From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot Readiness, Data Security and Governance Workshop
NikkiChapple
122 views
163 slides
Oct 20, 2025
Slide 1 of 163
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
About This Presentation
Title | From Data Chaos to Copilot Confidence – A Step-by-Step Microsoft 365 Copilot Readiness, Data Security and Governance Workshop
Presenter | Nikki Chapple, Microsoft MVP, Principal Cloud Architect, CloudWay; Al Eardley, Architect, Microsoft Innovation Hub
Event | South Coast Summit 2025
Forma...
Slide Content
SOUTHCOASTSUMMIT
ACLOUDTECHNOLOGYCOMMUNITYCONFERENCE #SCS2025
From Data Chaos to Copilot
Confidence: A Step-by-Step
Microsoft 365 Readiness Workshop
Nikki Chapple
Al Eardley
ACLOUDTECHNOLOGYCOMMUNITYCONFERENCE #SCS2025
From Data Chaos to Copilot
Confidence: A Step-by-Step
Microsoft 365 Readiness Workshop
Nikki Chapple
Al Eardley
THANKYOUTOOURSPONSORS
SOUTHCOASTSUMMIT
ACLOUDTECHNOLOGYCOMMUNITYCONFERENCE #SCS2025
SOUTHCOASTSUMMIT
ACLOUDTECHNOLOGYCOMMUNITYCONFERENCE #SCS2025
#SCS2025
3
THANK YOU TO OUR SPONSORS
3
THANK YOU TO OUR SPONSORS
Nikki Chapple
Principal Cloud Architect, CloudWay
Microsoft MVP
All Things
M365
Compliance
LinkedIn
Blog
Principal Cloud Architect, CloudWay
Microsoft MVP
All Things
M365
Compliance
Blog
Al Eardley
Architect,
Microsoft Innovation Hub
LinkedIn
Architect,
Microsoft Innovation Hub
Agenda
Time Description
08:30 – 08:45 Logistics, introductions & objectives
08:45 – 09:30 What is the problem?
09:30 – 10:00 How does Copilot actually work?
10:00 – 10:30 Strategic Vision
10:30 – 10:45 Break
10:45 – 11:45 Tools – What does What?
13:00 – 14:00 Lunch
14:00 – 15:30 Tools – What does What?
15:30 – 15:45 Break
15:45 – 17:00 Strategic Approach – Next steps
17:00 Close
Time Description
08:30 – 08:45 Logistics, introductions & objectives
08:45 – 09:30 What is the problem?
09:30 – 10:00 How does Copilot actually work?
10:00 – 10:30 Strategic Vision
10:30 – 10:45 Break
10:45 – 11:45 Tools – What does What?
13:00 – 14:00 Lunch
14:00 – 15:30 Tools – What does What?
15:30 – 15:45 Break
15:45 – 17:00 Strategic Approach – Next steps
17:00 Close
What is the problem?
Risk of Internal oversharing
Confidence and Trust
History Repeats Itself – 2007 onwards
SharePoint 2007+
Passive filtering – required a search term
Passive results – click on documents to open them
Content in SharePoint
SharePoint 2007+
Passive filtering – required a search term
Passive results – click on documents to open them
Content in SharePoint
History Repeats Itself – 2015 - 2024
Delve
Active filtering – documents related to a person
Passive results – click on documents to open them
Content in Office 365/Microsoft 365
Microsoft Search
Passive filtering – required a search
term
Passive results – click on documents
to open them
Content in Office 365/Microsoft 365
Content ingested by Graph
Connectors from 3rd party solutions
Copilot for Microsoft 365
Active filtering – based on the
prompt, filters will be applied
Active results – content is generated,
no need to open documents or page
through hundreds of results
Content in Microsoft 365
Content ingested by Graph
Connectors from 3rd party solutions
Delve
Active filtering – documents related to a person
Passive results – click on documents to open them
Content in Office 365/Microsoft 365
Microsoft Search
Passive filtering – required a search
term
Passive results – click on documents
to open them
Content in Office 365/Microsoft 365
Content ingested by Graph
Connectors from 3rd party solutions
Copilot for Microsoft 365
Active filtering – based on the
prompt, filters will be applied
Active results – content is generated,
no need to open documents or page
through hundreds of results
Content in Microsoft 365
Content ingested by Graph
Connectors from 3rd party solutions
History Repeats Itself – 2019 onwards
Microsoft Search
Passive filtering – required a search term
Passive results – click on documents to open them
Content in Office 365/Microsoft 365
Content ingested by Graph Connectors from 3rd party solutions
Copilot for Microsoft 365
Active filtering – based on the
prompt, filters will be applied
Active results – content is generated,
no need to open documents or page
through hundreds of results
Content in Microsoft 365
Content ingested by Graph
Connectors from 3rd party solutions
Microsoft Search
Passive filtering – required a search term
Passive results – click on documents to open them
Content in Office 365/Microsoft 365
Content ingested by Graph Connectors from 3rd party solutions
Copilot for Microsoft 365
Active filtering – based on the
prompt, filters will be applied
Active results – content is generated,
no need to open documents or page
through hundreds of results
Content in Microsoft 365
Content ingested by Graph
Connectors from 3rd party solutions
History Repeats Itself – 2023 onwards
Copilot for Microsoft 365
Active filtering – based on the prompt, filters will be applied
Active results – content is generated, no need to open documents or page
through hundreds of results
Content in Microsoft 365
Content ingested by Graph Connectors from 3rd party solutions
Copilot for Microsoft 365
Active filtering – based on the prompt, filters will be applied
Active results – content is generated, no need to open documents or page
through hundreds of results
Content in Microsoft 365
Content ingested by Graph Connectors from 3rd party solutions
All access to content in Microsoft 365 is secured through permissions
I cannot find or open what I do not have permissions to read
I cannot find or open what I do not have permissions to read
Migration Issues
On-Prem
Exchange
Active Directory
Microsoft 365
Exchange Online
Entra
SharePoint 2013
SharePoint 2016
Skype for Business
SharePoint Online
Purview
Teams
File Shares OneDrive
On-Prem
Exchange
Active Directory
Microsoft 365
Exchange Online
Entra
SharePoint 2013
SharePoint 2016
Skype for Business
SharePoint Online
Purview
Teams
File Shares OneDrive
Missed Tricks
Permissions Reviews
Lift and shift because it was easier
Security through obscurity
Classification Labelling
Too difficult to review
Adoption is hard
Content Management Lifecycle
Cull old content
Move content to restricted access archives
Automated disposition
Permissions Reviews
Lift and shift because it was easier
Security through obscurity
Classification Labelling
Too difficult to review
Adoption is hard
Content Management Lifecycle
Cull old content
Move content to restricted access archives
Automated disposition
How does Copilot
actually work?
actually work?
Large Language Model Basics
1
Search content to
ground response
2 3
User Prompt
Return content to
ground response
4
User Prompt
+
System Prompt
+
Content
5
LLM response
6
Responsible AI
7
Response
1
Search content to
ground response
2 3
User Prompt
Return content to
ground response
4
User Prompt
+
System Prompt
+
Content
5
LLM response
6
Responsible AI
7
Response
The UI for AI
Copilot StudioCopilot
Powered by a
Network of Agents
Azure AIFoundry
& Beyond
Copilot StudioCopilot
Powered by a
Network of Agents
Azure AIFoundry
& Beyond
Microsoft Graph
Colleague Agent
Virtual Assistant that can address Employee
questions on Leave, IT support issues, tasks,
and action administrative tasks on the
employee's behalf.
External Sources
Digital Experience Layer
Multi - Agent
Orchestration
MCP/ API /
Connector
MCP/ API /
Connector
MCP/ API /
Connector
AI Foundry
Colleague Agent
Virtual Assistant that can address Employee
questions on Leave, IT support issues, tasks,
and action administrative tasks on the
employee's behalf.
External Sources
Digital Experience Layer
Multi - Agent
Orchestration
MCP/ API /
Connector
MCP/ API /
Connector
MCP/ API /
Connector
AI Foundry
All access to content in Microsoft 365 is secured through permissions
I cannot find or open what I do not have permissions to read
I cannot find or open what I do not have permissions to read
Strategic Vision
3 essentials for Copilot success
Leadership
Develop leadership capabilities to
leverage AI for business outcomes
Executive sponsorship
Align AI to business strategy
Providing clarity and prioritization
Best practice: AI Council
Manage the human transformation with robust
user enablement programs
Technical readiness
Build and iterate technical skills to
deliver on business results
Secure your data infrastructure
Policy review
Extend to new high value line of
businessscenarios
Best practice: Optimization
Assessment
Responsible AI principles
Human change
User enablement program
Communications and community
Skilling and training
Best practice: Community of Practice
and Copilot Dashboard
Leadership
Develop leadership capabilities to
leverage AI for business outcomes
Executive sponsorship
Align AI to business strategy
Providing clarity and prioritization
Best practice: AI Council
Manage the human transformation with robust
user enablement programs
Technical readiness
Build and iterate technical skills to
deliver on business results
Secure your data infrastructure
Policy review
Extend to new high value line of
businessscenarios
Best practice: Optimization
Assessment
Responsible AI principles
Human change
User enablement program
Communications and community
Skilling and training
Best practice: Community of Practice
and Copilot Dashboard
Innovate with AI
Ideation
Human
ambition
Problems to
resolve
Scale
Roll-out
Adoption
Support
Experimentation
What if … ?
New
technology
Fail fast
Operationalised Platforms Route to Live
Ideation
Human
ambition
Problems to
resolve
Scale
Roll-out
Adoption
Support
Experimentation
What if … ?
New
technology
Fail fast
Operationalised Platforms Route to Live
Operationalised Platforms
Governance
Strategy
AI Council to set organisational
strategy
Standards
What are the rules that
monitored and enforced to
ensure adherence to the
principles
Principles
What are the principles that
guide the responsible usage of
AI
Containers and
Services
Provisioning
How do users gain quick access
to the containers and services
they need to carry out an
experiment?
Data Loss Prevention
Are containers and services
secured to prevent data loss?
Segregation of Purpose
Are PROD and TEST separated?
Are Finance and HR separated?
Integration
APIs
Do systems of record have
secured APIs preventing
extension of permissions?
Connectors
Are out of the box or custom
connectors available to
connect to Systems of Record
MCP Servers
Are MCP Servers available for
access by agents?
Operating Model
Monitoring
Is there sufficient visibility to
identify incidents and risks?
Is monitoring triggering actions ,
notifications and mitigations?
