Identity / Sub-service 03
Solve the 12,000-permission problem
before you turn Copilot on.
Most tenants are not Copilot-ready. The license is the easy part — the hard part is making sure Copilot doesn't surface payroll data in marketing chats. Our 2-week assessment shows you exactly what to fix and in what order.
Investment
$15,000
Fixed-fee. No add-on charges.
Duration
2 weeks
From kickoff to written report.
Engagement
Senior-led · written report · go-live recommendation per workload
Scope the assessment → See a sample report →Service detail
How to prepare your tenant for Microsoft 365 Copilot
A two-week, fixed-fee assessment that surfaces every site, share, and label in your tenant — and tells you exactly what to fix before Copilot reads it. Output is a written assessment for the CIO, board, IT director, and (with the customer's compliance program) the auditor.
What we assess
- ›SharePoint and OneDrive permission inventory — every share, every guest
- ›Oversharing report — where Everyone-Except-External-Users is in use
- ›Sensitivity-label readiness — what exists, what's missing
- ›Microsoft Purview state — DLP, retention, eDiscovery
- ›Conditional Access posture for Copilot enablement
- ›License entitlement and seat assignment plan
- ›Tenant-level Copilot configuration options (semantic search, plugins, agents)
Why this matters
- ›Copilot reads everything a user has access to — every SharePoint site, every OneDrive folder
- ›Average enterprise has 12,000+ unique sharing permissions
- ›Most permissions accumulated organically with zero auditing
- ›Copilot turns oversharing into a real-time data-exposure event
- ›There is no 'Copilot guardrails' switch — the guardrails ARE your permissions and labels
What you get (2-week fixed-fee assessment)
- ›Permission inventory with risk scoring per site and per user
- ›Oversharing remediation plan, prioritized by exposure level
- ›Sensitivity-label baseline ready for tenant rollout
- ›Purview DLP and retention starting policies
- ›Written go-live recommendation — green, yellow, or red per workload
- ›Optional remediation engagement scoped from the assessment findings
FAQ
Common questions about Copilot readiness.
What is included in a Microsoft Copilot readiness assessment?
A Microsoft Copilot readiness assessment is a 2-week fixed-fee engagement that prepares a Microsoft 365 tenant for safe Copilot deployment. Scope: permission inventory across SharePoint and OneDrive (every site, every share, every guest), oversharing report prioritized by exposure level, sensitivity-label baseline ready for tenant rollout, Microsoft Purview DLP and retention starter policies, license entitlement plan, and a written go-live recommendation per workload (green / yellow / red). Suitable for tenants from 100 to 2,000+ seats. Output is a written assessment for the CIO, board, IT director, and the customer's compliance and audit programs.
What is the 12,000-permission problem?
Most enterprise Microsoft 365 tenants have accumulated more than 12,000 unique sharing permissions across SharePoint and OneDrive — links shared with 'Anyone in the company,' guest access nobody revoked, inheritance bugs nobody fixed. Copilot for M365 reads everything a user has access to. The moment you turn Copilot on, every existing oversharing problem becomes a real-time data-exposure event because Copilot will surface payroll spreadsheets in marketing chats, exec memos in support tickets, and contract drafts in product channels.
Can't we just turn Copilot on and see what happens?
Technically yes. Practically, that's how customers end up explaining to their boards why a user asked Copilot 'show me everyone's salary' and got an answer. The license is the easy part. Making sure Copilot doesn't hand sensitive data to the wrong user is the hard part — and it's not a Copilot setting, it's your existing permission structure.
What does the 2-week assessment include?
Permission inventory across SharePoint and OneDrive (every site, every share, every guest), oversharing report prioritized by exposure level, sensitivity-label baseline ready for tenant rollout, Microsoft Purview DLP and retention starter policies, license entitlement plan, and a written go-live recommendation per workload (green / yellow / red). Output is a written assessment for the CIO, board, IT director, and (with the customer's compliance program) the auditor.
Can we procure this through Microsoft Marketplace?
A Microsoft Marketplace listing is in progress and will go live once Microsoft AI Cloud Partner Program enrollment completes. Until then, the engagement is invoiced directly. The Marketplace path will give enterprise customers a cleaner procurement option than a standalone PO when their Microsoft contracting is already in place.
What happens after the assessment?
Two paths: you take the report and remediate internally, or we scope a follow-on remediation engagement. Most customers run remediation themselves on small permission cleanups and bring us back for the heavier sensitivity-label rollout, Purview deployment, and Conditional Access tightening. Either path works.
Field notes
- → Copilot readiness: the 12,000-permission problem — the deep-dive on why oversharing becomes a data-exposure event when Copilot turns on.
Two weeks. $15,000 fixed fee.
Tell us your tenant size and Copilot license target. Two-business-day response with scope and timing.