Ensuring data accessibility and user context in Microsoft 365 Copilot
Now towards the main topic, data. As highlighted in the above breakdown, Copilot will access data through Microsoft Graph, meaning if it isn’t found there, it’s not going to be discoverable by the LLM.
How can you ensure that your data is accessible through Graph? The simplest answer is to ensure that the data is accessible within your tenant, which means if you haven’t started already, now is the time to be looking at moving those legacy file shares into SharePoint, and those old re-directed user profiles into OneDrive.
Speaking on the topic of data accessibility, it is important to understand the user context of Microsoft 365 Copilot. When a user prompts Copilot, it will query all data accessible to the end user, this means any SharePoint site the user has access to will be searched with the query. This is an important technical aspect to consider, especially for organisations who quickly migrated data to SharePoint during the pandemic, we have seen many instances where SharePoint sites were not locked down correctly, permissions have creeped over time or users have been added to Teams which contained data not pertinent to their job role.
Microsoft has recently echoed the importance of “Just Enough Access”, meaning that employees should have access to only the data they require to do their jobs. This requirement is amplified with the launch of Copilot, where an employee has access to massive amounts of organisational data in seconds through the front end of Copilot. The hero toolkit here is the Microsoft Purview portal, by correctly labelling data, conducting access reviews on sites and using advanced tooling like trainable classifiers, organisations can help protect against any unwanted access from employees, or data that shouldn’t be collated into a Copilot response being used inadvertently.