Retrieval And Permission Drift Checks Before Microsoft 365 Copilot Is Trusted For Customer Work
Tools & Technical Tutorials
5 July 2026 | By Ashley Marshall
Quick Answer: Retrieval And Permission Drift Checks Before Microsoft 365 Copilot Is Trusted For Customer Work
Before Microsoft 365 Copilot or enterprise search is trusted for customer work, run retrieval checks against real user personas and fix permission drift. The aim is to prove that customer data is only surfaced to people who need it, with labels, audit trails and remediation evidence in place.
Copilot does not create most access problems. It makes existing access problems searchable, quotable and much harder to ignore.
Copilot Readiness Is A Retrieval Problem First
Most Microsoft 365 Copilot readiness work starts in the wrong place. Leaders ask whether the model is accurate, whether the licence price is justified, or whether staff will use it. Those questions matter, but they sit downstream of a more basic question: what can the assistant retrieve when a user asks a customer-related question? Microsoft is clear that Copilot operates inside the Microsoft 365 service boundary and uses Microsoft Graph to ground prompts in emails, chats, meetings and documents that the signed-in user can access, as described in its Microsoft 365 Copilot architecture guidance. That is a strength when permissions are tidy. It is a liability when years of Teams, SharePoint and OneDrive sprawl have made access broader than the business thinks.
The point is not that Copilot ignores permissions. The point is that Copilot makes existing permissions more useful, faster and easier to query. A folder that was technically open to a sales team but practically buried three clicks deep in a forgotten SharePoint site becomes much easier to surface when someone asks for examples, prices, contract terms or customer history. This is why retrieval testing belongs before any promise that Copilot or enterprise search is safe for customer work. You are not just testing whether answers sound plausible. You are testing whether the system can retrieve customer information that the user should not need, should no longer have, or should never combine in one answer.
What this means in practice is simple: run retrieval checks with named personas before deployment. Create prompts for account managers, service desks, finance users, delivery leads and executives. Ask for customer contracts, complaints, payment issues, renewal risks, special terms and sensitive project documents. Record the citations, source locations, sensitivity labels and access route. If a normal user can retrieve more than their role requires, the problem is not the prompt. It is the access model being exposed by a better interface.
Permission Drift Is The Hidden Migration Debt
Permission drift is what happens when a collaboration estate keeps changing but access reviews do not keep pace. A project channel is opened for speed. A supplier is invited for a short delivery window. A link is set to people in the organisation because the meeting is tomorrow. A finance workbook is copied into a broad SharePoint library because it is easier than asking IT for a new site. None of these decisions looks reckless in isolation. Over years, they become a retrieval surface that enterprise search and AI assistants can traverse very efficiently.
Microsoft explicitly warns that oversharing and SharePoint sprawl need governance attention before organisations rely on Copilot. Its SharePoint Advanced Management guidance lists controls for preventing oversharing, including data access governance reports, restricted access control, block download policies, app insights, restricted content discovery and agent access insights. The same guidance says these capabilities are helpful as organisations prepare for Microsoft 365 Copilot and agents. That is the operational clue. Copilot readiness is not a one-off licence deployment. It is a permission hygiene programme with search behaviour as the evidence.
Data access governance reports give a practical starting point because they show where exposure is broad. Microsoft documents reports for site permissions across the organisation, sensitivity labels applied to files, sharing links, and content shared with Everyone except external users in its Data access governance reports guidance. Activity reports focus on the last 28 days, which is useful because permission drift is often recent and behavioural. Snapshot reports provide the baseline. Together, they help a security or operations team move beyond anecdote and ask better questions: which sites have thousands of users, which sites include external guests, which libraries still use broad internal groups, and which sensitive files sit in places that were never designed for customer work?
For a UK business handling client strategy, HR, financial, legal or regulated sector information, the practical threshold should be stricter than technical access alone. The question is not whether a user can open a file without breaking Microsoft 365 rules. The question is whether a user needs that file to do customer work today.
Use Temporary Guardrails Without Mistaking Them For Governance
Restricted SharePoint Search is useful, but it is often misunderstood. Microsoft describes it as a temporary solution to help prevent some SharePoint sites from showing up in enterprise search and Copilot chat or agentic responses. Its own Restricted SharePoint Search guidance says the allowed list can include up to 100 SharePoint sites, that the feature is off by default, and that it is not intended to be a long-term solution. That matters because a temporary retrieval constraint can reduce exposure during rollout, but it does not fix the underlying access problem.
