| |
|---|
| What to check | Required Copilot endpoints are accessible (*.copilot.microsoft.com, substrate.office.com, etc.). |
| Risk if missed | Copilot will fail silently or return errors. |
| What good looks like | All required endpoints are whitelisted in firewalls/proxies per Microsoft’s published endpoint list. |
# Test connectivity to key Copilot endpoints
$endpoints = @(
"copilot.microsoft.com",
"substrate.office.com",
"graph.microsoft.com",
"login.microsoftonline.com"
)
foreach ($ep in $endpoints) {
Test-NetConnection -ComputerName $ep -Port 443 |
Select-Object ComputerName, TcpTestSucceeded
}
1.5 Web Search and Grounding Configuration
| |
|---|
| What to check | Decision made on whether to allow Copilot to use web content for grounding responses. |
| Risk if missed | Users may unknowingly send prompts that include web-grounded data, or conversely miss useful context. |
| What good looks like | Explicit policy decision documented. Web search toggled on/off in M365 Admin Centre > Copilot settings per organisational preference. |
M365 Admin Centre > Settings > Copilot > Manage how Copilot can reference web content
2. Entra ID Configuration
This is where the Copilot risk conversation really starts. A compromised account with Copilot access can summarise and exfiltrate data at machine speed. Your identity posture has to be solid.
2.1 Conditional Access — MFA Enforcement
| |
|---|
| What to check | MFA is enforced for all users via Conditional Access (not legacy per-user MFA). |
| Risk if missed | Compromised account = attacker gets Copilot access to summarise and exfiltrate data at machine speed. |
| What good looks like | CA policy requiring MFA for all cloud apps, applied to all users (excluding break-glass accounts). Per-user MFA disabled in favour of CA-based MFA. |
Connect-MgGraph -Scopes "Policy.Read.All"
# List all Conditional Access policies and their state
Get-MgIdentityConditionalAccessPolicy -All |
Select-Object DisplayName, State,
@{N='GrantControls';E={$_.GrantControls.BuiltInControls -join ', '}},
@{N='IncludeUsers';E={$_.Conditions.Users.IncludeUsers -join ', '}}
GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies
2.2 MFA Registration Completeness
| |
|---|
| What to check | All licensed users have registered MFA methods (not just that the policy exists, but that users have actually enrolled). |
| Risk if missed | Policy exists but users haven’t registered = MFA not actually protecting them. |
| What good looks like | 100% of licensed users show isMfaRegistered = true. |
# Requires Microsoft.Graph.Beta module
Connect-MgGraph -Scopes "AuditLog.Read.All","UserAuthenticationMethod.Read.All"
Get-MgBetaReportAuthenticationMethodUserRegistrationDetail -All |
Where-Object { $_.IsMfaRegistered -eq $false } |
Select-Object UserPrincipalName, IsMfaRegistered, MethodsRegistered
2.3 Conditional Access — Device Compliance
| |
|---|
| What to check | CA policies require compliant or Entra-joined devices for access to M365 services. |
| Risk if missed | Copilot accessible from unmanaged/compromised devices. |
| What good looks like | CA policy requiring compliant device or Hybrid Azure AD Join for M365 apps access. |
Get-MgIdentityConditionalAccessPolicy -All |
Where-Object { $_.GrantControls.BuiltInControls -contains 'compliantDevice' } |
Select-Object DisplayName, State
2.4 Conditional Access — Location-Based Policies
| |
|---|
| What to check | Named locations configured; risky sign-in locations blocked or require additional auth. |
| Risk if missed | Copilot access from untrusted locations/countries increases data exfiltration risk. |
| What good looks like | Named locations defined. CA policy blocking or requiring MFA from untrusted locations. |
Get-MgIdentityConditionalAccessNamedLocation -All |
Select-Object DisplayName, @{N='Type';E={$_.AdditionalProperties.'@odata.type'}}
2.5 Guest and External User Access
| |
|---|
| What to check | Guest users’ access to tenant resources is restricted. External collaboration settings reviewed. |
| Risk if missed | If guests are assigned Copilot licences (or have broad SharePoint access), Copilot will surface internal data to external parties. |
| What good looks like | Guest access limited to specific resources. External collaboration settings restrict guest invitations to admins/specific roles. Guest users cannot be assigned Copilot licences. |
# List all guest users
Connect-MgGraph -Scopes "User.Read.All"
Get-MgUser -Filter "userType eq 'Guest'" -All |
Select-Object DisplayName, UserPrincipalName, CreatedDateTime, AccountEnabled
# Check external collaboration settings
GET https://graph.microsoft.com/v1.0/policies/authorizationPolicy
# Review: allowInvitesFrom, guestUserRoleId, allowedToSignUpEmailBasedSubscriptions
2.6 Admin Role Assignments and Privileged Access
| |
|---|
| What to check | Excessive admin role assignments reviewed. Global Admin count minimised. PIM enabled if available (Entra P2). |
| Risk if missed | Admin accounts with Copilot can access and summarise data across the entire tenant. Compromised admin + Copilot = full data breach at speed. |
| What good looks like | Max 2-4 Global Admins. Least-privilege role assignments. PIM for just-in-time elevation where available. |
# List Global Admin role members
$globalAdminRoleId = (Get-MgDirectoryRole -Filter "displayName eq 'Global Administrator'").Id
Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRoleId |
Select-Object @{N='UPN';E={$_.AdditionalProperties.userPrincipalName}}
2.7 App Registrations and Consent Grants
| |
|---|
| What to check | Review app registrations with broad Graph API permissions. Review admin consent grants. User consent settings restricted. |
| Risk if missed | Apps with broad permissions (e.g., Mail.Read, Files.Read.All) can access data that Copilot also surfaces — combined with a malicious app, this amplifies exposure. |
| What good looks like | User consent disabled or restricted to verified publishers. No stale app registrations with overly broad permissions. Admin consent workflow enabled. |
# List all OAuth2 permission grants (admin consent)
Connect-MgGraph -Scopes "Directory.Read.All"
Get-MgOAuth2PermissionGrant -All |
Select-Object ClientId, ConsentType, Scope, ResourceId
# List app registrations with broad permissions
Get-MgApplication -All |
Select-Object DisplayName, @{N='Permissions';E={
$_.RequiredResourceAccess.ResourceAccess.Id -join ', '
}}
2.8 Security Defaults vs Conditional Access
| |
|---|
| What to check | Determine whether the tenant uses Security Defaults or Conditional Access. They cannot be active simultaneously. |
| Risk if missed | Security Defaults provide basic MFA but lack granularity needed for Copilot governance (e.g., device compliance, location policies). |
| What good looks like | Conditional Access enabled (Security Defaults disabled). At minimum: MFA for all users, block legacy auth, device compliance policies. |
# Check Security Defaults status
(Get-MgPolicyIdentitySecurityDefaultEnforcementPolicy).IsEnabled
2.9 Break-Glass Account Configuration
| |
|---|
| What to check | Emergency access (break-glass) accounts exist, are excluded from CA policies, and are monitored. |
| Risk if missed | If CA policies lock out all admins, there’s no recovery path. Not Copilot-specific but critical for any CA deployment. |
| What good looks like | 2 break-glass accounts, cloud-only, excluded from all CA policies, strong passwords stored securely, sign-in activity monitored via alert rule. |
# Verify break-glass accounts exist and check their exclusion in CA policies
# Manual review: ensure break-glass UPNs appear in Conditions.Users.ExcludeUsers
# for all CA policies retrieved in 2.1
3. SharePoint and OneDrive Sharing and Permissions
This is the big one. SharePoint permissions are where the oversharing lives, and Copilot will find every single over-permissioned site, library, and file. If you only have time for one section, make it this one.
3.1 Tenant-Level Sharing Settings
| |
|---|
| What to check | SharePoint and OneDrive external sharing level. |
| Risk if missed | If set to “Anyone” (anonymous links), Copilot can surface content from sites where anonymous sharing has created unintended access. |
| What good looks like | SharePoint: “New and existing guests” or “Existing guests only”. OneDrive: same or more restrictive than SharePoint. “Anyone” links disabled at the tenant level. |
Connect-SPOService -Url https://<tenant>-admin.sharepoint.com
Get-SPOTenant | Select-Object SharingCapability, OneDriveSharingCapability,
DefaultSharingLinkType, DefaultLinkPermission,
PreventExternalUsersFromResharing
# SharingCapability values:
# Disabled = no external sharing
# ExistingExternalUserSharingOnly = existing guests only
# ExternalUserSharingOnly = new and existing guests
# ExternalUserAndGuestSharing = anyone (anonymous links)
3.2 “Anyone” (Anonymous) Sharing Links Audit
| |
|---|
| What to check | Identify all active “Anyone” sharing links across all sites. |
| Risk if missed | Copilot can reference any content the user has access to. If anonymous links grant broad access, Copilot will surface that content in responses — and users may not realise the content was externally shared. |
| What good looks like | Zero “Anyone” links on sensitive sites. Remaining anonymous links have expiry dates set. |
# SharePoint Advanced Management — Site permissions report
# Run from SharePoint Admin Centre > Reports > Data access governance
# Or via PowerShell:
Get-SPOSite -Limit All | ForEach-Object {
Get-SPOSiteFileVersionExpirationReportJobProgress -ReportUrl $_.Url
}
# Note: The full "sharing links" audit typically requires SharePoint Advanced Management
# or the SharePoint admin centre Data Access Governance reports
3.3 Site-Level Sharing Overrides
| |
|---|
| What to check | Individual sites that have sharing settings more permissive than the tenant default. |
| Risk if missed | Even if tenant-level sharing is restrictive, individual sites can be overridden to allow broader sharing. |
| What good looks like | No site-level overrides that exceed tenant defaults. Or, overrides are documented and justified. |
Get-SPOSite -Limit All |
Where-Object { $_.SharingCapability -ne (Get-SPOTenant).SharingCapability } |
Select-Object Url, SharingCapability, Owner
3.4 SharePoint Site Permissions — Broad Access Groups
| |
|---|
| What to check | Sites where “Everyone”, “Everyone Except External Users” (EEEU), or “All Users” groups have been granted permissions. |
| Risk if missed | These groups give every user in the tenant access. Copilot will surface content from these sites to any licensed user — this is the number one oversharing vector. |
| What good looks like | Zero sites with EEEU/Everyone/All Users in site permissions (other than intentionally public resources like the intranet). |
