Everyone wants Copilot. Not everyone is ready for it. Roll it out before fixing the basics, and problems surface fast.
The best and worst thing about Copilot is that it works with whatever you give it.
Feed it a well-governed, well-maintained content and it will find the right answer at the right time. Feed it twenty years of accumulated mess and it will find that too.
In our recent conversation with knowledge management veteran Susan Hanley, one of the first people Microsoft ever showed SharePoint to, she put it plainly,
“Copilot isn’t hallucinating. You’re feeding it information that is not accurate. That’s on you.”
Susan Hanley, Independent Microsoft 365 and SharePoint Consultant
So, if you are planning a Copilot rollout, here is what you need to fix first…
1. Start with SharePoint Advanced Management
SharePoint Advanced Management (SAM) gives your SharePoint administrator visibility into over-shared content, stale sites, inactive storage, and permission anomalies across your environment.
“SAM is the most significant licensing gift Microsoft has given the world in a very long time.” —Susan Hanley
SAM does not fix your governance for you. But it shows you where to start, and in a large environment, knowing where to start is half the battle. If Copilot is on your roadmap, activate SAM first and use it to identify the highest-risk content and permission issues.
SAM previously required separate licensing at $5 per user per month. That’s changed. You now only need to purchase a single Copilot license for your tenant and SAM is included.
2. Clean up policies, procedures, and contracts
You cannot clean up an entire organization’s content estate at once. Hanley’s advice is to divide and conquer: identify the content that matters most and start there.
Without knowing anything about a specific organization, three content areas are almost always worth prioritizing: policies, procedures, and contracts.
They are high value, high risk if incorrect, and frequently neglected. If an employee or an AI agent surfaces an outdated policy, the consequences can be significant.
Clean these up first. Assign clear ownership. Establish a review cycle. That breaks a very large problem into something manageable and creates a model you can apply to other content areas.
3. Archive outdated content before Copilot finds it first
This is the governance failure that Copilot makes unavoidable. It has no way of knowing whether a document from 2019 is still current. Copilot will surface it with the same confidence it surfaces something updated last week.
“We are very good at putting content in. We are terrible at taking it out when it is no longer useful. And AI cannot make that call for you.”
—Susan Hanley
Before you roll out Copilot, assign accountability to someone for reviewing and retiring content that has passed its useful life. This is not a one-time cleanup. It is an ongoing responsibility, and it needs to appear in someone’s job description or performance goals, or it will not happen.
4. Fix your permissions
Over-permissioning is one of the most common governance failures in Microsoft 365 environments, and one of the most consequential when Copilot enters the picture.
If users have access to content they should not, Copilot can surface it. Permissions that felt harmless when they were set become a compliance risk the moment an AI agent starts connecting the dots.
“Over-permissioning is not a technical failure. It is a governance failure rooted in a training failure.” —Susan Hanley
But the opposite problem is equally real. Lock down too aggressively and employees work around the restrictions, pushing information into personal email, consumer file-sharing tools, or wherever they can reach. The content does not disappear; it just moves somewhere harder to govern.
“If you lock down what the business needs, information will find its way out through consumer tools, through personal email, through whatever people can reach. You have not solved the security problem. You have just moved it somewhere less visible.” —Susan Hanley
The answer is a conversation between IT, information security, and the business, and investment in training so people understand not just what the rules are, but why.
5. Stop treating storage as a substitute for governance
After the rushed Teams deployments during the pandemic, most organizations have content scattered across SharePoint sites, Teams channels, and personal OneDrive folders with duplicate content and no clear map of what lives where.
When that content chaos becomes visible, the instinct is often to buy more storage. More room for more files. The problem stays the same size; it just costs more to maintain.
Storage costs are rarely the real issue. Governance is. An organization with ten terabytes of well-managed, well-labeled, up-to-date content will get better results from Copilot than one with fifty terabytes of noise. More content is not better content. Copilot will use what you have. Make sure what you have is worth using.
Do these five things first. Then let Copilot do its job.
Organizations that get the best results from Microsoft 365 Copilot are the ones that do the governance work first. Activate SharePoint Advanced Management and understand where your problems are. Clean up the content that matters most. Assign clear accountability for keeping it current. Get your permissions right. And stop treating storage as a fix for a governance problem.
Copilot’s productivity gains are real. But only if the foundations it’s built on are right. So, sort the governance first. Then Copilot will be able to do what it promises.
Ready to get your Microsoft 365 environment Copilot-ready? Cloudwell can help.
Get in touch with the Cloudwell team.
Further reading
Susan Hanley Q&A: Industry Veteran Susan Hanley on SharePoint, Knowledge Management and Why the Problem of Information Chaos Refuses to Go Away
Susan Hanley’s governance frameworks: susanhanley.com