The leading counterargument is reasonable: if Copilot respects permissions, why slow down deployment for retrieval and permission drift checks? The answer is that respecting permissions is not the same as validating permissions. If a legacy bid library is open to Everyone except external users, Copilot may still be respecting the permission boundary while surfacing historic pricing, client issues or contract language to people who have no current need. If a user recently opened a budgeting site, Restricted SharePoint Search may still leave some routes available because Microsoft notes that users can access content they own, have recently accessed, or that has been directly shared with them. This is not a product defect. It is a governance reality.
What this means in practice is that temporary controls should be used as a rollout brake, not a risk acceptance statement. Curate the initial allowed list around known, governed sites. Keep customer-facing teams away from broad discovery while the baseline is cleaned. Then run a structured sequence: generate permission reports, ask site owners to review exposed content, remove unnecessary broad groups, apply sensitivity labels, test retrieval with personas, and only then widen the search scope. If Restricted SharePoint Search stays in place indefinitely, you have probably converted a readiness control into a fragile workaround.
There is also a user experience trade-off. Microsoft says keeping Restricted SharePoint Search enabled can affect overall search and limit the information Copilot has available, which can reduce response accuracy and completeness. That is why the target state is not permanent restriction. The target state is a Microsoft 365 estate where standard permission-based access is accurate enough to trust.
Tie Retrieval Checks To UK Data Protection Duties
For UK organisations, this is not just an IT housekeeping issue. Customer work often includes personal data, special category data, confidential commercial information, employee records and operational details supplied under contract. The ICO's guidance on AI and data protection frames AI governance through accountability, transparency, lawfulness, fairness, accuracy, security, data minimisation and individual rights. Those principles apply whether the AI system is a bespoke model or an enterprise assistant grounded in Microsoft 365 data. If Copilot retrieves personal data into answers for people who do not need it, the organisation still has to explain why that access was necessary, proportionate and controlled.
The NCSC's cloud security principles are also relevant because Microsoft 365 is a cloud service and Copilot changes how users interact with that service. NCSC Principle 9 focuses on secure user management and expects tools for role-based access controls across the service and the data held in it. Principle 13 covers audit information and alerting for customers. Principle 14 covers secure use of the service. In plain English, UK leaders should expect identity, access, monitoring and operational governance to be evidenced before customer data is exposed through a more powerful search layer.
What this means in practice is that retrieval tests should produce governance evidence, not just a technical pass or fail. Keep a simple register of test personas, prompts, retrieved sources, sensitivity labels, business justification, remediation owner and retest date. Where personal data appears, record the lawful basis context and whether the user role should have needed that information. Where confidential customer data appears, record the contract or policy basis for access. This creates an audit trail that is useful for security, legal, compliance and customer assurance conversations.
Security teams should also resist treating AI retrieval as separate from conventional controls. Microsoft's own privacy guidance says prompts, responses and Microsoft Graph data are not used to train foundation LLMs, and that Copilot surfaces organisational data where users have at least view permissions in its data, privacy and security guidance. That is reassuring, but it does not remove the organisation's accountability for the permissions, labels and access decisions inside its tenant.
Build A Repeatable Drift Check, Not A Launch Checklist
A single pre-launch review is not enough because permissions keep moving. People join accounts, leave accounts, change roles, invite suppliers, create sites, archive projects, copy documents and reuse templates. Drift checks need a rhythm. For many mid-market organisations, monthly checks during the first quarter of Copilot use and quarterly checks after stabilisation are a practical minimum. Higher-risk environments, such as legal, healthcare, financial services, defence supply chains or public sector delivery, should run more frequent checks around major organisational changes and customer onboarding.
A repeatable check has three parts. First, run exposure reporting. Use SharePoint Advanced Management data access governance reports to identify broad permissions, external access, sharing links, Everyone except external users exposure and sensitivity label gaps. Second, run retrieval testing. Use real user personas and prompts that mirror customer work, then review the sources and citations. Third, remediate and retest. Microsoft's site access review guidance lets administrators delegate oversharing review to site owners. It supports reports for sharing links, Everyone except external users, and oversharing baselines using permissions. Microsoft says administrators can initiate up to 1,000 site access reviews from the site permissions report each calendar month, which is enough to turn governance into a managed workflow rather than an inbox argument.