# SharePoint Advanced Management — "Site permissions for the organization" report
# Scans all sites and lists:
# - Total permissioned users
# - Content shared with "Everyone"
# - Content shared with EEEU
# - Guest user access count
# Available via SharePoint Admin Centre or:
# Start-SPODataAccessGovernanceReport (SAM required)
3.5 OneDrive Default Sharing Scope
| |
|---|
| What to check | Default sharing link type for OneDrive (Organisation vs Specific People). |
| Risk if missed | If default is “People in your organisation”, users unknowingly create org-wide links when sharing from OneDrive — Copilot then surfaces this to everyone. |
| What good looks like | Default link type set to “Specific people”. Link permission set to “View” (not Edit). |
Get-SPOTenant | Select-Object DefaultSharingLinkType, DefaultLinkPermission,
OneDriveDefaultShareLinkScope, OneDriveDefaultShareLinkRole
# DefaultSharingLinkType: None, Direct (specific people), Internal (org), AnonymousAccess
3.6 SharePoint Site Classification and Sensitivity
| |
|---|
| What to check | Sites are classified by sensitivity. Container-level sensitivity labels applied to sites/Teams. |
| Risk if missed | Without classification, there’s no way to programmatically identify which sites contain sensitive data that needs tighter controls before Copilot rollout. |
| What good looks like | All active sites have a sensitivity label or classification applied. High-sensitivity sites have Restricted Access Control (RAC) enabled. |
Get-SPOSite -Limit All |
Select-Object Url, SensitivityLabel, Template |
Where-Object { [string]::IsNullOrEmpty($_.SensitivityLabel) }
# Returns sites WITHOUT a sensitivity label — these are your gaps
3.7 Orphaned and Stale Sites
| |
|---|
| What to check | Inactive sites, sites with no owner, or sites with stale content that still have broad permissions. |
| Risk if missed | Abandoned sites with legacy broad permissions are a hidden oversharing risk. Copilot will surface content from them if the user has access. |
| What good looks like | Inactive site policy enforced (SAM). Sites with no activity in 12+ months reviewed and archived or deleted. All sites have at least one active owner. |
Get-SPOSite -Limit All |
Where-Object { $_.LastContentModifiedDate -lt (Get-Date).AddMonths(-12) } |
Select-Object Url, LastContentModifiedDate, Owner, StorageUsageCurrent
3.8 Restricted Content Discovery (RCD)
| |
|---|
| What to check | Whether Restricted Content Discovery is enabled for sensitive sites. |
| Risk if missed | Without RCD, Copilot and Search will surface content from overshared sites even if the user hasn’t previously interacted with it. |
| What good looks like | RCD enabled on high-sensitivity sites. Users only see content in Copilot/Search from sites they’ve previously visited (within 30-day window). |
# RCD is configured via SharePoint Advanced Management
# Check restricted search mode:
Get-SPOTenant | Select-Object IsRestrictedSearchEnabled
# Check site-level RCD:
Get-SPOSite -Identity <siteUrl> | Select-Object RestrictContentOrgWideSearch
3.9 Restricted Access Control (RAC) for Critical Sites
| |
|---|
| What to check | RAC policies applied to sensitive sites to restrict access to specified security groups only. |
| Risk if missed | Even users with inherited or legacy permissions can access the site. RAC overrides all other access. |
| What good looks like | RAC enabled on sites containing HR, finance, legal, executive, or other sensitive data. |
# RAC is configured per-site via SAM
Get-SPOSite -Identity <siteUrl> | Select-Object RestrictedAccessControl
# Or set via:
# Set-SPOSite -Identity <siteUrl> -RestrictedAccessControl $true
Labels are your mechanism for telling Copilot “don’t touch this”. Without them, you’re relying entirely on permissions — and we’ve already established that permissions are probably a mess.
4.1 Sensitivity Label Taxonomy
| |
|---|
| What to check | A sensitivity label taxonomy has been designed and published. |
| Risk if missed | Without labels, there’s no mechanism to control Copilot’s access to specific documents via DLP rules, and no label inheritance for Copilot-generated content. |
| What good looks like | Minimum taxonomy: Public, Internal, Confidential, Highly Confidential. Labels published to all users. |
# Security & Compliance PowerShell
Connect-IPPSSession
Get-Label | Select-Object DisplayName, Priority, Disabled, ParentId,
@{N='Encryption';E={$_.EncryptionEnabled}}
4.2 Label Adoption Rate
| |
|---|
| What to check | What percentage of content actually has labels applied (vs the taxonomy just existing). |
| Risk if missed | Taxonomy exists but adoption is low = labels aren’t protecting anything. Copilot-generated content won’t inherit labels if source content is unlabelled. |
| What good looks like | >80% of documents in SharePoint/OneDrive have a label applied. High-sensitivity content (HR, finance, legal) at 100%. |
# Microsoft Purview > Information Protection > Content Explorer
# Or via:
# M365 Admin Centre > Reports > Microsoft Purview > Label activity
# Data Access Governance reports in SharePoint Admin Centre also show labelling rates
4.3 Default Sensitivity Label for Libraries
| |
|---|
| What to check | Default labels configured for SharePoint libraries so new documents automatically receive a label. |
