When preparing to implement Copilot for Microsoft 365, it’s essential to understand your customer organisation’s risk tolerance, which can be categorized into three levels: acceptable risk level, medium risk, and not acceptable risk level. The implementation approach varies based on this risk tolerance.
In this article, we’ll explore different risk tolerance profiles, what they mean for the pre-implementation pathways you set with customers and some of the available tools you can leverage to manage risk during a Microsoft 365 Copilot implementation.
Understanding Customer Risk Tolerance Profiles
Risk tolerance profiles are a rule of thumb that can help you to determine the pre-implementation pathway. At ALL times, an eye to data security, privacy, continuity and governance is recommended. The risk tolerance profiles below indicate the maturity levels of your customers across these critical considerations.
Acceptable Risk Profile
For organisations with an acceptable risk level, the process is straightforward. You can start using Copilot immediately by assigning a license to a user, and the process begins automatically without needing extra steps to protect organisational data.
Medium Risk Profile
If the organisation falls into the medium risk category, additional steps are necessary to ensure everything is set up correctly. This includes temporarily excluding high-risk users, data sources, and applications, and implementing extra data security measures. These steps can be done alongside enabling Copilot.
Not Acceptable Risk Profile
For those with a not acceptable risk level, it’s crucial to establish all necessary controls before enabling Copilot. This involves comprehensive security measures to ensure everything is secure and compliant. It is here that MSPs do well when they have defined approaches to overall data strategies, including security, privacy, continuity and governance.
Having a carefully considered approach to determining your customers’ risk tolerance profile is key. Once this is determined, the best implementation approach can be identified.
Tools and Services to Manage M365 Copilot Implementation Risk
Microsoft Tools and Services
There are a number of Microsoft tools/services that can be used to assist secure your Microsoft 365 tenant before the deployment of Microsoft 365 Copilot.
Data Security Posture Management (DSPM)
This is a feature of Purview, which helps to identify and mitigate risks related to AI interactions with sensitive data. To access these features, clients typically need Microsoft 365 E5 or the E5 Compliance add-on, however there are some features available to Microsoft 365 Business Premium users with the DSPM for AI version of the tool.
Microsoft Purview
This suite is essential for customers that need to manage data security and compliance, especially in AI-driven environments like Copilot. It includes tools for data classification, data loss prevention (DLP), Information Protection and many more, depending on the requirements of the customer you can use the basic Purview that comes with Business Premium or M365 E3 or for the more advanced features you can look at M365 E5 or the E5 compliance addons.
Learn more about Microsoft Purview
Review Microsoft Purview Readiness Resources
SharePoint Advanced Management (SAM)
This is an add-on license (per-user license) that provides advanced governance, security, and compliance features for SharePoint and OneDrive. It’s particularly useful for organisations with large or complex SharePoint environments, offering enhanced controls for external sharing, access policies, and detailed auditing. If the client has significant SharePoint usage or needs advanced governance, SAM is a valuable investment.
Restricted SharePoint Search
This is a setting that helps SharePoint Administrators in Microsoft 365 to maintain a list of SharePoint sites (“allowed list”) that have been checked for permissions and data governance. By default, this setting is turned off and the allowed list is empty. When enabled, it restricts both organisation-wide search and Copilot experiences to a curated set of SharePoint sites of the administrator’s choice. Additionally, users in the organisation can still interact with files and content they own or have previously accessed in Copilot, regardless of the Restricted SharePoint Search setting.
Third Party Tools for M365 Copilot Implementation Risk Management
Avepoint Insights and Policies
AvePoint Insights and Policies for Microsoft 365 are designed to enhance security and compliance within digital workspaces like Teams, Groups, Sites, and OneDrive. This is a comprehensive tooling suite that helps MSPs to identify risks in their customer tenant.
AvePoint Insights
Helps organisations to identify and prioritise security risks by analysing permissions, membership, and sharing activities. It monitors sensitive data and access controls to ensure compliance and provides actionable reports to address security issues and demonstrate improvements over time.
AvePoint Policies
Automates security management by enforcing rules for access, sharing, and configuration settings. It detects and corrects configuration drift automatically, ensuring consistent policy implementation to minimise risks and maintain compliance.
Together, these tools provide a comprehensive approach to securing collaboration environments and maintaining a strong security posture
How Crayon can help
In summary, the successful implementation of Microsoft 365 Copilot depends significantly on understanding your customer organisation’s risk tolerance. By employing tools like Microsoft Purview, Data Security Posture Management, SharePoint Advanced Management, and Restricted SharePoint Search, alongside third-party solutions such as AvePoint Insights and Policies, you can ensure robust data security, governance, and compliance. These measures will help mitigate risks associated with AI interactions and secure the digital environment, paving the way for a seamless integration of Copilot into your customer organisation’s workflow.
At Crayon, we are well versed in the end-to-end considerations that can help or hinder a successful conversation with customers about adoption of emerging AI technologies like Copilot for M365.
We have a range of options to help you workshop your approach, bring your customer to the table and help to validate M365 Copilot solutions and use cases.
If you would like more information or assistance with taking advantage of this offer, get in touch with your Crayon channel account representative or email the TAG Productivity team with your inquiry, and we’ll be in touch.