Lifecycle Management
Are the lifecycles of all assets
defined? How long do they
persist before being retired?
Data
Test Data
Is test data available?
Will it work for the scenario that
is being tested?
Does it represent scale to test
performance?
Secure Access
Is access to data secured
appropriately?
A2A
How is the interaction of agents
enabled?
Governance
Strategy
AI Council to set organisational
strategy
Standards
What are the rules that
monitored and enforced to
ensure adherence to the
principles
Principles
What are the principles that
guide the responsible usage of
AI
Containers and
Services
Provisioning
How do users gain quick access
to the containers and services
they need to carry out an
experiment?
Data Loss Prevention
Are containers and services
secured to prevent data loss?
Segregation of Purpose
Are PROD and TEST separated?
Are Finance and HR separated?
Integration
APIs
Do systems of record have
secured APIs preventing
extension of permissions?
Connectors
Are out of the box or custom
connectors available to
connect to Systems of Record
MCP Servers
Are MCP Servers available for
access by agents?
Operating Model
Monitoring
Is there sufficient visibility to
identify incidents and risks?
Is monitoring triggering actions ,
notifications and mitigations?
Lifecycle Management
Are the lifecycles of all assets
defined? How long do they
persist before being retired?
Data
Test Data
Is test data available?
Will it work for the scenario that
is being tested?
Does it represent scale to test
performance?
Secure Access
Is access to data secured
appropriately?
A2A
How is the interaction of agents
enabled?
Route to Live
Deployment
Approval
What is the process to approve
deployment to Live?
Pipelines
What are mechanisms for
automated deployment?
Testing
Automated Testing
How are AI tools tested for
quality when they are non-
deterministic?
Red Team Testing
New ways to test AI tools that
reduce the risk of AI focused
attacks
Segregation of Purpose
Are PROD and TEST separated?
Are Finance and HR separated?
Support
Knowledge
Do the support team have the
knowledge and ability to
support users?
Ownership
FinOps
Are the costs monitored and
optimised?
Features and Models
Is there a review process to
assess the impact of new
features and models and their
impact?
Disaster Recovery and
Business Continuity
When a solution becomes
business critical, what happens
if it disappears?
Adoption
Knowledge and Ability
Do users have the knowledge
and ability to use the new
tools?
Communications
Is a clear communication
plan in place?
Diagnosis
Are the roles and
responsibilities for diagnosis
agreed?
Complex, autonomous agents
connecting via MCP to Systems
of Record
Community
Is there a community to
support usage and share
best practice?
Deployment
Approval
What is the process to approve
deployment to Live?
Pipelines
What are mechanisms for
automated deployment?
Testing
Automated Testing
How are AI tools tested for
quality when they are non-
deterministic?
Red Team Testing
New ways to test AI tools that
reduce the risk of AI focused
attacks
Segregation of Purpose
Are PROD and TEST separated?
Are Finance and HR separated?
Support
Knowledge
Do the support team have the
knowledge and ability to
support users?
Ownership
FinOps
Are the costs monitored and
optimised?
Features and Models
Is there a review process to
assess the impact of new
features and models and their
impact?
Disaster Recovery and
Business Continuity
When a solution becomes
business critical, what happens
if it disappears?
Adoption
Knowledge and Ability
Do users have the knowledge
and ability to use the new
tools?
Communications
Is a clear communication
plan in place?
Diagnosis
Are the roles and
responsibilities for diagnosis
agreed?
Complex, autonomous agents
connecting via MCP to Systems
of Record
Community
Is there a community to
support usage and share
best practice?
Create an image of a steaming cup of hot
coffee on a black background with blue
highlights.
Break –Back at 10:45
coffee on a black background with blue
highlights.
Break –Back at 10:45
A quick word on licencing
Official - Microsoft 365 Enterprise License Comparison
Official - Microsoft 365 Small and Medium-sized Businesses Licenses
Comparison
Comparison
Official - Microsoft Purview billing models
Community Resources - M365 Maps
Tools – What does What?
Lots of tools to choose from
Copilot for Security
Power Platform
Environment Group
Environment and DLP
Copilot Studio Agent
Microsoft 365
SharePoint Site & Teams
OneDrive
SharePoint Comms Site
SharePoint Agent
M365 Copilot Agent
Admin Portal
SharePoint Advanced
Management
Copilot Analytics
Entra
Security Group
M365 Group
Identity
Licencing
Agent ID
Managed Apps
Conditional Access
Purview
Data Lifecycle Management
Information Protection
Data Security Posture
Management (DSPM for AI)
Insider Risk
Audit
eDiscovery
Compliance Manager
Records Management
Defender
Defender for Cloud Apps
Defender for Cloud
Azure
Content Safety
AI Security
Azure Monitor and App
Insights
Intune
Device Management
Endpoint Security
Copilot for Security
Power Platform
Environment Group
Environment and DLP
Copilot Studio Agent
Microsoft 365
SharePoint Site & Teams
OneDrive
SharePoint Comms Site
SharePoint Agent
M365 Copilot Agent
Admin Portal
SharePoint Advanced
Management
Copilot Analytics
Entra
Security Group
M365 Group
Identity
Licencing
Agent ID
Managed Apps
Conditional Access
Purview
Data Lifecycle Management
Information Protection
Data Security Posture
Management (DSPM for AI)
Insider Risk
Audit
eDiscovery
Compliance Manager
Records Management
Defender
Defender for Cloud Apps
Defender for Cloud
Azure
Content Safety
AI Security
Azure Monitor and App
Insights
Intune
Device Management
Endpoint Security
Tools – Deep Dive
1.Copilot Management Controls
2.Workspace Governance and Managing OverSharing
Risks
3.Purview Data Security
4.Measuring Copilot and Gen AI Apps
1.Copilot Management Controls
2.Workspace Governance and Managing OverSharing
Risks
3.Purview Data Security
4.Measuring Copilot and Gen AI Apps
Copilot Management
Controls
Controls
Copilot Control System
Copilot + Agents
Security &
Governance
Management
Controls
Measurement &
Reporting
Data security Copilot licensing Readiness and adoption
AI security Agent lifecycle Productivity impact
Compliance & privacy Metering controls Business value & ROI
Copilot + Agents
Security &
Governance
Management
Controls
Measurement &
Reporting
Data security Copilot licensing Readiness and adoption
AI security Agent lifecycle Productivity impact
Compliance & privacy Metering controls Business value & ROI
M365 Admin Center: Copilot Control System
Copilot Control System - Adoption & Licencing
Overview
Overview
Copilot Control System - Health
Create an image of a delicious, healthy
lunch on a table with blue highlights.
Lunch –Back at 14:00
lunch on a table with blue highlights.
Lunch –Back at 14:00
Workspace Governance and
Managing Oversharing Risks
Managing Oversharing Risks
What Do We Mean By Workspaces
•Workspaces are:
oSharePoint Sites
oMicrosoft 365 Groups (email based)
oTeams
•Workspaces are:
oSharePoint Sites
oMicrosoft 365 Groups (email based)
oTeams
SharePoint Search
SharePoint : Restricted SharePoint Search – Upto
100 Sites in Scope
•Restricted SharePoint Search allows you to disable organization-wide search, and to restrict both Enterprise
Search and Copilot experiences to a curated set of SharePoint sites of your choice, plus recently accessed
content, user owned content e.g. OneDrive email etc
Restricted SharePoint Search - SharePoint in Microsoft 365 | Microsoft Learn
100 Sites in Scope
•Restricted SharePoint Search allows you to disable organization-wide search, and to restrict both Enterprise
Search and Copilot experiences to a curated set of SharePoint sites of your choice, plus recently accessed
content, user owned content e.g. OneDrive email etc
Restricted SharePoint Search - SharePoint in Microsoft 365 | Microsoft Learn
SharePoint Advanced Management –Reporting (Needs One
Copilot licence)
Copilot licence)
SAM:DataAccess Governance (DAG)Reports for SharePoint
and OneDrive sites
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
and OneDrive sites
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
SAM: DAG Reports – Sharing Links
•The sharing links reportactivity reports that helps you identify sites where users have created the most new
sharing links in the last 28 days. These reports are available for the following types of links:
o'Anyone' links
o'People in the organization' links
o'Specific people' links shared externally
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
•The sharing links reportactivity reports that helps you identify sites where users have created the most new
sharing links in the last 28 days. These reports are available for the following types of links:
o'Anyone' links
o'People in the organization' links
o'Specific people' links shared externally
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
SAM: DAG Reports – Content shared with Everyone
except external users
•'Everyone except external users' (EEEU) report is the other activity report that helps you identify sites where content has been shared with your entire
organization. EEEU is a built-in SharePoint group that automatically includes all internal users but excludes any external guests.
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
except external users
•'Everyone except external users' (EEEU) report is the other activity report that helps you identify sites where content has been shared with your entire
organization. EEEU is a built-in SharePoint group that automatically includes all internal users but excludes any external guests.
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
SAM: DAG Reports- Sensitivity Labels Applied to Files Snapshot
•This report identifies sites containingfiles with sensitivity labels applied, allowing you to verify that
appropriate security policies are applied.
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
•This report identifies sites containingfiles with sensitivity labels applied, allowing you to verify that
appropriate security policies are applied.
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
SAM: DAG Reports – Sites Permissions Snapshot
•The site permissions report provides a comprehensive snapshot of your organization's current permission structure across all
SharePoint and OneDrive sites
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
•The site permissions report provides a comprehensive snapshot of your organization's current permission structure across all
SharePoint and OneDrive sites
Data access governance reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
SAM: DAG Reports – Sites Permissions Snapshot – Trigger a Site
Access Review
•Site access reviewsallowIT administratorsto delegate the process of reviewing data access governance reports with the
oversharing links to site owners of overshared sites.
•Select the high risk sites from theSites Permissions Snapshot
Initiate site access reviews for Data access governance reports - SharePoint in Microsoft 365 | Microsoft Learn
Access Review
•Site access reviewsallowIT administratorsto delegate the process of reviewing data access governance reports with the
oversharing links to site owners of overshared sites.
•Select the high risk sites from theSites Permissions Snapshot
Initiate site access reviews for Data access governance reports - SharePoint in Microsoft 365 | Microsoft Learn
SAM: DAG Reports – Site Access Review User Experience
Initiate site access reviews for Data access governance reports - SharePoint in Microsoft 365 | Microsoft
Learn
Initiate site access reviews for Data access governance reports - SharePoint in Microsoft 365 | Microsoft
Learn
SAM: Site Policy Comparision - AI-Driven Site Matching for
SharePoint sites and OneDrive accounts
Site policy comparison reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
SharePoint sites and OneDrive accounts
Site policy comparison reports for SharePoint sites - SharePoint in Microsoft 365 | Microsoft Learn
SAM: AI Insights
•The reports include AI Insights identifies patterns and potential issues from reporting and receive actionable
recommendations to solve issues.