| Risk if missed | New content created in SharePoint (including by Copilot) may be unlabelled, creating a governance gap. |
| What good looks like | Default label set on all document libraries. Users can upgrade but not downgrade. |
# Check library-level default label via PnP PowerShell
Connect-PnPOnline -Url <siteUrl> -Interactive
Get-PnPList | Select-Object Title, DefaultSensitivityLabelForLibrary
4.4 Encryption and Usage Rights on Labels
| |
|---|
| What to check | Labels that apply encryption have correct usage rights. Copilot requires EXTRACT and VIEW rights to process content. |
| Risk if missed | If a label applies encryption but doesn’t grant EXTRACT right, Copilot cannot summarise or reference the document — which may be intentional for highly sensitive content, or may be an oversight that confuses users. |
| What good looks like | Clear documentation of which labels allow Copilot access (EXTRACT + VIEW) and which intentionally block it. |
Get-Label | Where-Object { $_.EncryptionEnabled -eq $true } |
Select-Object DisplayName,
@{N='RightsDefinitions';E={$_.EncryptionRightsDefinitions}}
# Review for "EXTRACT" right in the rights definitions
4.5 User-Defined Permissions (UDP) Labels
| |
|---|
| What to check | Labels that use user-defined permissions — where the user chooses who can access at time of labelling. |
| Risk if missed | Copilot agents and some Copilot features cannot read files with UDP-based encryption. Users may be confused when Copilot can’t access documents they can see. |
| What good looks like | UDP labels documented. Users trained to understand that Copilot won’t access UDP-protected content. |
Get-Label | Where-Object { $_.EncryptionEnabled -eq $true } |
Select-Object DisplayName, EncryptionProtectionType
# EncryptionProtectionType: Template = admin-defined, UserDefined = UDP
4.6 Auto-Labelling Policies
| |
|---|
| What to check | Auto-labelling policies configured to detect and label sensitive content (e.g., documents containing PII, financial data, health records). |
| Risk if missed | Sensitive content remains unlabelled and unprotected. Copilot can freely surface it. |
| What good looks like | Auto-labelling policies active for common sensitive information types (SSN, credit cards, health records). Simulation run before enforcement. Requires E5 or E5 Compliance add-on. |
Get-AutoSensitivityLabelPolicy | Select-Object Name, Mode, Enabled,
@{N='Rules';E={$_.AutoSensitivityLabelPolicyRuleLinks.Count}}
# Mode: Enable (enforcing) or TestWithNotifications (simulation)
4.7 Container Labels for Teams, Groups, and Sites
| |
|---|
| What to check | Sensitivity labels applied at the container level (Teams, M365 Groups, SharePoint sites) to govern privacy, guest access, and sharing settings. |
| Risk if missed | Container labels are not inherited by items within the container. Teams chat messages summarised by Copilot won’t display the container label. This is a known gap. |
| What good looks like | Container labels applied to all Teams and M365 Groups. Understanding documented that item-level labels are still needed for content protection. |
# List M365 Groups with their sensitivity labels
Connect-MgGraph -Scopes "Group.Read.All"
Get-MgGroup -Filter "groupTypes/any(g:g eq 'Unified')" -All |
Select-Object DisplayName, @{N='SensitivityLabel';E={$_.AssignedLabels.LabelId}}
5. Data Loss Prevention (DLP)
DLP is the runtime control layer. Sensitivity labels classify content; DLP policies enforce what happens when that classified content interacts with Copilot.
5.1 DLP Policies for the Copilot Location
| |
|---|
| What to check | DLP policies created using the “Microsoft 365 Copilot and Copilot Chat” policy location. |
| Risk if missed | Without Copilot-specific DLP, Copilot can freely reference documents containing sensitive data types in its responses. |
| What good looks like | DLP policy targeting the Copilot location, with rules for sensitivity-labelled content and sensitive information types (separate rules — they cannot be combined in the same rule). |
Connect-IPPSSession
Get-DlpCompliancePolicy |
Where-Object { $_.Workload -match 'Copilot' -or $_.CopilotLocation -ne $null } |
Select-Object Name, Mode, Enabled
5.2 Sensitivity Label Exclusion Rules
| |
|---|
| What to check | DLP rules that prevent Copilot from processing content with specific sensitivity labels (e.g., “Highly Confidential”). |
| Risk if missed | Highly confidential documents will appear in Copilot citations and may be summarised. |
| What good looks like | Rule in Copilot DLP policy: “Content contains > Sensitivity labels > Highly Confidential” with action to block Copilot processing. Items still appear in citations but content is not used. |
Get-DlpComplianceRule |
Where-Object { $_.ParentPolicyName -match 'Copilot' } |
Select-Object Name, ContentContainsSensitiveInformation,
@{N='LabelConditions';E={$_.ContentContainsSensitivityLabel}}
| |
|---|
| What to check | DLP rules that detect when users include sensitive information types (SSN, credit card numbers, etc.) in Copilot prompts. |
| Risk if missed | Users could paste or type sensitive data into Copilot prompts. Copilot processes the prompt including the SIT. |
| What good looks like | SIT-based DLP rule in the Copilot location. Cannot be in the same rule as label-based conditions — must be a separate rule. |
Check as per 5.2 — review rules for SIT conditions vs label conditions.
