Copilot Surfaces Whatever Permissions Allow. Fix the Permissions First.
TL;DR
- Microsoft 365 Copilot uses Microsoft Graph permissions, so any content a user can technically reach, even through nested groups or broken inheritance, can appear in Copilot answers.
- SharePoint Advanced Management is automatically included with Microsoft 365 Copilot at no additional SKU.
- Data Access Governance reports surface overshared sites, Anyone links, and Everyone Except External Users permissions before Copilot amplifies them.
- You can exclude high-risk sites like HR, Finance, and Legal from Copilot indexing as a reversible stopgap while governance catches up.
- Site Lifecycle Management identifies inactive and orphaned sites automatically, because stale content is dangerous content once Copilot can read it.
Copilot does not have a sense of discretion. It has a permission model. When a user prompts Microsoft 365 Copilot, it will happily draw on every document that user can technically access, which in most tenants includes SharePoint sites nobody remembers owning, folders overshared years ago, legacy file share migrations, and content from 2017 that should have been archived or deleted.
That gap between what users should see and what they can see is the whole Copilot risk story. The good news: the tool that closes it, SharePoint Advanced Management, ships in the box with Copilot. Most organizations just never turn it on.
How a normal prompt becomes an HR incident
Picture an employee typing a perfectly reasonable request:
"Help me prepare for my performance review."

Copilot scans the environment and surfaces confidential HR material: salary benchmarks, disciplinary notes, draft termination letters, someone else's compensation plan. No breach occurred. Nobody acted maliciously. The files simply lived in a SharePoint site that was unknowingly overshared years ago, and Copilot treated that access as permission to answer.
This is not hypothetical. It is happening in production tenants today, and it is exactly why governance work belongs before Copilot enablement, not after.
What Copilot actually checks before it answers
Copilot relies on Microsoft Graph to determine what a user can access. If a user technically has permission, directly or indirectly, that content is fair game for responses.

On every prompt, Copilot:
- Evaluates the user's identity
- Pulls everything that user has access to
- Combines data from SharePoint, OneDrive, Teams, email, meetings, and chats
"Technically has permission" covers more ground than most admins expect:
- Nested group permissions granted years ago
- Legacy "Everyone except external users" access
- Broken inheritance at the file or folder level
- Forgotten guest access
This is how a developer ends up reading payroll data: added to a nested group long ago, swept in by an Everyone Except External Users grant, or inheriting permissions that drifted over time. Copilot does not know intent. It only knows permissions. Years of accumulated oversharing, especially in SMB and mid-market environments where governance was never enforced, do not get cleaned up by Copilot. They get amplified by it.
The license fact that changes the conversation
SharePoint Advanced Management is automatically included with Microsoft 365 Copilot. No additional SKU, no add-on negotiation. It provides the governance layer Copilot assumes already exists but usually does not.
Here is how we would sequence its controls: see the exposure, contain it, then keep it clean.
Step one: see the exposure with Data Access Governance reports

The oversharing and Data Access Governance assessments surface:
- Sites with broad access
- Broken permission inheritance
- Org-wide permissions
- Anonymous and "Anyone" links
- External user access
That is the 10,000-foot view of data exposure. The exports go deeper, including site privacy, sensitivity labels, external sharing status, user and guest counts, link types, and Everyone Except External Users (EEEU) permissions.

Red flags jump out fast in this format. A Finance site that is public and externally shareable is the kind of finding that reorders a deployment plan on its own.
Step two: contain the risk before flipping the switch
Three controls keep sensitive content out of reach while the cleanup happens.
Exclude high-risk sites from Copilot indexing

Some sites should never be part of Copilot's knowledge base: HR, Finance, Legal, M&A, executive strategy. SharePoint Advanced Management lets you exclude specific sites from Copilot indexing. It works as a stopgap, not a fix: Copilot stays enabled for the organization, the high-risk locations stay out of its answers, and you can reverse the exclusion once governance improves.
Reset broken sites with Restricted Site Access
Some sites are too messy to fix incrementally. Restricted Site Access ignores all existing permissions, defines a single approved group, and starts the site from a clean slate. Yes, it is a breaking change. Sometimes that is exactly what a legacy site with heavy permission sprawl or a high-risk data repository needs.
Block downloads on sensitive sites
The third containment layer stops data from leaving the browser, which matters most for users on unmanaged devices. You can block downloads on specific sites, keep content view-only in the browser, and prevent local copies on unmanaged devices. When Copilot surfaces a link to a sensitive document, the user can read it but the data does not escape.
Step three: keep it clean with lifecycle policies and change history
Cleanup that runs once is cleanup that decays. Two features make the governance ongoing.
Site Lifecycle Management handles the stale content problem automatically.

It can identify inactive sites, notify owners, enforce read-only access, and archive or clean up sites automatically. It also detects orphaned sites with no owners, requires periodic site attestation, and runs policies in simulation mode before enforcing, so you can preview the blast radius. The side benefit: it controls SharePoint storage costs while it reduces risk.
Change history provides the audit trail: site-level setting changes, org-wide sharing changes, and governance actions over time. When sensitive data appears in a Copilot answer, when access unexpectedly expands, or when a governance decision needs auditing, you have forensic visibility instead of a mystery.
Where SharePoint Advanced Management stops
It gives you the tools to discover risk, reduce oversharing, govern access, control Copilot indexing, automate cleanup, and audit change. It is foundational, but it is not the whole defense. Sensitivity labels, Data Loss Prevention, trainable classifiers, and advanced Microsoft Purview protections all belong in the full picture, and we will cover each of those in their own guides.
If a Copilot deployment is on your roadmap, this is where to start, because Copilot will only ever be as safe as the data you allow it to see.
Frequently asked questions
Is SharePoint Advanced Management an extra license?
Not if you own Copilot. SharePoint Advanced Management is automatically included with Microsoft 365 Copilot, no additional SKU required. If a client is buying Copilot seats, the governance tooling is already in the deal.
Does excluding a site from Copilot indexing change anyone's permissions?
No. Excluding a site from Copilot's knowledge base only stops Copilot from surfacing that content in responses. Users with access can still open the site directly. It is a containment measure, not a permissions fix, and you can reverse it once governance improves.
Is SharePoint Advanced Management enough to deploy Copilot safely on its own?
It is foundational, not complete. Sensitivity labels, Data Loss Prevention, trainable classifiers, and the broader Microsoft Purview stack still belong in a full Copilot deployment plan. Start with SharePoint Advanced Management because it addresses the most common failure mode: oversharing.
Know the oversharing exposure before the Copilot kickoff
CloudCapsule's assessment surfaces sharing and configuration risk across every tenant you manage, so the Copilot readiness conversation starts with evidence instead of guesswork. 250+ controls, 60 seconds per tenant.
Run a free scan
Written by
Nick Ross
CEO · Microsoft MVP · Founder, T-Minus 365
Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.
Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.
Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.


