Back to Blog
5 Apr 2024

Microsoft Copilot: 3 steps before you fly

A mad buzz surrounds Copilot for Microsoft 365. It’s moved on from a software development tool to a productivity aid for people in any size of company. However, there are major pitfalls if you dive straight in – and you don’t want to crash.

Organisations that adopt Copilot correctly will undoubtedly have a competitive advantage. It provides intelligent assistance powered by AI and promises to revolutionise how you and your staff use Microsoft 365 tools such as Word, Outlook, and Excel or Microsoft Power Platform and Dynamics 365, to name a few.

Chart: What is your company doing with Copilot for Microsoft 365?However, given the excitement generated by Copilot, you would be forgiven for thinking that everyone is using it and that you are at risk of falling behind. Our research shows that the reality is very different, and our advice is “don’t panic.”

We surveyed over 150 people working at companies employing 50-500 staff. We asked, “What is your company doing with Copilot for Microsoft 365?” The response shows that only 10.7% of people work at companies that have embraced Copilot. 

The majority (53.5%) have never heard of it, which suggests their leadership hasn’t yet launched the plan (if they have one).

However, this is not a time for inaction. It’s wise to take some cautious steps on your path towards Copilot adoption. Preparation is vital in avoiding major issues, such as privacy concerns, data exfiltration, or a data breach. Here is our advice on Responsibility, Discovery, and Activity.

Responsibility - appoint an Adoption Manager

You need Copilot champions within your organisation. Early adopters have stated that appointing an Adoption Manager is a crucial step. They also suggest introducing Copilot to a critical mass of staff creates a ripple effect of interest and usage. When you’ve done all the preparation (explained below), don’t just give Copilot to the IT department to ‘pilot’ (IT teams tend to be a bottleneck).

Figuring out who really needs access is also essential; it will most likely only be necessary for some staff members. Let the Finance, Operations, and Marketing teams trial it, as this is where the efficiency gains are most likely to be realised.

Ultimately, you need a strategy. Set clear objectives and outline how Microsoft 365 Copilot will be used within your organisation. Are there specific tasks it can streamline or areas where it could boost productivity? This should provide tangible benefits that help illustrate the advantages.

Discovery - your data may not be ready

Before you push the button on Copilot, your business needs to be technically ready. Two of the most important steps are getting your data ready for indexing and permitting access. It is fundamental to ensure the data is indexed and in the right place with the right access.

Define sensitive data
So, the first question to ask is, “What is your organisation's definition of sensitive data?” This will vary significantly from one company to another. If you're a medical company, it would be health records, social security numbers, etc., but if you’re a recruitment agency, it could be copies of candidate driving licences or staff payroll information.

Microsoft does have native solutions to help you discover your sensitive data, such as automatic discovery and data loss prevention tools, but these are only available with higher-level licencing and need to be configured to provide the required output.

However, an excellent place to start is by asking yourself, “If this document got into a standard user's hands, how worried would I be?” Think of HR, Legal, Finance departments (HLF), and Customer data as a priority.

Discover sensitive data
Where does your defined sensitive data live? Where is it located, and how is it protected? Use automation to pay specific attention to your HLF + Customer data where possible.

Review Sharing Policy
What restrictions do you have for sharing documents internally and externally? If your current financial figures are marked ‘All Users’, that’s a big red flag. So, you need to define your sharing policy.

The default settings often allow data to be shared with anyone, so check that sensitive documents have been modified in accordance with your sharing policy.

Classify data (data taxonomy)
Keep it simple. Documents/folders could be marked as either Public, Private or Confidential. Public means they can be shared internally and externally with anyone.

Private means they are only shared internally with anyone in your organisation. Confidential means they are shared internally but with selected users only.

Microsoft has ‘Information Protection Labels’, which makes data classification easier. For example, any document tagged Confidential can be restricted to specific users and encrypted.

Review access controls
How do you currently grant or revoke access to documents? Review your process and amend it if necessary.

Using groups to define access is more efficient than granting access individually. You can define groups by their job title or department and whether they are enabled. So, John, the Head of Sales, has access to all Sales documents. Sally, the Sales Assistant, has access to the folder, but certain documents are disabled.

Awareness, training, process
Given the empowerment of data owners within SharePoint, engaging required staff members as you progress in your Copilot readiness journey will be necessary and worthwhile.

This will raise awareness of the current setup and gaps, identify what can be done to address the gaps and inform staff about best practices going forward so staff adhere to the agreed process.

Activity – implement your discovery and definition

Now that you have discovered and defined your data, it’s time to act. Begin by applying labels to the highest priority items; HLF + Customer data is a good place to start.

When you’ve done that, you can begin updating your access controls. This could involve adding or removing users from groups or archiving Teams channels or SharePoint sites. It could also mean that a document/folder needs to be classified differently, maybe from Public to Private.

Then, you update your sharing policy and creation rights. Remember that Teams proliferation can be a big problem if everyone in your organisation can create a Teams channel.

Finally, small and medium-sized organisations need to consider licensing. Microsoft Standard licensing is insufficient for Copilot adoption; you need Microsoft Business Premium to take full advantage without needing to layer on third-party solutions.

Microsoft Copilot summary

No new technology is perfect. There will be glitches. However, in addition to the usual challenges of the learning curve that staff will need to go through and the impact on budgets, there are specific Copilot concerns.

Will the widespread adoption of Copilot create an over-dependence on technology? Could it reduce critical thinking and problem-solving skills? And will staff be concerned about job losses?

However, Microsoft Copilot is a powerful AI tool that any organisation can use to empower itself with artificial intelligence and perform a multitude of tasks in seconds.

If you’re looking to get started with Microsoft 365 Copilot but don’t know where to start, reach out to us today. Our team of professionals can help you figure out how to move forward with Copilot and provide you with a helping hand along the way.

Graham Smith

By Graham Smith