5.4 Existing DLP Policies — Exchange, SharePoint, OneDrive, Teams
| |
|---|
| What to check | Existing DLP policies covering traditional workloads are functional and not in test-only mode. |
| Risk if missed | Even without Copilot-specific DLP, existing DLP policies reduce the likelihood of sensitive content being broadly accessible (and therefore Copilot-surfaceable). |
| What good looks like | DLP policies active (not in simulation mode) for Exchange, SharePoint, OneDrive, and Teams. Policy tips enabled to warn users. |
Get-DlpCompliancePolicy |
Select-Object Name, Mode, Enabled, Workload,
@{N='RuleCount';E={(Get-DlpComplianceRule -Policy $_.Name).Count}}
5.5 Data Security Posture Management (DSPM) for AI
| |
|---|
| What to check | Microsoft Purview DSPM for AI is configured to monitor Copilot interactions and detect risky usage patterns. |
| Risk if missed | No visibility into how users are interacting with Copilot, what data is being surfaced, or whether sensitive data is being exfiltrated via Copilot responses. |
| What good looks like | DSPM for AI enabled. Alerts configured for sensitive content exposure through Copilot. Requires E5 Compliance or E5 + Copilot. |
# Microsoft Purview portal > AI Hub > Data Security Posture Management
# Review: Oversharing alerts, sensitive content in Copilot interactions, user risk scores
6. Exchange Online
Email is the other massive data store Copilot can access. Every forwarding rule, shared mailbox, and stale permission is a potential data leak vector.
6.1 Mailbox Forwarding Rules Audit
| |
|---|
| What to check | Audit all mailbox forwarding (admin-configured and user Inbox rules) that forward to external addresses. |
| Risk if missed | If email is being forwarded externally, Copilot-generated summaries of mailbox content are also effectively exposed to external parties through the forwarded copies. |
| What good looks like | External forwarding disabled by default (anti-spam policy setting = “Off” or “Automatic”). Any exceptions documented and justified. |
Connect-ExchangeOnline
# Admin-configured forwarding
Get-Mailbox -ResultSize Unlimited |
Where-Object { $_.ForwardingSmtpAddress -or $_.ForwardingAddress } |
Select-Object DisplayName, ForwardingSmtpAddress, ForwardingAddress
# User Inbox rules with forwarding
Get-Mailbox -ResultSize Unlimited | ForEach-Object {
Get-InboxRule -Mailbox $_.UserPrincipalName |
Where-Object { $_.ForwardTo -or $_.ForwardAsAttachmentTo -or $_.RedirectTo } |
Select-Object MailboxOwnerId, Name, ForwardTo, RedirectTo, Enabled
}
6.2 Anti-Spam Policy — External Forwarding
| |
|---|
| What to check | Outbound anti-spam policy automatic forwarding setting. |
| Risk if missed | If set to “On”, any user can configure external forwarding without admin knowledge. |
| What good looks like | Set to “Off” or “Automatic” (which currently behaves as Off). Exceptions handled via per-user policy if required. |
Get-HostedOutboundSpamFilterPolicy |
Select-Object Name, AutoForwardingMode
# AutoForwardingMode: Automatic, On, Off
6.3 Mailbox Permissions — Full Access, Send As, Send on Behalf
| |
|---|
| What to check | Audit who has Full Access, Send As, and Send on Behalf permissions on mailboxes. |
| Risk if missed | Users with Full Access to shared mailboxes can have Copilot summarise the entire shared mailbox contents — including data they may not normally review. |
| What good looks like | Full Access grants are documented and limited to legitimate need. No stale grants from former employees or role changes. |
# Full Access permissions
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission |
Where-Object { $_.User -ne 'NT AUTHORITY\SELF' -and $_.IsInherited -eq $false } |
Select-Object Identity, User, AccessRights
# Send As permissions
Get-Mailbox -ResultSize Unlimited | Get-RecipientPermission |
Where-Object { $_.Trustee -ne 'NT AUTHORITY\SELF' } |
Select-Object Identity, Trustee, AccessRights
6.4 Shared Mailbox Access Review
| |
|---|
| What to check | Shared mailbox membership is current and follows least-privilege. |
| Risk if missed | Shared mailboxes often accumulate members over time. Copilot can summarise all content in a shared mailbox that a user has access to — even content they’ve never opened. |
| What good looks like | Shared mailbox membership reviewed quarterly. Members limited to active role holders. |
Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited |
ForEach-Object {
$mbx = $_
Get-MailboxPermission -Identity $mbx.Identity |
Where-Object { $_.User -ne 'NT AUTHORITY\SELF' -and $_.IsInherited -eq $false } |
Select-Object @{N='SharedMailbox';E={$mbx.DisplayName}}, User, AccessRights
}
6.5 Mailbox Audit Logging
| |
|---|
| What to check | Mailbox auditing is enabled organisation-wide and not overridden at individual mailbox level. |
| Risk if missed | Can’t track what Copilot accessed or what mailbox operations occurred. |
| What good looks like | AuditDisabled = False at org level. No individual mailbox overrides. |
# Org-level check
Get-OrganizationConfig | Select-Object AuditDisabled
# Should be False
# Find any individual overrides
Get-Mailbox -ResultSize Unlimited |
Where-Object { $_.AuditEnabled -eq $false } |
Select-Object DisplayName, UserPrincipalName, AuditEnabled
6.6 Transport Rules and Mail Flow Rules
| |
|---|
| What to check | Review mail flow rules for any that auto-forward, redirect, or BCC to external addresses. |
| Risk if missed | Organisation-wide transport rules can silently copy mail externally, amplifying Copilot data exposure. |
| What good looks like | No transport rules forwarding to external recipients without documented justification. |
Get-TransportRule | Where-Object {
$_.BlindCopyTo -or $_.CopyTo -or $_.RedirectMessageTo
} | Select-Object Name, State, BlindCopyTo, CopyTo, RedirectMessageTo
7. Microsoft Teams Governance
Teams sprawl is the second-biggest oversharing vector after SharePoint permissions. Every Team is a data container, and Copilot can surface content from all of them.
