Microsoft 365 Copilot doesn't introduce new data risk. It exposes the risk you already have. Most organizations preparing for Copilot focus on licensing, adoption, and productivity gains. Very few start with the question that actually matters: what can Copilot see, and should it be able to see all of it? The answer, in almost every environment I've assessed, is no.
This session breaks down how Copilot actually works behind the scenes. How it interacts with the Microsoft Graph, how it retrieves content from SharePoint Online, OneDrive, Exchange Online, and Microsoft Teams, and why permissions, not AI, ultimately determine what it can access. Once you understand the retrieval model, the oversharing problem becomes obvious. And it's a problem that exists in your environment right now, whether you've deployed Copilot or not.
We'll walk through real scenarios where Copilot surfaces sensitive or inappropriate data. Not because the technology is broken, but because access controls were too broad, sharing defaults were never tightened, and no one audited what was actually reachable. We'll also demonstrate how prompt injection attacks can manipulate Copilot outputs and why this is a real concern in enterprise environments, not just a research curiosity. From there, we shift to what you can do about it. Using Microsoft Purview, Defender, Intune, Entra and more, we'll show how to reduce your exposure surface and prepare your environment properly before rolling Copilot out to production users. If you've already deployed it, the same controls apply, they're just more urgent. If you're planning a Copilot rollout or already in one, this session will likely change your approach.