Considerations for Deploying Copilot

Most organizations in today's world have at least thought about deploying Microsoft Copilot as an assistant for their people. Whether you are choosing to roll out to the most powerful executives or everyone across the organization, there are benefits to making Copilot available. We previously wrote an article on maximizing return on investment (ROI) with Copilot, but the first step in the process should always be ensuring your organization’s readiness for deployment.

Microsoft Copilot is relatively simple to deploy from a technical perspective, but there aren’t any checks and balances in place that force one to pause and reflect on the potential impact it can have. In this way, Copilot can be a double-edged sword: without the proper safeguards in place, the damage can be significant.

We recommend addressing the following tactical considerations before considering deployment of Microsoft Copilot in your organization:

Evaluate your security model in Microsoft 365 and make sure, wherever possible, there are no lapses in permissions that would give people access to things they should not be able to see. These types of lapses are dangerous, because Copilot will take advantage of them. Return that content to anyone who requests it.

Apply sensitivity labels, even very basic ones, to your crown jewels and most sensitive content. Copilot respects sensitivity labels, and this is one of the best tools you can use to cordon off important data to which Copilot should not have access. Our tip here is to avoid getting caught up in the formal design of permanent sensitivity labels. Instead, deploy one or two labels that highlight confidential data and deploy the labels at a container level to places you need to protect.

Stamp out data oversharing. Purview and SharePoint Advanced Management both have a tool that can show you links that have been created for “everyone in the organization”. These types of links create massive problems for your permission model and should be immediately shut down before Copilot is turned on.

With these three actions alone, you will significantly reduce your risk of your first Copilot deployment. If you are still nervous about your security posture and want to take more time

to evaluate the impact of Copilot, we highly recommend executing the necessary reviews. That being said, the time required to review, posture, and properly fix all outstanding issues may extend the ROI period beyond what is palatable for your leaders. If you want a quick win with less risk than a full Copilot deployment, consider installing a Copilot Agent on one of your SharePoint sites. Copilot Agents are limited deployments of Copilot that provide access to a majority of the features, scoped to only one SharePoint site. With this type of implementation, users have access to the features they want to try without opening your organization to a security risk.

If you are considering Copilot deployment but are concerned about security and aren't quite sure where to start, contact Cadence Solutions­. Our tried-and-tested Copilot readiness assessment framework provides a tactical roadmap for deploying Copilot in your organization.

About Cadence Solutions

Jordan Uytterhagen founded Cadence Solutions starting on the client side of the table. His mandate has been to help organizations struggling with digital transformation implement projects without losing their trust and confidence. Our solutions include automation of human resources, finance, accounts payable, contract management, document capture, drawing and records management, as well as managed services. Cadence Solutions has proven, time and again, that our client's projects will be successful because we are authentic with unmatched experience.