7.1 Teams Creation Policy
| |
|---|
| What to check | Who can create Teams/M365 Groups. |
| Risk if missed | Uncontrolled Teams creation = sprawl of data containers with default (often broad) permissions. Copilot surfaces content from all Teams the user is a member of. |
| What good looks like | Teams creation restricted to a security group (e.g., IT admins, team leads). Self-service requests via a managed process. |
# Check M365 Group creation restriction
Connect-MgGraph -Scopes "Directory.Read.All"
$settings = Get-MgDirectorySetting |
Where-Object { $_.DisplayName -eq 'Group.Unified' }
$settings.Values | Where-Object { $_.Name -eq 'EnableGroupCreation' } |
Select-Object Name, Value
# Value = false means creation is restricted
# Also check GroupCreationAllowedGroupId for the allowed security group
7.2 Guest Access in Teams
| |
|---|
| What to check | Guest access settings for Teams — whether guests can be added, and what they can access. |
| Risk if missed | Guest users added to Teams get access to channel conversations, files, and meeting notes. While guests can’t use Copilot, internal users’ Copilot can surface content from Teams that include guest members — which may contain guest-contributed content that shouldn’t propagate. |
| What good looks like | Guest access policy reviewed. Guest additions require owner approval. Guest access expires (access reviews configured if Entra P2 available). |
# Teams admin settings
Connect-MicrosoftTeams
Get-CsTeamsGuestMeetingConfiguration
Get-CsTeamsGuestCallingConfiguration
Get-CsTeamsGuestMessagingConfiguration
# Also check org-wide Teams settings:
Get-CsTeamsClientConfiguration | Select-Object AllowGuestUser
7.3 External Access (Federation)
| |
|---|
| What to check | Which external domains can communicate with your users via Teams chat/calls. |
| Risk if missed | Open federation allows any external Teams user to contact your users. Chat content may be indexed and surfaceable by Copilot. |
| What good looks like | External access restricted to specific trusted domains (not “open to all”). |
Get-CsTenantFederationConfiguration |
Select-Object AllowFederatedUsers, AllowedDomains, BlockedDomains,
AllowTeamsConsumer, AllowTeamsConsumerInbound
7.4 Channel Types and Permissions
| |
|---|
| What to check | Audit use of Standard channels (visible to all team members) vs Private/Shared channels (restricted). |
| Risk if missed | Standard channels expose all content to all team members. Copilot surfaces standard channel content to anyone in the team. |
| What good looks like | Sensitive discussions use Private channels. Shared channels reviewed for cross-team access scope. |
# List all teams and their channels with type
Connect-MicrosoftTeams
Get-Team -All | ForEach-Object {
$team = $_
Get-TeamChannel -GroupId $team.GroupId |
Select-Object @{N='Team';E={$team.DisplayName}}, DisplayName, MembershipType
}
# MembershipType: Standard, Private, Shared
7.5 Teams App Permissions
| |
|---|
| What to check | Third-party Teams apps with data access permissions. |
| Risk if missed | Overly permissive third-party apps can access Teams data. Combined with Copilot, this increases the attack surface. |
| What good looks like | App permission policy restricts which apps users can install. Only approved apps allowed. |
Get-CsTeamsAppPermissionPolicy |
Select-Object Identity, DefaultCatalogAppsType, GlobalCatalogAppsType,
PrivateCatalogAppsType
7.6 Meeting Copilot Controls
| |
|---|
| What to check | Copilot in Teams meetings settings — whether meeting transcription and Copilot summarisation are enabled. |
| Risk if missed | Copilot can summarise meeting content, generate action items, and reference meeting transcripts. Sensitive meetings may need Copilot disabled. |
| What good looks like | Org-wide default set. Sensitivity-label-based meeting policies restrict Copilot in confidential meetings. Meeting organisers can toggle Copilot per meeting. |
Get-CsTeamsMeetingPolicy |
Select-Object Identity, AllowTranscription, AllowCartCaptionsAndTranscriptions,
CopilotWithoutTranscript
# Note: Specific Copilot meeting policy settings may vary by release channel
8. Compliance and Audit Logging
You need to be able to see what Copilot is doing. If you can’t audit it, you can’t govern it.