Generate AI insights for Microsoft SharePoint Advanced Management - SharePoint in Microsoft 365 | Microsoft Learn
•The reports include AI Insights identifies patterns and potential issues from reporting and receive actionable
recommendations to solve issues.
Generate AI insights for Microsoft SharePoint Advanced Management - SharePoint in Microsoft 365 | Microsoft Learn
SharePoint Advanced Management –Manage Content Sprawl(Needs
One Copilot licence)
One Copilot licence)
SAM: SharePoint Site Ownership Policies to set Minimum
Number of Owners
•Site ownership policies, help you automate the ownership of SharePoinmt sites. These policies run every month to identify sites that
don't comply with your ownership requirements. They automatically notify relevant users based on your configured settings, making it
easy to add new owners with minimal administrative overhead.
Create SharePoint site ownership policy - SharePoint in Microsoft 365 | Microsoft Learn
Number of Owners
•Site ownership policies, help you automate the ownership of SharePoinmt sites. These policies run every month to identify sites that
don't comply with your ownership requirements. They automatically notify relevant users based on your configured settings, making it
easy to add new owners with minimal administrative overhead.
Create SharePoint site ownership policy - SharePoint in Microsoft 365 | Microsoft Learn
SAM:Site Lifecycle Management Policies toManage Inactive Sites
•The Inactive site policy runs monthly and automatically detect inactive sites and notify site owners via email.
Owners can then confirm if the site is still active.
•If the owner does not respond the policy can set the site to read only and also move thesite to M365 Archive
Manage inactive sites using Site lifecycle management - SharePoint in Microsoft 365 | Microsoft Learn
•The Inactive site policy runs monthly and automatically detect inactive sites and notify site owners via email.
Owners can then confirm if the site is still active.
•If the owner does not respond the policy can set the site to read only and also move thesite to M365 Archive
Manage inactive sites using Site lifecycle management - SharePoint in Microsoft 365 | Microsoft Learn
SharePoint Advanced Management (SAM) –Manage Access
Permissions(Needs One Copilot licence)
Permissions(Needs One Copilot licence)
SAM: Restricted Content Discovery (RCD) for
SharePoint sites
•Limitthevisibilityofspecificcontentin:
oOrganisation-widesearches
oInteractionswithMicrosoft365Copilot
•User can still discover:
oContent they own
oContent they have recently interacted with (last 28 days)
•Note:
oThis does not impact users searching from within the site
oThis does not apply to OneDrive
oOveruse of Restricted Content Discovery can negatively affect
performance across search, SharePoint, and Copilot. Removing sites
or files from tenant-wide discovery means that there's less content
for search and Copilot to ground on, leading to inaccurate or
incomplete results.
Restrict discovery of SharePoint sites and content -
SharePoint in Microsoft 365 | Microsoft Learn
SharePoint sites
•Limitthevisibilityofspecificcontentin:
oOrganisation-widesearches
oInteractionswithMicrosoft365Copilot
•User can still discover:
oContent they own
oContent they have recently interacted with (last 28 days)
•Note:
oThis does not impact users searching from within the site
oThis does not apply to OneDrive
oOveruse of Restricted Content Discovery can negatively affect
performance across search, SharePoint, and Copilot. Removing sites
or files from tenant-wide discovery means that there's less content
for search and Copilot to ground on, leading to inaccurate or
incomplete results.
Restrict discovery of SharePoint sites and content -
SharePoint in Microsoft 365 | Microsoft Learn
SAM: Restricted Content Discovery (RCD) - User
experience
experience
SAM: Restricted Access Control (RAC) policy for all sites using
Entra security groups and Microsoft 365 groups
•Only members of the group(s) can access to the content in the site
•Existing sharing links will no longer work is the user is not part of the group(s)
Restrict SharePoint site access with Microsoft 365 groups and Microsoft Entra
security groups - SharePoint in Microsoft 365 | Microsoft Learn
Entra security groups and Microsoft 365 groups
•Only members of the group(s) can access to the content in the site
•Existing sharing links will no longer work is the user is not part of the group(s)
Restrict SharePoint site access with Microsoft 365 groups and Microsoft Entra
security groups - SharePoint in Microsoft 365 | Microsoft Learn
SAM:Restrict OneDrive access by usingEntrasecurity groups
and Microsoft 365 groups
•Only members of the group(s) can access to the content in the site
•Existing sharing links will no longer work is the user is not part of the group(s)
Restrict OneDrive access by security group - SharePoint in Microsoft 365 | Microsoft Learn
and Microsoft 365 groups
•Only members of the group(s) can access to the content in the site
•Existing sharing links will no longer work is the user is not part of the group(s)
Restrict OneDrive access by security group - SharePoint in Microsoft 365 | Microsoft Learn
SAM: Block file download, print and sync
•Can be configured as part of a Container sensitivity label
Block download policy for SharePoint sites and OneDrive - SharePoint in Microsoft 365 | Microsoft Learn
•Can be configured as part of a Container sensitivity label
Block download policy for SharePoint sites and OneDrive - SharePoint in Microsoft 365 | Microsoft Learn
Purview Data Security
Purview: Protecting Sensitive Data
Purview: Content Discovry
Content Discovery
Manual
Automated
Classify
Policy
Does it contain…
Does it look like…
Location
SharePoint, OneDrive, Exchange, Teams,
Viva Engage
Metadata and property
Content type, Property bag
Keywords and queries
E.g., “Change management”, “Project X”
Sensitive information types
300+ OOTB + custom
E.g., financial, healthcare, privacy,
account number
Trainable classifiers
100+ OOTB + custom
E.g., resumes, contracts, code
Document fingerprint
E.g., document layouts, statements,
invoices
Protection
Data Loss Prevention
Retention
Immutability
Manual
Automated
Classify
Policy
Does it contain…
Does it look like…
Location
SharePoint, OneDrive, Exchange, Teams,
Viva Engage
Metadata and property
Content type, Property bag
Keywords and queries
E.g., “Change management”, “Project X”
Sensitive information types
300+ OOTB + custom
E.g., financial, healthcare, privacy,
account number
Trainable classifiers
100+ OOTB + custom
E.g., resumes, contracts, code
Document fingerprint
E.g., document layouts, statements,
invoices
Protection
Data Loss Prevention
Retention
Immutability
Classifier Types
Trainable Classifiers
Sensitive Information Types
EDM Classifiers
Custom
OOB (300+)
Unbundled & Bundled
OOB (100+)
Fingerprint
Custom
Custom
Trainable Classifiers
Sensitive Information Types
EDM Classifiers
Custom
OOB (300+)
Unbundled & Bundled
OOB (100+)
Fingerprint
Custom
Custom
Sensitive Information Types (SITs)
Primary Element
Supporting Element
ProximityPattern
Confidence
Additional Checks
Reg Ex
(optional validators)
Keyword List
Keyword Dictionary
Function
Group
Primary Element
Supporting Element
ProximityPattern
Confidence
Additional Checks
Reg Ex
(optional validators)
Keyword List
Keyword Dictionary
Function
Group
Exact Data Match (EDM) classifiers
Schema
Upload Data
Detection RulesEDM Classifier
Additional Checks
Columns
Primary Elements
Map to SIT
Schema
Upload Data
Detection RulesEDM Classifier
Additional Checks
Columns
Primary Elements
Map to SIT
Usage
FEATURE BUILT-IN SITS CUSTOMSITS FINGERPRINT SITSTRAINABLECLASSIFIERS
EXACTDATAMATCH
(EDM)
RetentionPolicies Yes Yes No No No
DLP Policies Yes Yes Yes No Yes
Auto-labelling Yes Yes Yes Yes Yes
Insider Risk
Management
Yes Yes No Yes No
eDiscovery Yes Yes No Yes No
Defender for
Cloud Apps
Yes
(vialabels)
Yes
(vialabels)
Yes
(vialabels)
Yes
(vialabels)
Yes
(vialabels)
Communication
Compliance
Yes Yes No Yes No
Priva Yes Yes No No No
FEATURE BUILT-IN SITS CUSTOMSITS FINGERPRINT SITSTRAINABLECLASSIFIERS
EXACTDATAMATCH
(EDM)
RetentionPolicies Yes Yes No No No
DLP Policies Yes Yes Yes No Yes
Auto-labelling Yes Yes Yes Yes Yes
Insider Risk
Management
Yes Yes No Yes No
eDiscovery Yes Yes No Yes No
Defender for
Cloud Apps
Yes
(vialabels)
Yes
(vialabels)
Yes
(vialabels)
Yes
(vialabels)
Yes
(vialabels)
Communication
Compliance
Yes Yes No Yes No
Priva Yes Yes No No No
Purview Sensitivity Labels
Purview: Sensitivity Labels to Protect Sensitive Data
Learn about sensitivity labels | Microsoft Learn
Learn about sensitivity labels | Microsoft Learn
Purview:Sensitivity labels - Used with 1. Containers, 2. Content
& 3. Document Libraries
& 3. Document Libraries
Example Sensitivity Labels Taxonomy
Example Sensitivity Labels Controls
Label
Auto-
labeling
Scope
Site External
sharing/
guest
Site
privacy
Encryption
Permissions
Prevent
connected
experiences
Default
sharing
Link
DLP limits
Public File, EmailN/A N/A N/A No
General Email default
File, Email,
Meetings, Sites
Allowed PublicN/A No
People in
<company
>
Block anyone
Confidential\All employees
Documents
default
Yes
File, Email,
Meetings, Sites
Not allowedPrivateN/A No
People in
<company
>
Block anyone,
Block external
Confidential\Specific People
File, Email,
Meetings, Sites
Allowed PrivateN/A No
Specific
People
Block anyone
Highly Confidential\All
employees
Optional
File, Email,
Meetings
Not allowedN/A FTE Yes
Specific
People
Block anyone,
Block external
Highly Confidential\Specific
People
Yes (SIT)
File, Email,
Meetings, Sites
Not allowedPrivateUser specifiedYes
Specific
People
Block anyone,
Block external
Highly Confidential\Internal
exception
File, Email,
Meetings
Not allowedPrivateN/A Yes
Specific
People
Block anyone,
Block external
Label
Auto-
labeling
Scope
Site External
sharing/
guest
Site
privacy
Encryption
Permissions
Prevent
connected
experiences
Default
sharing
Link
DLP limits
Public File, EmailN/A N/A N/A No
General Email default
File, Email,
Meetings, Sites
Allowed PublicN/A No
People in
<company
>
Block anyone
Confidential\All employees
Documents
default
Yes
File, Email,
Meetings, Sites
Not allowedPrivateN/A No
People in
<company
>
Block anyone,
Block external
Confidential\Specific People
File, Email,
Meetings, Sites
Allowed PrivateN/A No
Specific
People
Block anyone
Highly Confidential\All
employees
Optional
File, Email,
Meetings
Not allowedN/A FTE Yes
Specific
People
Block anyone,
Block external
Highly Confidential\Specific
People
Yes (SIT)
File, Email,
Meetings, Sites
Not allowedPrivateUser specifiedYes
Specific
People
Block anyone,
Block external
Highly Confidential\Internal
exception
File, Email,
Meetings
Not allowedPrivateN/A Yes
Specific
People
Block anyone,
Block external
Container sensitivity labels:
•Container sensitivity labels provide access controls and protect content in Microsoft 365 Groups, Teams and Sites
•The files in these workspaces do not inherit these labels. Content needs to be labelled with files and other data assets senstivity labels
•Container sensitivity labels need to be enabled before they can be configured
Use sensitivity labels with Microsoft Teams, Microsoft 365 Groups, and SharePoint sites | Microsoft Learn
•Container sensitivity labels provide access controls and protect content in Microsoft 365 Groups, Teams and Sites
•The files in these workspaces do not inherit these labels. Content needs to be labelled with files and other data assets senstivity labels
•Container sensitivity labels need to be enabled before they can be configured
Use sensitivity labels with Microsoft Teams, Microsoft 365 Groups, and SharePoint sites | Microsoft Learn
Default sensitivity label on a Document Library (E5 Compliance)
•Prerequisites:
oEnable sensitivity labels for Office files in SharePoint and OneDrive.