The output should be measurable. Track how many high-exposure sites were found, how many were remediated, how many customer-related prompts returned unexpected sources, how many sensitivity labels were missing, and how many exceptions were accepted by a named risk owner. These are more useful board metrics than generic statements such as Copilot is secure or users have been trained. They show whether the permission surface is improving or deteriorating.
Do not forget non-SharePoint retrieval. Microsoft 365 Copilot also grounds on email, chats, meetings and calendars. Enterprise search may include third-party systems through Microsoft Graph connectors or agents. Microsoft notes that data from Graph connectors can be returned in Copilot responses if the user has permission to access it. That means the same drift logic applies to CRM, ticketing, project management and document management systems. Any source that can be searched should have an owner, an access model, a review cycle and a test prompt set.
Use Purview And Identity Signals To Make Trust Operational
Trusting Copilot for customer work requires more than reducing SharePoint exposure. It needs operating controls that continue after go-live. Microsoft Purview is the obvious control plane for many Microsoft 365 customers because it brings together sensitivity labels, data loss prevention, auditing, communication compliance, retention and AI activity visibility. Microsoft's Purview guidance for generative AI apps says generative AI amplifies the risk of oversharing or leaking data, and explains that sensitivity labels can add an extra layer of protection. Where a sensitivity label applies encryption, users must have EXTRACT as well as VIEW rights for AI apps to return the data.
That EXTRACT requirement is a good example of the kind of detail leaders should care about. It moves the discussion from vague comfort to enforceable control. Can the user view the file? Can they extract content into an AI answer? Is the label applied consistently in SharePoint and OneDrive? Are endpoint DLP policies warning or blocking attempts to paste sensitive information into third-party generative AI sites? Are Copilot prompts and responses captured in audit logs with references to files accessed during the interaction? Purview can help answer those questions, but only if the organisation has configured it deliberately.
Identity signals matter just as much. Microsoft says Copilot honours Conditional Access and multifactor authentication. Microsoft's 2024 Digital Defense Report says customers face more than 600 million cybercriminal and nation-state attacks every day, and that password-based attacks make up over 99 percent of the 600 million daily identity attacks in its Digital Defense Report 2024. That is not a Copilot statistic, but it is directly relevant to Copilot risk because a compromised identity inherits the same retrieval power as the legitimate user. Conditional Access, device compliance, phishing-resistant MFA for privileged and high-risk roles, privileged access management and fast account disablement are all part of retrieval security.
The final test is whether a customer would accept your explanation. If a client asked how you prevent their information being surfaced to staff outside the account team, could you show the access model, labels, audit trail, retrieval test evidence and remediation cadence? If the answer is no, Copilot should not yet be trusted for customer work at scale.
Frequently Asked Questions
Does Microsoft 365 Copilot ignore existing permissions?
No. Microsoft says Copilot uses Microsoft Graph and surfaces organisational data according to the signed-in user's permissions. The risk is that existing permissions may already be broader than the business realises.
What is permission drift?
Permission drift is the gradual widening or misalignment of access caused by role changes, temporary projects, external sharing, broad internal links and old sites that are not reviewed.
Is Restricted SharePoint Search enough for Copilot readiness?
No. It can reduce exposure during rollout, but Microsoft describes it as temporary and capped at up to 100 allowed SharePoint sites. It should sit alongside permission remediation.
Which Microsoft tools help with oversharing checks?
SharePoint Advanced Management, data access governance reports, site access reviews, restricted access control, restricted content discovery and Microsoft Purview are the main Microsoft controls to assess and reduce oversharing.
How should a UK organisation test retrieval safely?
Use named business personas, realistic customer-work prompts, recorded citations, source locations, sensitivity labels and documented remediation. Avoid using real sensitive prompts in uncontrolled testing channels.
Do sensitivity labels affect Copilot responses?
Yes. Microsoft Purview sensitivity labels can add protection. Where labels apply encryption, users need relevant rights, including EXTRACT as well as VIEW, for AI apps to return protected data.
How often should permission drift be checked?
Run monthly checks during early rollout, then quarterly for stable lower-risk environments. Run more frequently after restructures, major client onboarding, mergers, supplier changes or regulated-project changes.
What is the biggest misconception about Copilot security?
The biggest misconception is that because Copilot respects permissions, the tenant is automatically ready. Copilot can faithfully expose poor permissions, which is why retrieval testing is essential.