8.1 Unified Audit Log
| |
|---|
| What to check | Unified Audit Log is enabled for the tenant. |
| Risk if missed | No visibility into Copilot interactions, data access, or security events. Cannot investigate incidents. |
| What good looks like | Audit logging enabled. Audit (Standard) active at minimum. Audit (Premium) for Copilot-specific events if E5. |
Connect-ExchangeOnline
Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled
# Must be True
8.2 Copilot Interaction Audit Events
| |
|---|
| What to check | Copilot-specific audit events are being captured (requires Audit Premium with E5 + Copilot). |
| Risk if missed | Can’t see what users prompted, what Copilot returned, or which documents were referenced. |
| What good looks like | Audit (Premium) enabled. Copilot interaction events (CopilotInteraction) searchable in audit log. Retention policy set to 1+ year. |
# Search for Copilot interaction events
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) `
-RecordType CopilotInteraction -ResultSize 10 |
Select-Object CreationDate, UserIds, Operations
8.3 Audit Log Retention
| |
|---|
| What to check | Audit log retention period configured (default 180 days for E5, 90 days for E3). |
| Risk if missed | Copilot interaction logs expire before they can be reviewed for compliance or incident investigation. |
| What good looks like | Custom retention policy for Copilot events set to 1 year (or as required by compliance). |
Get-UnifiedAuditLogRetentionPolicy |
Select-Object Name, Priority, RetentionDuration, RecordTypes
8.4 eDiscovery Readiness for Copilot Content
| |
|---|
| What to check | Copilot interactions are discoverable via eDiscovery (Standard or Premium). |
| Risk if missed | Copilot-generated content may be subject to legal hold or discovery obligations. If not capturable, the organisation may face compliance risk. |
| What good looks like | Copilot prompts and responses are searchable in Content Search and eDiscovery. Legal hold policies can capture Copilot interaction data. |
# Microsoft Purview portal > eDiscovery > Content Search
# Search for Copilot interaction data using the "Copilot interactions" item type
# Requires E5 + Copilot for full Copilot audit data in eDiscovery
8.5 Communication Compliance (Optional)
| |
|---|
| What to check | Communication compliance policies that monitor Copilot interactions for regulatory violations (e.g., financial services, healthcare). |
| Risk if missed | Users may use Copilot to draft or summarise content that violates regulatory requirements without detection. |
| What good looks like | Communication compliance policy targeting Microsoft 365 Copilot location. Requires E5 Compliance. |
# Microsoft Purview portal > Communication Compliance > Policies
# Check for policies targeting the "Microsoft 365 Copilot" location
9. Oversharing Risk Assessment
This section pulls together the highest-risk oversharing vectors into a focused assessment. If your stakeholder needs a “top 5 scariest things” summary, start here.
9.1 “Everyone Except External Users” (EEEU) Permission Sweep
| |
|---|
| What to check | All SharePoint sites, OneDrive files, and Teams where EEEU (or equivalent broad groups) have been granted access. |
| Risk if missed | Single highest-impact oversharing vector. EEEU means every internal user — and therefore every internal user’s Copilot — can access the content. |
| What good looks like | EEEU removed from all sites except intentionally public ones (e.g., corporate intranet, all-staff announcements). |
# Requires SharePoint Advanced Management
# SharePoint Admin Centre > Reports > Data access governance > Sharing links
# Filter for "Everyone except external users" permissions
# Alternatively use the site permissions report (see 3.4)
9.2 Org-Wide Teams
| |
|---|
| What to check | Any Teams that use org-wide membership (auto-adds all users in the tenant). |
| Risk if missed | All content in org-wide Teams is accessible to every user’s Copilot. |
| What good looks like | Org-wide Teams used only for truly public announcements. No sensitive data in org-wide Teams. |
Get-Team -All | Where-Object { $_.Visibility -eq 'Public' } |
Select-Object DisplayName, GroupId, MemberCount, Visibility
# Review public Teams — especially any with "org-wide" in the name or description
9.3 Public M365 Groups
| |
|---|
| What to check | M365 Groups set to “Public” visibility (anyone in the org can join without approval). |
| Risk if missed | Public groups allow any user to self-join and access all content. Copilot surfaces content from groups the user is a member of. |
| What good looks like | Default group privacy set to “Private”. Existing public groups reviewed and converted where appropriate. |
Get-MgGroup -Filter "groupTypes/any(g:g eq 'Unified') and visibility eq 'Public'" -All |
Select-Object DisplayName, Id, Visibility, CreatedDateTime
9.4 SharePoint Hub Site Permissions
| |
|---|
| What to check | Hub sites that propagate navigation and permissions to associated sites. |
| Risk if missed | Hub association can create implicit access paths if not configured carefully. |
| What good looks like | Hub sites documented. Permissions inheritance from hub reviewed. |
Get-SPOHubSite | Select-Object Title, SiteUrl, Permissions
9.5 OneDrive “Shared with Everyone” Files
| |
|---|
| What to check | Individual OneDrive files shared with broad audiences (org-wide links, EEEU). |
| Risk if missed | Users often share OneDrive files with “People in your organisation” without realising the scope. These files then appear in other users’ Copilot results. |
| What good looks like | Default OneDrive sharing set to “Specific people”. Existing org-wide links identified and remediated. |
# This requires per-user OneDrive enumeration
# Large-scale audit typically needs SharePoint Advanced Management reports
# Or third-party tools (Syskit, ShareGate, etc.)
9.6 Cross-Tenant and B2B Access
| |
|---|
| What to check | Cross-tenant access policies (B2B collaboration and B2B direct connect). |
| Risk if missed | External organisations with B2B direct connect can participate in shared channels. Content from these channels may be surfaced by Copilot for internal users. |
| What good looks like | Cross-tenant access policies explicitly configured. B2B direct connect limited to trusted organisations. |
Connect-MgGraph -Scopes "Policy.Read.All"
Get-MgPolicyCrossTenantAccessPolicyPartner -All |
Select-Object TenantId,
@{N='B2BCollab';E={$_.B2bCollaborationInbound.Applications.AccessType}},
@{N='B2BDirectConnect';E={$_.B2bDirectConnectInbound.Applications.AccessType}}
10. Microsoft-Recommended Readiness Steps
The governance and people stuff. Less exciting than PowerShell, but this is where rollouts actually succeed or fail.