•Default label applies to:
oNew content
oUnlabelled content uploaded to the site
oLabelled content uploaded to the site if the label has a lower priority
and was naot manually labelled by the user
•Default label is NOT applied to :
oRetrospecitively to existing content in the site
oRefer toConfigure a default sensitivity label for a SharePoint
document library | Microsoft Learn
Configure a default sensitivity label for a SharePoint document library | Microsoft Learn
•Prerequisites:
oEnable sensitivity labels for Office files in SharePoint and OneDrive.
•Default label applies to:
oNew content
oUnlabelled content uploaded to the site
oLabelled content uploaded to the site if the label has a lower priority
and was naot manually labelled by the user
•Default label is NOT applied to :
oRetrospecitively to existing content in the site
oRefer toConfigure a default sensitivity label for a SharePoint
document library | Microsoft Learn
Configure a default sensitivity label for a SharePoint document library | Microsoft Learn
Default sensitivity label on a Document Library: extend permissions
to downloaded documents (Preview) (E5 Compliance)
•Configure document libraries to extend the existing SharePoint site permissions to documents when they're downloaded from the
library. Then, any previously unlabeled files from that library continue to be protected with the current SharePoint permissions for the
user, even though the files have left the original SharePoint site.
•Only member of the site can access the encrypted content
•Works witha sensitivity label with the encryption : User defined permissions.
Configure SharePoint with a sensitivity label to extend permissions to downloaded documents | Microsoft Learn
to downloaded documents (Preview) (E5 Compliance)
•Configure document libraries to extend the existing SharePoint site permissions to documents when they're downloaded from the
library. Then, any previously unlabeled files from that library continue to be protected with the current SharePoint permissions for the
user, even though the files have left the original SharePoint site.
•Only member of the site can access the encrypted content
•Works witha sensitivity label with the encryption : User defined permissions.
Configure SharePoint with a sensitivity label to extend permissions to downloaded documents | Microsoft Learn
Content Sensitivity labels – Prevent some connected experiences
that analyze content – Will
Block Copilot
•The setting lets you prevent content in Word, Excel, PowerPoint, and Outlook from being sent to Microsoft for content analysis as a privacy
control. However, when it's set, it means that some services won't work as designed, such as data loss prevention policy tips for Outlook,
automatic and recommended labeling, and Microsoft 365 Copilot.
•Content can still be accessed via Copilot in other scenarios e.g. Teams
• Impacts other activities that need to inspect content.
Manage sensitivity labels in Office apps | Microsoft Learn
that analyze content – Will
Block Copilot
•The setting lets you prevent content in Word, Excel, PowerPoint, and Outlook from being sent to Microsoft for content analysis as a privacy
control. However, when it's set, it means that some services won't work as designed, such as data loss prevention policy tips for Outlook,
automatic and recommended labeling, and Microsoft 365 Copilot.
•Content can still be accessed via Copilot in other scenarios e.g. Teams
• Impacts other activities that need to inspect content.
Manage sensitivity labels in Office apps | Microsoft Learn
Content Sensitivity labels – Apply Encryption
•Two Options for Encryption
1.Assign permissions now
2.Let Users assign permissions
Apply encryption using sensitivity labels | Microsoft Learn
•Two Options for Encryption
1.Assign permissions now
2.Let Users assign permissions
Apply encryption using sensitivity labels | Microsoft Learn
Encryption Permissions -Copilot needs EXTRACT and VIEW usage rights
•The usage right that grants permission to copy text isEXTRACT. It's this usage right that determines whether Copilot or agents can
display text to the user from encrypted content.
•When encrypted with the Admin defined permissions :
oThe Owner and Editor permissions allow access to display text from these documents
oThe Viewer permissions do not have Extract, so Copilot can see the content but cannt display the text to the user.
•For User defined Permissions, it depends whatpermissions the user select. Editor and Owner allow Copilot access
Microsoft Purview data security and compliance protections for Microsoft 365 Copilot and other generative AI apps | Microsoft Learn
Considerations for Microsoft Purview to manage Microsoft 365 Copilot and Channel Agent in Teams for security and compliance |
Microsoft Learn
•The usage right that grants permission to copy text isEXTRACT. It's this usage right that determines whether Copilot or agents can
display text to the user from encrypted content.
•When encrypted with the Admin defined permissions :
oThe Owner and Editor permissions allow access to display text from these documents
oThe Viewer permissions do not have Extract, so Copilot can see the content but cannt display the text to the user.
•For User defined Permissions, it depends whatpermissions the user select. Editor and Owner allow Copilot access
Microsoft Purview data security and compliance protections for Microsoft 365 Copilot and other generative AI apps | Microsoft Learn
Considerations for Microsoft Purview to manage Microsoft 365 Copilot and Channel Agent in Teams for security and compliance |
Microsoft Learn
Copilot will inherit the highest label of the source content
•Copilot experiences support useexisting controls to ensure that data stored in your tenant is never returnedto the user or used by a
large language model (LLM) if the user doesn't have access to that data.
•When the data hassensitivity labelsfrom your organization applied to the content, there's an extra layer of protection because Microsoft
365 Copilot inherits the highest sensitivity label from the source content it accesses or uses to generate responses.
Use Microsoft Purview to manage data security & compliance for Microsoft 365 Copilot & Microsoft
365 Copilot Chat | Microsoft Learn
•Copilot experiences support useexisting controls to ensure that data stored in your tenant is never returnedto the user or used by a
large language model (LLM) if the user doesn't have access to that data.
•When the data hassensitivity labelsfrom your organization applied to the content, there's an extra layer of protection because Microsoft
365 Copilot inherits the highest sensitivity label from the source content it accesses or uses to generate responses.
Use Microsoft Purview to manage data security & compliance for Microsoft 365 Copilot & Microsoft
365 Copilot Chat | Microsoft Learn
Sensitivity Labels
Description
ScopeSensitivity label
Files & other data
assets
Emails
Meetings
Groups and sites
Control access
Apply content
marking
Protect team
meetings and chat
Privacy and
external user
access
External sharing
and conditional
access
Private teams and
shared channels
Description
ScopeSensitivity label
Files & other data
assets
Emails
Meetings
Groups and sites
Control access
Apply content
marking
Protect team
meetings and chat
Privacy and
external user
access
External sharing
and conditional
access
Private teams and
shared channels
Publishing Policies
Publishing Policy
Auto-labelling
Policy
Sensitivity label
Exchange
(Users & Groups)
SharePoint Sites
OneDrive
Accounts (Users &
Groups)
Azure Storage
(Accounts)
Azure SQL Storage
(Servers)
Users and groups
SITs
Locations
Rules
Policy mode
Publishing Policy
Auto-labelling
Policy
Sensitivity label
Exchange
(Users & Groups)
SharePoint Sites
OneDrive
Accounts (Users &
Groups)
Azure Storage
(Accounts)
Azure SQL Storage
(Servers)
Users and groups
SITs
Locations
Rules
Policy mode
Limitations
•Only Office and PDF files are supported
•Maximum of 100 auto-labelling policies per tenant, each targeting 100 specific locations
•100,000 files per day
•Auto-labelling is batch-based so not instantaneous
•Client-side auto-labelling requires supported app versions
•Only email attachments are scanned
•The email is labelled, not the attachment
•Attachments to SharePoint list items are not scanned
•Only Office and PDF files are supported
•Maximum of 100 auto-labelling policies per tenant, each targeting 100 specific locations
•100,000 files per day
•Auto-labelling is batch-based so not instantaneous
•Client-side auto-labelling requires supported app versions
•Only email attachments are scanned
•The email is labelled, not the attachment
•Attachments to SharePoint list items are not scanned
Purview Data Loss Prevention
DLP: Block Copilot Access labelled data(E5 Compliance)
Learn about the Microsoft 365 Copilot location | Microsoft
Learn
Learn about the Microsoft 365 Copilot location | Microsoft
Learn
DLP: Block Copilot Access labelled data(E5 Compliance)
•Helps you prevent items with specific sensitivity labels from being used in the response summarization to prompts in Microsoft 365
Copilot. To set this up, create DLP policies that use theMicrosoft 365 Copilotpolicy location with theContent contains>Sensitivity
labelscondition to exclude items from being processed. Identified items still appear in the citations of the response, but the content of
the item isn't used in the response.
Learn about the Microsoft 365 Copilot location | Microsoft Learn
•Helps you prevent items with specific sensitivity labels from being used in the response summarization to prompts in Microsoft 365
Copilot. To set this up, create DLP policies that use theMicrosoft 365 Copilotpolicy location with theContent contains>Sensitivity
labelscondition to exclude items from being processed. Identified items still appear in the citations of the response, but the content of
the item isn't used in the response.
Learn about the Microsoft 365 Copilot location | Microsoft Learn
DLP: Block Copilot Access labelled data(E5 Compliance) User
Experience
Experience
Endpoint DLP: Block sharing with Gen AI Apps(E5
Compliance)
•One click policy can be enabled via DSPM for AI
•Prequisites
oEndpoints onboarded into Purview
oPurview browser extension added to Edge and Chrome added to endpoints
oAuditing enabled
Considerations for deploying Microsoft Purview Data
Security Posture Management (DSPM) for AI | Microsoft
Learn
Using Endpoint DLP | Microsoft Learn
Compliance)
•One click policy can be enabled via DSPM for AI
•Prequisites
oEndpoints onboarded into Purview
oPurview browser extension added to Edge and Chrome added to endpoints
oAuditing enabled
Considerations for deploying Microsoft Purview Data
Security Posture Management (DSPM) for AI | Microsoft
Learn
Using Endpoint DLP | Microsoft Learn
Endpoint DLP: Block sharing with Gen AI Apps(E5 Compliance) User
Experience
Experience
Measuring Copilot and Gen AI Apps
Value: The Measurement
Journey
Metrics and KPIs for Responsible
AI Adoption in Microsoft 365
Business
Value & Risk
Reduction
Action
Insight
Visibility
Journey
Metrics and KPIs for Responsible
AI Adoption in Microsoft 365
Business
Value & Risk
Reduction
Action
Insight
Visibility
Comprehensive Copilot Reporting
Defender for
Cloud Apps
Third party Gen AI
App risk
assessment
Third party Gen AI
usage
Sanction/ block
Third party Gen AI
Purview
DSPM for AI
Copilot and 3
rd
party Gen AI apps
Discover
Data security
controls
Risk management
M365 Admin
Reports
Quantitative
Readiness
Usage
Adoption
Copilot
Analytics
Behaviours
Segmentation
Qualitative
KPIs
Defender for
Cloud Apps
Third party Gen AI
App risk
assessment
Third party Gen AI
usage
Sanction/ block
Third party Gen AI
Purview
DSPM for AI
Copilot and 3
rd
party Gen AI apps
Discover
Data security
controls
Risk management
M365 Admin
Reports
Quantitative
Readiness
Usage
Adoption
Copilot
Analytics
Behaviours
Segmentation
Qualitative
KPIs
Visibility
Defender for Cloud Apps
Defender for Cloud Apps
View Gen AI App Catalog 1123 Apps
Assess the risk of an App
How can we find out what
Gen AI Apps are used?
Defender for Cloud Apps > Cloud Discovery
Gen AI Apps are used?
Defender for Cloud Apps > Cloud Discovery
Discover what Gen Ai Apps are being used
How can we block access
to unwanted Gen AI
apps?
to unwanted Gen AI
apps?
Sync Unsanctioned Apps to Defender for Endpoint
Block URLs on Managed Devices
Get Notified of New apps
How do we keep track
of new Gen AI Apps?
Defender for Cloud Apps > Policy Management
of new Gen AI Apps?
Defender for Cloud Apps > Policy Management
Insights
Purview: Data Security Management for AI (DSPM for AI) Reports
(E5 Compliance)
Purview: Data Security Management for AI (DSPM for AI) Reports
(E5 Compliance)
DSPM for AI Prerequisites
Considerations for deploying Microsoft Purview Data Security Posture Management (DSPM) for AI | Microsoft Learn
Considerations for deploying Microsoft Purview Data Security Posture Management (DSPM) for AI | Microsoft Learn
Purview: DSPM for AI - Microsoft 365 Copilot Experiences
•Insights and analytics into AI activity in your organization into Microsoft Copilot experiences and Agents
•Basic Copilot reports are avaiable out of the box
Learn how Microsoft Purview Data Security Posture Management (DSPM) for AI provides data
security and compliance protections for Copilots and other generative AI apps | Microsoft
Learn
•Insights and analytics into AI activity in your organization into Microsoft Copilot experiences and Agents
•Basic Copilot reports are avaiable out of the box
Learn how Microsoft Purview Data Security Posture Management (DSPM) for AI provides data
security and compliance protections for Copilots and other generative AI apps | Microsoft
Learn
Purview: DSPM for AI – Third Party AI Interactions
•View other AI apps users have visited from their managed devices
•This includes the Consumer Copilot
Supported AI sites by Microsoft Purview for data security and compliance protections | Microsoft
Learn
•View other AI apps users have visited from their managed devices
•This includes the Consumer Copilot
Supported AI sites by Microsoft Purview for data security and compliance protections | Microsoft
Learn
Purview: DSPM for AI - Sensitive Data Shared with Apps and
Agents
•The One-click DLP policies contain all SITS. Edit the DLP policies to tailor the SITs and add you own custom SITsreduce false positives
Considerations for deploying Microsoft Purview Data Security Posture
Management (DSPM) for AI | Microsoft Learn
Agents
•The One-click DLP policies contain all SITS. Edit the DLP policies to tailor the SITs and add you own custom SITsreduce false positives
Considerations for deploying Microsoft Purview Data Security Posture
Management (DSPM) for AI | Microsoft Learn
Purview: DSPM for AI – Risky Interactions
•Works with Insider Risk Management tocalculate user risk by detecting risky prompts and responses in Microsoft 365 Copilot, agents,
and other generative AI apps.
Considerations for deploying Microsoft Purview Data Security Posture Management (DSPM) for AI | Microsoft Learn
•Works with Insider Risk Management tocalculate user risk by detecting risky prompts and responses in Microsoft 365 Copilot, agents,
and other generative AI apps.
Considerations for deploying Microsoft Purview Data Security Posture Management (DSPM) for AI | Microsoft Learn
Purview: DSPM for AI - Agent & Apps Interactions
•Dashboard of AI apps and their agents used across your organization so you can identify and manage any
potential data security risks. For each agent, view details about sensitive data that they accessed and how
they are protected by policies from Microsoft Purview.
•Dashboard of AI apps and their agents used across your organization so you can identify and manage any
potential data security risks. For each agent, view details about sensitive data that they accessed and how
they are protected by policies from Microsoft Purview.
Purview: DSPM for AI –View deatisl of an App or
Agent
Agent
Purview: DSPM for AI - Data Risk Assessments
•The reportsdiscover recommend fixes for potential data oversharing risks in your organization.
•A default data risk assessment automatically runs weekly for the top 100 SharePoint sites based on usage in your
organization. You also create custsom reports.
Learn how Microsoft Purview Data Security Posture Management (DSPM) for AI provides data security and compliance protections for Copilots and other
generative AI apps | Microsoft Learn
•The reportsdiscover recommend fixes for potential data oversharing risks in your organization.
•A default data risk assessment automatically runs weekly for the top 100 SharePoint sites based on usage in your
organization. You also create custsom reports.
Learn how Microsoft Purview Data Security Posture Management (DSPM) for AI provides data security and compliance protections for Copilots and other
generative AI apps | Microsoft Learn
Purview: DSPM for AI : Activity Explorer – Copilot Apps
•See details of the data collected from your policies.
•Examples of activities includeAI interaction,Sensitive info types, andAI website visit. Prompts and
responses are included in theAI interactionevents when you have theright permisisons.
Permissions for Microsoft Purview Data Security Posture Management for AI | Microsoft Learn
Considerations for deploying Microsoft Purview Data Security Posture Management (DSPM) for AI | Microsoft Learn
•See details of the data collected from your policies.
•Examples of activities includeAI interaction,Sensitive info types, andAI website visit. Prompts and
responses are included in theAI interactionevents when you have theright permisisons.
Permissions for Microsoft Purview Data Security Posture Management for AI | Microsoft Learn
Considerations for deploying Microsoft Purview Data Security Posture Management (DSPM) for AI | Microsoft Learn
Purview: DSPM for AI – Activity Explorer - Third Party
Apps
Apps
Purview: DSPM for AI – Activity Explorer – View an interaction
•Prompts andresponses are included in theAI interactionevents when you have theright permisisons.
Permissions for Microsoft Purview Data Security Posture Management for AI | Microsoft Learn
•Prompts andresponses are included in theAI interactionevents when you have theright permisisons.
Permissions for Microsoft Purview Data Security Posture Management for AI | Microsoft Learn
Action
Microsoft 365 Admin Center: Usage and Adoption Reports
Microsoft 365 Admin Center: Usage and Adoption Reports
Microsoft 365 Admin Center: Usage Reports
Microsoft 365 admin center activity reports - Microsoft 365 admin | Microsoft Learn
Microsoft 365 admin center activity reports - Microsoft 365 admin | Microsoft Learn
Microsoft 365 Admin Center: Usage Reports -
Microsoft 365 Copilot
•View a summary of how users' adoption, retention, and engagement are with Microsoft 365 Copilot and its associated enabled apps,
including agent usage. For Copilot activity on a given day, the report becomes available within 72 hours of the end of that day (in UTC).
Microsoft 365 admin center Microsoft 365 Copilot usage - Microsoft 365 admin | Microsoft Learn
Microsoft 365 Copilot
•View a summary of how users' adoption, retention, and engagement are with Microsoft 365 Copilot and its associated enabled apps,
including agent usage. For Copilot activity on a given day, the report becomes available within 72 hours of the end of that day (in UTC).
Microsoft 365 admin center Microsoft 365 Copilot usage - Microsoft 365 admin | Microsoft Learn
Microsoft 365 Admin Center: Usage Reports –
Copilot Agents
•The Agent usage report helps you track how agents are being used in Microsoft 365 Copilot Chat and Microsoft 365 apps –Word, Excel,
and PowerPoint. You can see which agents (built by your org, Microsoft and Microsoft Partners) are being used by both licensed and
unlicensed Microsoft 365 Copilot users.
Microsoft 365 reports in the admin center – Agent usage - Microsoft 365 admin | Microsoft Learn
Copilot Agents
•The Agent usage report helps you track how agents are being used in Microsoft 365 Copilot Chat and Microsoft 365 apps –Word, Excel,
and PowerPoint. You can see which agents (built by your org, Microsoft and Microsoft Partners) are being used by both licensed and
unlicensed Microsoft 365 Copilot users.
Microsoft 365 reports in the admin center – Agent usage - Microsoft 365 admin | Microsoft Learn
Microsoft 365 Admin Center: Usage Reports -
Copilot Chat (Free)
•Provides insights into active usage of Microsoft 365 Copilot Chat.
•The report is currently limited to users without a Microsoft 365 Copilot license that interact with Copilot Chat in Teams, Outlook,
m365.cloud.microsoft/chat, Microsoft 365 Copilot (app), Microsoft Edge, Word, Excel, PowerPoint, and OneNote.
Microsoft 365 admin center – Microsoft 365 Copilot Chat usage - Microsoft 365 admin | Microsoft Learn
Copilot Chat (Free)
•Provides insights into active usage of Microsoft 365 Copilot Chat.
•The report is currently limited to users without a Microsoft 365 Copilot license that interact with Copilot Chat in Teams, Outlook,
m365.cloud.microsoft/chat, Microsoft 365 Copilot (app), Microsoft Edge, Word, Excel, PowerPoint, and OneNote.
Microsoft 365 admin center – Microsoft 365 Copilot Chat usage - Microsoft 365 admin | Microsoft Learn
Microsoft 365 Admin Center: Adoption Score -AI Adoption
•The AI adoption score represents the extent to
which users in your organization have made
Microsoft 365 Copilot a daily habit. A score of 100
means that all licensed Microsoft 365 Copilot users
in your organization are using Copilot features for an
average of at least three days per week (or 12 out of
the past 28 days). Users that reach this three-day
threshold in a given month are highly likely to
become long-term engaged users of Microsoft 365
Copilot.
AI adoption category in Adoption Score - Microsoft 365 admin | Microsoft Learn
•The AI adoption score represents the extent to
which users in your organization have made
Microsoft 365 Copilot a daily habit. A score of 100
means that all licensed Microsoft 365 Copilot users
in your organization are using Copilot features for an
average of at least three days per week (or 12 out of
the past 28 days). Users that reach this three-day
threshold in a given month are highly likely to
become long-term engaged users of Microsoft 365
Copilot.
AI adoption category in Adoption Score - Microsoft 365 admin | Microsoft Learn
Business Value and Risk Reduction
Viva Insights: Copilot Dashboard and Analytics
Viva Insights: Copilot Dashboard and Analytics
Viva Insights: Copilot Dashboard
•The analyzed population in the Copilot Dashboard includes all employees who have an assigned Copilot license. However, for tenants with at least 50 Copilot licenses or
tenants with at least 50 Viva Insights licenses, the dashboard includes full capabilities with metrics and advanced filters.
Connect to the Microsoft Copilot Dashboard for Microsoft 365 customers | Microsoft Learn
•The analyzed population in the Copilot Dashboard includes all employees who have an assigned Copilot license. However, for tenants with at least 50 Copilot licenses or
tenants with at least 50 Viva Insights licenses, the dashboard includes full capabilities with metrics and advanced filters.
Connect to the Microsoft Copilot Dashboard for Microsoft 365 customers | Microsoft Learn
Viva Insights: Copilot Analytics – Out of Box Reports
•Ready-to-use Copilot Analytics reports in the Viva Insights web app. These reports provide a variety of targeted insights about the
adoption and impact of Microsoft 365 Copilot across your organization.
•Prerequsistes:
oDelegated access to the Copilot Dashboard.Learn more.
oYou must be aViva Insights Analyst
Access insights easily with ready-to-use Copilot Analytics reports | Microsoft Learn
•Ready-to-use Copilot Analytics reports in the Viva Insights web app. These reports provide a variety of targeted insights about the
adoption and impact of Microsoft 365 Copilot across your organization.
•Prerequsistes:
oDelegated access to the Copilot Dashboard.Learn more.
oYou must be aViva Insights Analyst
Access insights easily with ready-to-use Copilot Analytics reports | Microsoft Learn
Viva Insights: Copilot Analytics – Advanced Analysis with
Power BI Reports
•There are several preconfigured Power BI templates
you can use to analyze the usage and impact of
Copilot within your organization. You can also
customize each template using filters and metrics
based on the specific question you're looking to
answer.
•Only users with theInsights Analystrole can set up
and run customized queries.
•Copilot Analytics PBI reports
•Learn more about how to set up and use each report with the
links below.
•Copilot adoption report
•Copilot impact report
•Copilot for Sales adoption report
•Copilot business impact report
•Copilot Studio agents report
Introduction to Power BI templates in Microsoft Viva Insights | Microsoft Learn
Advanced analysis introduction | Microsoft Learn
Power BI Reports
•There are several preconfigured Power BI templates
you can use to analyze the usage and impact of
Copilot within your organization. You can also
customize each template using filters and metrics
based on the specific question you're looking to
answer.
•Only users with theInsights Analystrole can set up
and run customized queries.
•Copilot Analytics PBI reports
•Learn more about how to set up and use each report with the
links below.
•Copilot adoption report
•Copilot impact report
•Copilot for Sales adoption report
•Copilot business impact report
•Copilot Studio agents report
Introduction to Power BI templates in Microsoft Viva Insights | Microsoft Learn
Advanced analysis introduction | Microsoft Learn
Level KPI PillarWhat to MeasureWhy It Matters Where to Measure
Visibility
Safety &
Compliance
Shadow AI apps
discovered, traffic
volume
Identify unmanaged
risk and prevent data
leakage
Defender for Cloud
Apps → Shadow AI
Assessment
Insight
Safety &
Compliance
Sensitive prompts,
risky usage trend
Detect and mitigate
compliance
breaches
Purview DSPM for AI →
Data Security Insights
Action
Adoption &
Engagement
Prompts per user,
active days,
retention, licences
Gauge adoption
health and user
engagement
Microsoft 365 Admin
Center → Copilot &
Agent Usage Reports
Adoption &
Engagement
Enabled vs active
users, adoption
growth rate
Track rollout success
and licence ROI
Microsoft 365 Admin
Center → Copilot
Adoption Reports
Business
Value &
Risk
Reductio
n
Impact &
Value
Time saved,
behavioural
change, sentiment
Prove ROI,
productivity gains, &
cultural adoption
Viva Insights → Copilot
Analytics & Impact
Visibility
Safety &
Compliance
Shadow AI apps
discovered, traffic
volume
Identify unmanaged
risk and prevent data
leakage
Defender for Cloud
Apps → Shadow AI
Assessment
Insight
Safety &
Compliance
Sensitive prompts,
risky usage trend
Detect and mitigate
compliance
breaches
Purview DSPM for AI →
Data Security Insights
Action
Adoption &
Engagement
Prompts per user,
active days,
retention, licences
Gauge adoption
health and user
engagement
Microsoft 365 Admin
Center → Copilot &
Agent Usage Reports
Adoption &
Engagement
Enabled vs active
users, adoption
growth rate
Track rollout success
and licence ROI
Microsoft 365 Admin
Center → Copilot
Adoption Reports
Business
Value &
Risk
Reductio
n
Impact &
Value
Time saved,
behavioural
change, sentiment
Prove ROI,
productivity gains, &
cultural adoption
Viva Insights → Copilot
Analytics & Impact
Create an image of a delicious healthy
dessert in a small glass pot. Black
background with blue highlights.
Break –Back at 15:45
dessert in a small glass pot. Black
background with blue highlights.
Break –Back at 15:45
Summary – Next steps
Adoption.Microsoft.com is your friend
https://adoption.microsoft.com/en-gb/copilot/
https://adoption.microsoft.com/en-gb/copilot/
3 essentials for Copilot success
Leadership
Develop leadership capabilities to
leverage AI for business outcomes
Executive sponsorship
Align AI to business strategy
Providing clarity and prioritization
Best practice: AI Council
Manage the human transformation with robust
user enablement programs
Technical readiness
Build and iterate technical skills to
deliver on business results
Secure your data infrastructure
Policy review
Extend to new high value line of
businessscenarios
Best practice: Optimization
Assessment
Responsible AI principles
Human change
User enablement program
Communications and community
Skilling and training
Best practice: Community of Practice
and Copilot Dashboard
Leadership
Develop leadership capabilities to
leverage AI for business outcomes
Executive sponsorship
Align AI to business strategy
Providing clarity and prioritization
Best practice: AI Council
Manage the human transformation with robust
user enablement programs
Technical readiness
Build and iterate technical skills to
deliver on business results
Secure your data infrastructure
Policy review
Extend to new high value line of
businessscenarios
Best practice: Optimization
Assessment
Responsible AI principles
Human change
User enablement program
Communications and community
Skilling and training
Best practice: Community of Practice
and Copilot Dashboard
Microsoft 365 Copilot implementation
Copilot
implementation
Copilot
readiness
checklist
Sponsor
Scenarios
Security
You are
here
Human change
Prepare organization and employees for the AI
transformation journey through user enablement programs
Technical readiness
Address technical deployment and optimization, including
governance, security, compliance, and management
Workstreams support each other for maximum value and ROI
Get ready > Onboard & engage > Deliver impact > Extend & optimize
Leadership journey
Copilot
implementation
Copilot
readiness
checklist
Sponsor
Scenarios
Security
You are
here
Human change
Prepare organization and employees for the AI
transformation journey through user enablement programs
Technical readiness
Address technical deployment and optimization, including
governance, security, compliance, and management
Workstreams support each other for maximum value and ROI
Get ready > Onboard & engage > Deliver impact > Extend & optimize
Leadership journey
Secure exec sponsorship
Leadership
Ensure they understand
the ABCs:
A
Active, visible, and
consistent
participation
B
Build a coalition with
their executive peers
C
Communicate
directly with
employees to
support landing the
change
Executive Sponsors should:
•Help the project team identify and prioritize their
topbusiness needs.
•Encourage shared planning between user
enablement and technical teams.
•Play a role in communicating the vision to leaders
across the organization.
•Actively participate in and use Copilot to help drive
and reinforce enablement.
•Promote the enablement program. Studies show
engaged employees are 2.6x
1
more likely to fully
support a successful AI transformation.
Executive Sponsors may:
•Lead or participate in the
organizational AI Council.
•Have purchasing authority for
licenses or services from
supporting suppliers.
•Be directly accountable for
Microsoft 365 or broader digital
workplace initiatives.
1
The state of AI change readiness eBook, Microsoft Viva People Science
Leadership
Ensure they understand
the ABCs:
A
Active, visible, and
consistent
participation
B
Build a coalition with
their executive peers
C
Communicate
directly with
employees to
support landing the
change
Executive Sponsors should:
•Help the project team identify and prioritize their
topbusiness needs.
•Encourage shared planning between user
enablement and technical teams.
•Play a role in communicating the vision to leaders
across the organization.
•Actively participate in and use Copilot to help drive
and reinforce enablement.
•Promote the enablement program. Studies show
engaged employees are 2.6x
1
more likely to fully
support a successful AI transformation.
Executive Sponsors may:
•Lead or participate in the
organizational AI Council.
•Have purchasing authority for
licenses or services from
supporting suppliers.
•Be directly accountable for
Microsoft 365 or broader digital
workplace initiatives.
1
The state of AI change readiness eBook, Microsoft Viva People Science
Create an AI Council
Leadership
A cross-functional
body unique to
your needs
Oversees and guides the
development, deployment and
evaluation of AI capabilities
IT enablement team
Responsiblefor technical
preparedness and rollout, providing
onboarding support, as well as
managing feedback and compliance.
Executive sponsor
Drives adoption and infuses
confidence in the technology. Active
champion that encourages integrating
AI into day-to-day processes.
Change management team
Bridge between the AI council and
employees, helping to monitor adoption
progress, gather feedback, and foster a
collaborative environment.
Risk management
Ensurescompliance to AI regulations and
ethical standards. Ensure organization’s AI
initiatives are transparent, accountable,
and trustworthy.
Leadership
A cross-functional
body unique to
your needs
Oversees and guides the
development, deployment and
evaluation of AI capabilities
IT enablement team
Responsiblefor technical
preparedness and rollout, providing
onboarding support, as well as
managing feedback and compliance.
Executive sponsor
Drives adoption and infuses
confidence in the technology. Active
champion that encourages integrating
AI into day-to-day processes.
Change management team
Bridge between the AI council and
employees, helping to monitor adoption
progress, gather feedback, and foster a
collaborative environment.
Risk management
Ensurescompliance to AI regulations and
ethical standards. Ensure organization’s AI
initiatives are transparent, accountable,
and trustworthy.
Drive human change with best practices
Human change
Organizational performance/
value realization
Time
Current State
Deployment
Technology implementation
including design,
development, addressing
technical prerequisites or
controls, and making the
solution available for use.
Copilot readiness complete
Licenses assigned
Benefits outlined in the business case
Usage
Transition state
Future state
Change ‘adopted’
Sufficient benefits realized
Proficiency
Deep, habitual usage that delivers
measurable value to the employees, a
line of business, and the organization.
Employees consume the service as
available through user enablement alone.
Adoption
With change management
Higher likelihood of Copilot
adoption and benefits realization.
Without change management
More challenging transition, fewer
employees ‘on board,’ and
more resistance. Longer time to
benefits realization.
7x
More likely to meet or exceed
project objectives when have
excellent change management
practices, compared to poor
change management practices
(Prosci, 2024)
Human change
Organizational performance/
value realization
Time
Current State
Deployment
Technology implementation
including design,
development, addressing
technical prerequisites or
controls, and making the
solution available for use.
Copilot readiness complete
Licenses assigned
Benefits outlined in the business case
Usage
Transition state
Future state
Change ‘adopted’
Sufficient benefits realized
Proficiency
Deep, habitual usage that delivers
measurable value to the employees, a
line of business, and the organization.
Employees consume the service as
available through user enablement alone.
Adoption
With change management
Higher likelihood of Copilot
adoption and benefits realization.
Without change management
More challenging transition, fewer
employees ‘on board,’ and
more resistance. Longer time to
benefits realization.
7x
More likely to meet or exceed
project objectives when have
excellent change management
practices, compared to poor
change management practices
(Prosci, 2024)
Lay the foundation for continuous learning and an intelligent
progression of AI skills
Human change
1
Individual value
Foundational
skills
Inspire quick wins to reach value tipping point
Master basic prompts (e.g., summarization, revision)
2
Departmental
value
Departmental
skills
Use role-specific and multi-step prompts
Extend usage to role-based processes
3
Org value
Advanced
skills
Generate synergies across departments with extensibility
Streamline and automate cross-business process flows
1
Start with top 10 prompts that
deliver immediate success (e.g.,
summarize a meeting, email
thread).
2
Use theCopilot Scenario Library
to train users on new departmental
use cases and process improvement
to impact departmental KPIs.
3
Extend to line of business systems
to streamline and automate for
organizational level impacts on
revenue and costs.
Prioritize peer-to-peer learning
through community engagement and
knowledge sharing.
progression of AI skills
Human change
1
Individual value
Foundational
skills
Inspire quick wins to reach value tipping point
Master basic prompts (e.g., summarization, revision)
2
Departmental
value
Departmental
skills
Use role-specific and multi-step prompts
Extend usage to role-based processes
3
Org value
Advanced
skills
Generate synergies across departments with extensibility
Streamline and automate cross-business process flows
1
Start with top 10 prompts that
deliver immediate success (e.g.,
summarize a meeting, email
thread).
2
Use theCopilot Scenario Library
to train users on new departmental
use cases and process improvement
to impact departmental KPIs.
3
Extend to line of business systems
to streamline and automate for
organizational level impacts on
revenue and costs.
Prioritize peer-to-peer learning
through community engagement and
knowledge sharing.
Accelerate your AI workforce transformation
Human change
Communications SkillingMeasurement
Copilot Communities to facilitate
user enablement
▪Share best practices
▪Access company announcements
▪Seek support from peers and IT
aka.ms/CopilotCommunities
Copilot Analytics for ROI and impact
assessment
▪Copilot Dashboard for leaders
▪Viva Insights for customizable analysis
▪Copilot business impact reports
aka.ms/CopilotAnalytics
aka.ms/CopilotDashboard
Copilot Academy for user skill
development
▪Curated learning paths
▪Hands-on prompt guidance
▪Content created by Microsoft experts
aka.ms/CopilotAcademy
Human change
Communications SkillingMeasurement
Copilot Communities to facilitate
user enablement
▪Share best practices
▪Access company announcements
▪Seek support from peers and IT
aka.ms/CopilotCommunities
Copilot Analytics for ROI and impact
assessment
▪Copilot Dashboard for leaders
▪Viva Insights for customizable analysis
▪Copilot business impact reports
aka.ms/CopilotAnalytics
aka.ms/CopilotDashboard
Copilot Academy for user skill
development
▪Curated learning paths
▪Hands-on prompt guidance
▪Content created by Microsoft experts
aka.ms/CopilotAcademy
Microsoft 365 Copilot
Readiness checklist and key resources
Onboard & engage Extend & optimizeGet ready Deliver impact
T E C H N I C A L R E A D I N E S S
Support continuous learning and optimization
M I C R O S O F T R E S O U R C E S
Microsoft Adoption
Resources to ensure you are delivering employee satisfaction and
business value.
Copilot learning hub
Build your skills across Microsoft Copilot with industry leading online training and
certification programs.
Copilot Dashboard
Measure the impact of your Copilot investment with the Copilot Dashboard.
Perform the Microsoft 365 Copilot
Optimization Assessment
Address data security, governance,
and data access questions
Build shared Microsoft 365 Copilot
implementation plan with User
Enablement team
Ensure appropriate Data Security
controls are in place
Prepare your organization for
Microsoft 365 Copilot with setup
guide: deploy Microsoft 365 apps, if
needed; assign licenses
Assign permissions by role to
provide access to the Microsoft 365
Copilot usage report
Establish service management plan
Analyze Microsoft 365 Copilot
usage reports and the Microsoft
Copilot Dashboard to observe user
adoption, retention, and
engagement
Design, build, and publish Copilot
agents to deliver unique
experiences
Build your own custom agents
Microsoft FastTrack
FastTrack is a Microsoft delivered benefit designed to help you deploy
Microsoft 365.
Technical readiness
Readiness checklist and key resources
Onboard & engage Extend & optimizeGet ready Deliver impact
T E C H N I C A L R E A D I N E S S
Support continuous learning and optimization
M I C R O S O F T R E S O U R C E S
Microsoft Adoption
Resources to ensure you are delivering employee satisfaction and
business value.
Copilot learning hub
Build your skills across Microsoft Copilot with industry leading online training and
certification programs.
Copilot Dashboard
Measure the impact of your Copilot investment with the Copilot Dashboard.
Perform the Microsoft 365 Copilot
Optimization Assessment
Address data security, governance,
and data access questions
Build shared Microsoft 365 Copilot
implementation plan with User
Enablement team
Ensure appropriate Data Security
controls are in place
Prepare your organization for
Microsoft 365 Copilot with setup
guide: deploy Microsoft 365 apps, if
needed; assign licenses
Assign permissions by role to
provide access to the Microsoft 365
Copilot usage report
Establish service management plan
Analyze Microsoft 365 Copilot
usage reports and the Microsoft
Copilot Dashboard to observe user
adoption, retention, and
engagement
Design, build, and publish Copilot
agents to deliver unique
experiences
Build your own custom agents
Microsoft FastTrack
FastTrack is a Microsoft delivered benefit designed to help you deploy
Microsoft 365.
Technical readiness
Get ready Onboard & engage Deliver impact Extend & optimize
Implementation overview
Microsoft 365 Copilot
Extend to new high value scenarios
Deliver business process
transformation with Copilot Studio,
plugins, and connectors
Drive group and cross-
organizational productivity and
innovation
Understand custom line of business
opportunities
Complete User Enablement Strategy
training
Define user experience and feedback
strategy
Design and deploy training and
engagement community (Center of
Excellence/Champion Platform)
Launch employee communications
and Champion program
Onboard executives and user cohorts
Deliver user Champions and support
staff training
Review success measures and user
survey results
Conduct feedback and reporting
analysis
Deliver extended training and
adoption support
Identify additional optimization
scenarios
Iterate user experience strategy
Gather and amplify success stories
Secure exec sponsorship, create AI
Council, and define RAI principles
Identify success owners,
Champions, and early adopter
cohorts
Detail high value scenarios and
personas
Be intentional withassignment and
concentrate seats
Define success criteria, KPIs, and
success measurement plan
Perform the Microsoft 365 Copilot
Optimization Assessment
Address data security, governance,
and data access questions
Build shared Microsoft 365 Copilot
implementation plan with User
Enablement team
Ensure appropriate Data Security
controls are in place
Prepare your organization for
Microsoft 365 Copilot with setup
guide: deploy Microsoft 365 apps, if
needed; assign licenses
Assign permissions by role to
provide access to the Microsoft 365
Copilot usage report
Establish service management plan
Analyze Microsoft 365 Copilot
usage reports and the Microsoft
Copilot Dashboard to observe user
adoption, retention, and
engagement
Design, build, and publish Copilot
agents to deliver unique
experiences
Build your own custom agents
User Enablement Workstream
Technical Readiness Workstream
H U M A N C H A N G E
T E C H N I C A L R E A D I N E S S
You are
here
Technical readiness
Implementation overview
Microsoft 365 Copilot
Extend to new high value scenarios
Deliver business process
transformation with Copilot Studio,
plugins, and connectors
Drive group and cross-
organizational productivity and
innovation
Understand custom line of business
opportunities
Complete User Enablement Strategy
training
Define user experience and feedback
strategy
Design and deploy training and
engagement community (Center of
Excellence/Champion Platform)
Launch employee communications
and Champion program
Onboard executives and user cohorts
Deliver user Champions and support
staff training
Review success measures and user
survey results
Conduct feedback and reporting
analysis
Deliver extended training and
adoption support
Identify additional optimization
scenarios
Iterate user experience strategy
Gather and amplify success stories
Secure exec sponsorship, create AI
Council, and define RAI principles
Identify success owners,
Champions, and early adopter
cohorts
Detail high value scenarios and
personas
Be intentional withassignment and
concentrate seats
Define success criteria, KPIs, and
success measurement plan
Perform the Microsoft 365 Copilot
Optimization Assessment
Address data security, governance,
and data access questions
Build shared Microsoft 365 Copilot
implementation plan with User
Enablement team
Ensure appropriate Data Security
controls are in place
Prepare your organization for
Microsoft 365 Copilot with setup
guide: deploy Microsoft 365 apps, if
needed; assign licenses
Assign permissions by role to
provide access to the Microsoft 365
Copilot usage report
Establish service management plan
Analyze Microsoft 365 Copilot
usage reports and the Microsoft
Copilot Dashboard to observe user
adoption, retention, and
engagement
Design, build, and publish Copilot
agents to deliver unique
experiences
Build your own custom agents
User Enablement Workstream
Technical Readiness Workstream
H U M A N C H A N G E
T E C H N I C A L R E A D I N E S S
You are
here
Technical readiness
Implementation project summary
Shared milestone view
Complete
foundational
learning
Assemble team
Share prioritized
scenarios
Select and validate initial cohort
Helpdesk onboarding
Review community management plan
Launch training content and
office hours
Stakeholder
alignment
Define comms ROB
and tools
Share Optimization
Assessment results
Deliver shared
implementation plan
Purchase
decision
Ensure reporting roles assigned
Update support systems
Enhance Center of Excellence
01 02 03 04 05 07 08 10 11Weeks00 06 09 12
Triage of daily feedback
Review shared support process
Launch progressive skilling content
Analyze usage reports and
Dashboard data
Summarize risk, issues, and
opportunities
Prepare for and conduct Service Health Review
Summarize scenario and user recommendations
Launch extensibility skilling content
Prepare AI
Council
insights
First 30 days
30-60 days
Recurring tasks
Ensure data security
controls are in place
Install apps, assign
licenses
Technical readiness
Shared milestone view
Complete
foundational
learning
Assemble team
Share prioritized
scenarios
Select and validate initial cohort
Helpdesk onboarding
Review community management plan
Launch training content and
office hours
Stakeholder
alignment
Define comms ROB
and tools
Share Optimization
Assessment results
Deliver shared
implementation plan
Purchase
decision
Ensure reporting roles assigned
Update support systems
Enhance Center of Excellence
01 02 03 04 05 07 08 10 11Weeks00 06 09 12
Triage of daily feedback
Review shared support process
Launch progressive skilling content
Analyze usage reports and
Dashboard data
Summarize risk, issues, and
opportunities
Prepare for and conduct Service Health Review
Summarize scenario and user recommendations
Launch extensibility skilling content
Prepare AI
Council
insights
First 30 days
30-60 days
Recurring tasks
Ensure data security
controls are in place
Install apps, assign
licenses
Technical readiness
Perform the Microsoft 365 Copilot
Optimization Assessment
Get ready
Optimisation Assessment
The assessment is designed to understand your current licensing profile,
your collaboration tools, sensitive data handling, and security controls
implemented today in your organization, helping you identify a clear path
to deploying Microsoft 365 Copilot. The assessment consists of 26
questions and takes about 30 minutes to complete.
・Complete the Microsoft 365 Copilot Optimization Assessment
・Understand current licensing
・Understand identity management
・Understand current collaboration tools
・Understand current data locations
・Uncover opportunities to implement data security measures and improve data
security posture to optimize user experience with Microsoft 365 Copilot
Technical readiness
Optimization Assessment
Get ready
Optimisation Assessment
The assessment is designed to understand your current licensing profile,
your collaboration tools, sensitive data handling, and security controls
implemented today in your organization, helping you identify a clear path
to deploying Microsoft 365 Copilot. The assessment consists of 26
questions and takes about 30 minutes to complete.
・Complete the Microsoft 365 Copilot Optimization Assessment
・Understand current licensing
・Understand identity management
・Understand current collaboration tools
・Understand current data locations
・Uncover opportunities to implement data security measures and improve data
security posture to optimize user experience with Microsoft 365 Copilot
Technical readiness
Microsoft Blueprints
Address internal oversharing concerns for M365 Copilot
deployment
Pilot (Optional) Deploy Operate
Activities
•Identify most popular sites & assess
oversharing
•Grant Copilot access to popular, low
risk sites
•Turn on proactive audit and
protection
•Discover oversharing risks
•Restrict sensitive info from Copilot
access and/or processing
•Increase site privacy
•Further reduce risk and simplify
oversight
•Further secure sensitive data
•Improve Copilot responses
Outcomes
Deploy copilot to sub-set of
users withup to 100 sites
Copilot fully deployed in your
organization
Continuous improvement of
data security practices
Effort* 2–4 days 2–4 weeks More than one month
*Suggested efforts should be reviewed into timelines based on your tenant size and organizational complexity
Microsoft 365 Copilot blueprint for oversharing | Microsoft Learn
deployment
Pilot (Optional) Deploy Operate
Activities
•Identify most popular sites & assess
oversharing
•Grant Copilot access to popular, low
risk sites
•Turn on proactive audit and
protection
•Discover oversharing risks
•Restrict sensitive info from Copilot
access and/or processing
•Increase site privacy
•Further reduce risk and simplify
oversight
•Further secure sensitive data
•Improve Copilot responses
Outcomes
Deploy copilot to sub-set of
users withup to 100 sites
Copilot fully deployed in your
organization
Continuous improvement of
data security practices
Effort* 2–4 days 2–4 weeks More than one month
*Suggested efforts should be reviewed into timelines based on your tenant size and organizational complexity
Microsoft 365 Copilot blueprint for oversharing | Microsoft Learn
Secure by Default Blueprint by Microsoft Purview
Introduction to secure by default with Microsoft Purview | Microsoft Learn
Introduction to secure by default with Microsoft Purview | Microsoft Learn
Resources
•Official Microsoft
oCopilot
▪What is Microsoft 365 Copilot? | Microsoft Learn
▪Data, Privacy, and Security for Microsoft 365 Copilot | Microsoft Learn
oMicrosoft Adoption
▪Microsoft 365 Copilot – Microsoft Adoption
▪2_ImplementationSummaryGuideForLeaders_Microsoft365Copilot.pptx
▪4_TechnicalReadinessGuide_Microsoft365Copilot.pptx
oMicrosoft 365 Reports
▪Microsoft Adoption Score - Microsoft 365 admin | Microsoft Learn
oViva Insights Copilot Analytics
▪Copilot Analytics introduction | Microsoft Learn
oPurview
▪Learn about sensitivity labels | Microsoft Learn
▪Learn about data loss prevention | Microsoft Learn
oDSPM for AI
▪Learn how Microsoft Purview Data Security Posture Management (DSPM) for AI provides data security and compliance protections for
oAssesssments
▪M365 Copilot - Solution Assessments Program
•Nikki
•Blog: Nikki Chapple | Microsoft MVP | Data Security + Governance
•Youtube and Spotify: All Things M365 Compliance - YouTube
•Official Microsoft
oCopilot
▪What is Microsoft 365 Copilot? | Microsoft Learn
▪Data, Privacy, and Security for Microsoft 365 Copilot | Microsoft Learn
oMicrosoft Adoption
▪Microsoft 365 Copilot – Microsoft Adoption
▪2_ImplementationSummaryGuideForLeaders_Microsoft365Copilot.pptx
▪4_TechnicalReadinessGuide_Microsoft365Copilot.pptx
oMicrosoft 365 Reports
▪Microsoft Adoption Score - Microsoft 365 admin | Microsoft Learn
oViva Insights Copilot Analytics
▪Copilot Analytics introduction | Microsoft Learn
oPurview
▪Learn about sensitivity labels | Microsoft Learn
▪Learn about data loss prevention | Microsoft Learn
oDSPM for AI
▪Learn how Microsoft Purview Data Security Posture Management (DSPM) for AI provides data security and compliance protections for
oAssesssments
▪M365 Copilot - Solution Assessments Program
•Nikki
•Blog: Nikki Chapple | Microsoft MVP | Data Security + Governance
•Youtube and Spotify: All Things M365 Compliance - YouTube
I am new to Microsoft 365 and have just started a new role at a new
company. I have been tasked with preparing the organisation for rolling
out Copilot.
I am concerned that the content in M365 is not secured and governed
as well as it should be to provide responses that are trusted and
provide confidence in Copilot.
Provide me with a list of links that I can use to learn and share with my
team about tools and technologies I should use.
Reference learn.microsoft.com and adoption.microsoft.com and
provide a list of suggested activities we should complete
company. I have been tasked with preparing the organisation for rolling
out Copilot.
I am concerned that the content in M365 is not secured and governed
as well as it should be to provide responses that are trusted and
provide confidence in Copilot.
Provide me with a list of links that I can use to learn and share with my
team about tools and technologies I should use.
Reference learn.microsoft.com and adoption.microsoft.com and
provide a list of suggested activities we should complete
Thank you
•Please provide feedback
•Please provide feedback
Tags
microsoft 365 copilot
icrosoft 365 copilot readiness
microsoft 365 data loss prevention
dlp policy for copilot
endpoint dlp
microsoft purview sensitivity labels
sharepoint advanced management
oversharing risks
data sprawl
gen ai risks
oversharing in microsoft 365
copilot dashboard viva insights
copilot agent usage reports
dspm for ai analytics
defender for cloud apps shadow it
copilot
gen ai
ai governance microsoft 365
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 122
- Slides 163
- Favorites 1
- Age 41 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views