10.1 Run the Copilot Readiness Report
| |
|---|
| What to check | Use the built-in readiness report in the M365 Admin Centre. |
| Risk if missed | May miss users who lack prerequisites or who are strong pilot candidates. |
| What good looks like | Report reviewed. Prerequisite licence gaps identified. Top 25% suggested candidates used for pilot selection. |
M365 Admin Centre > Reports > Usage > Microsoft 365 Copilot > Readiness tab
10.2 SharePoint Advanced Management (SAM) Activation
| |
|---|
| What to check | SAM is activated (included with E5 or available as add-on). |
| Risk if missed | Without SAM, you lack access to: site permissions reports, data access governance reports, Restricted Content Discovery, Restricted Access Control, and inactive site policies. These are the primary Copilot oversharing remediation tools. |
| What good looks like | SAM active. Data access governance reports scheduled. |
SharePoint Admin Centre > Settings > SharePoint Advanced Management
# Or check licence assignment for the SAM add-on SKU
10.3 Pilot Group Definition
| |
|---|
| What to check | A defined pilot group with clear selection criteria. |
| Risk if missed | Broad rollout without pilot = uncontrolled exposure. |
| What good looks like | 5-10% of users in pilot. Mix of roles (exec, sales, ops, IT). Users with high M365 usage. Access reviewed specifically for pilot users using the SAM “site permissions for a user” report. |
# Use M365 Admin Centre Copilot readiness report "Suggested candidates" column
10.4 AI Usage Policy
| |
|---|
| What to check | An Acceptable Use Policy for AI/Copilot has been drafted, approved, and communicated. |
| Risk if missed | Users may paste confidential data into prompts, share Copilot outputs externally, or rely on Copilot for regulated decisions without oversight. |
| What good looks like | Written policy covering: what data can be used in prompts, how to handle Copilot output, prohibited uses, escalation for concerns. Acknowledged by all Copilot users. |
10.5 User Training and Change Management
| |
|---|
| What to check | Training plan and materials prepared for Copilot users. |
| Risk if missed | Low adoption, misuse, or user frustration leading to abandoned licences (wasted spend). |
| What good looks like | Role-specific training. Quick-start guides. “Prompt of the week” programme. Champions network. Feedback channel. |
10.6 Success Metrics and ROI Tracking
| |
|---|
| What to check | Defined KPIs for measuring Copilot success. |
| Risk if missed | Can’t demonstrate value, leading to licence churn at renewal. |
| What good looks like | Baseline metrics captured pre-deployment. Viva Insights or M365 Usage Reports configured to track Copilot adoption, time saved, and user satisfaction. |
M365 Admin Centre > Reports > Usage > Microsoft 365 Copilot > Usage tab
# Also: Viva Insights Copilot Dashboard (requires Viva Insights licence)
Appendix A: Required PowerShell Modules
| Module | Install Command | Used For |
|---|
| Microsoft.Graph | Install-Module Microsoft.Graph | Entra ID, Groups, Users, Policies |
| Microsoft.Graph.Beta | Install-Module Microsoft.Graph.Beta | MFA registration details, beta APIs |
| ExchangeOnlineManagement | Install-Module ExchangeOnlineManagement | Mailbox settings, forwarding, transport rules |
| Microsoft.Online.SharePoint.PowerShell | Install-Module Microsoft.Online.SharePoint.PowerShell | SharePoint tenant/site settings |
| PnP.PowerShell | Install-Module PnP.PowerShell | SharePoint library-level settings |
| MicrosoftTeams | Install-Module MicrosoftTeams | Teams policies and settings |
| ExchangeOnlineManagement (IPPSSession) | Connect-IPPSSession | Sensitivity labels, DLP policies |
Appendix B: Required Graph API Permissions (Application)
| Permission | Scope | Used For |
|---|
| User.Read.All | Application | User enumeration, licence checks |
| Directory.Read.All | Application | Roles, groups, policies |
| Policy.Read.All | Application | Conditional access, cross-tenant policies |
| Group.Read.All | Application | M365 Groups, Teams membership |
| AuditLog.Read.All | Delegated | MFA registration status |
| Sites.Read.All | Application | SharePoint site enumeration |
| Mail.Read | Delegated | Mailbox access (use cautiously) |
| SecurityEvents.Read.All | Application | Security alerts |
Appendix C: Licence Matrix for Readiness Features
| Feature | E3 | E5 | E3 + E5 Compliance | Business Premium |
|---|
| Manual sensitivity labels | Yes | Yes | Yes | Yes |
| Auto-labelling | No | Yes | Yes | No |
| DLP (Exchange, SPO, OD) | Yes | Yes | Yes | Yes |
| DLP (Copilot location) | Yes | Yes | Yes | Yes |
| Audit (Standard) | Yes | Yes | Yes | Yes |
| Audit (Premium) + Copilot events | No | Yes | Yes | No |
| eDiscovery (Premium) | No | Yes | Yes | No |
| SharePoint Advanced Management | No | Yes | Add-on | No |
| Conditional Access | P1 incl. | P2 incl. | P1 incl. | P1 incl. |
| PIM (just-in-time admin) | No | P2 incl. | No | No |
| DSPM for AI | No | Yes | Yes | No |
| Communication Compliance | No | Yes | Yes | No |
| Entra Access Reviews | No | P2 incl. | No | No |
References
This checklist was built from hands-on audit work and cross-referenced against these resources: