Episode 409 – Preparing for Copilot- Securing Your Microsoft 365 Data and Beyond
Episode Transcript
Welcome to episode 409 of the Microsoft Cloud IT Pro podcast recorded live on 08/22/2025.
This is a show about Microsoft three sixty five in Azure from the perspective of IT pros and end users, where we discuss a topic or recent news and how it relates to you.
In this episode, we explore the configuration decisions tenant administrators face when preparing their Microsoft three sixty five environment for Copilot.
And, really, just in general, when thinking about data security in Microsoft three sixty five, we dive into some of the key questions every IT professional should be asking when it comes to users' access to content within the Microsoft three sixty five tenant.
So let's dive in.
Welcome back from vacation, Ben.
Thanks.
It was fun all the up until the part where I got back from vacation.
I kinda did the same thing.
I'm looking forward.
We have a US holiday, Labor Day, coming up next week.
So Is that next week?
Yeah.
I'm looking forward to having an extended weekend.
That's kind of our last national holiday, federal holiday, for a little while here in The US, so enjoy it while it lasts.
No.
Vacation was good.
Like, we got to go up to Michigan, spend some time up there, then had a family reunion.
This is a lot of people's scout.
Went out to Denver for, like, a long weekend for a family reunion.
With my wife's family, there were 58 people that were all out there.
So that was kinda fun.
Lot of family.
It is.
But it was cool.
Like, there must have been, like, 10 or 12 kids all between the ages of, like, six and 10, which are close to our boys' age.
And, I mean, it's Colorado.
Right?
Weather's beautiful.
We're out in the woods.
The mountains of boys are just outside playing with all the other kids.
Sticks and rocks and yeah.
Exactly.
Made up games with, like, I don't even know what they were doing with volleyballs and throwing them up on the roof of one of the houses we were staying at.
Let them go at it and do what they need to do.
Yep.
One of my wife's cousins is actually big into, like, he lives out near Denver, big into rock climbing, hiking.
So he actually, one day, took us we took the rental Jeep.
He's like, oh, we can make it here.
It's a rental Jeep.
I hope he got his did not get charged extra for that run rental Jeep, but took it on a road that we didn't think was that bad.
Let's just say there was one point in time where I think only two tires of the Jeep were on the ground.
The other two were, like, up in the air, but then went to our Jeeps have solid axles.
Right?
You need two eighteen millimeter wrenches and hop under and disconnect that sway bar.
They you're all good.
You have to have those two wrenches or the sway bar disconnect on there, but, yeah, that that's funny.
We did a similar thing on our vacation.
We we drove through the Red Redwoods in California.
There's a road in Jedidiah State Forest, it's called Holland Hills Road.
Okay.
But you you kinda read about it, and some people say, like, oh, don't take your rental car on there, don't do that.
But when you go to the park station in the morning and you say, like, hey, like, we're here for these types of experiences, where should you go?
They just ask you.
Like like the rangers, they ask.
They say, hey, what kind of car do you have?
And as long as you have a car with four wheels and you're not towing a trailer, they give you directions to this random To go on this road?
Dirt forest Service road.
It's a four it's like a 11 mile forest service road, and then it's got yank pull offs for some of the various, like, redwood groves and things like that.
But we did that, like, halfway through our road trip on on the West Coast.
And from the day we did that on, that car was never clean again.
Like, it had a layer of thick dust on it just going through.
I was totally expecting to get, like, a ding from the rental car company.
Thankfully, it rained, like, at the hotel we were staying at before we flew back the next day to get it, and that cleaned, like, most of it up.
But up until that last day, it had, like, a good like, it felt like a this is an exaggeration, but it felt this this way.
It felt like it had a half inch of dirt on it, right?
Just like everything.
You could only see through the windshield, and the only part you could see out of the back windshield was where it had the rear windshield wiper.
I had gone to gas stations and tried to clean it up, and it was like, this is just a lost cause.
So Not gonna work.
Jeeps are tough.
Yeah.
You'll be fine.
All good.
So we did fun.
But once we got to the end of that, it was to a rock climbing spot where there were routes set up.
So he, like, set up routes for us with the ropes, and he had all the harnesses for the kids, so he got to do, like, some real rock climbing because we live in Florida where the biggest rock you climb is, like, a boulder in the front yard of some place Yep.
Where you have to do a gym.
So it was a good trip.
And then from there, I went I came home and was home for, like, sixteen hours and then flew to Atlanta for TechCon three sixty five.
That leads us into today's topic.
So we've been kinda going back and forth between maybe talking about, like, Copilot and how to enable it in your organization, maybe some things your users can use it for.
We just got done kinda talking through MCP and that's how that's helpful and maybe some agentic workflows and stuff like that.
But it's been a little bit, and we've never really taken a deep dive on it.
So so you had this talk at TechCon about securing Copilot.
So so really kind of like, you have to prepare for Copilot in certain ways.
There's licenses you need to turn on, there's things you might want to think about within your organization and who has access to what and things like that.
But there's more than just lighting up a license to think about.
Kinda like when you maybe did, like, SharePoint search back in the day or you do, like, an m three sixty five search thing today, there's all this security trim stuff out there and the these experiences, they have access to a lot of data per user.
So you did a talk at TechCon called Preparing for Copilot Securing your Microsoft three sixty five Data and Beyond and I think this is a good one to dive into.
It's Copilot centric but a lot of the concepts in here, right, like like just kind of thinking about and taking a step back and, hey, like, let's take a beat and think about what type of data is in my Microsoft three sixty five environment, like what's the sensitivity of that data, maybe I need licensing for things that give me capabilities like sensitivity labels, all that.
And then once you've put it together, how do you have to tweak it, what does that look like, and kind of maintenance and everything beyond.
So I figured it'd be a good kind of topic to hop into, and since it's been top of mind for you, it's certainly like fresh and right there.
And you've got all the context from the conference and questions attendees asked you and things like that.
So be a fun little whirlwind tour.
It is, and it'll definitely be whirlwind because this was a seventy five minute session.
Granted, there were demos and stuff in there, but it has been.
It's been an interesting topic, and not only did I I kind of did a session on it because I don't even know how many clients I've had ask me about this recently.
Like, hey, we want to deploy Copilot.
What should we be thinking about?
What does our environment look like?
How do we prepare for it?
And to your point, it's an interesting one because it's like, well, technically, this is stuff you should have been doing all along.
But Copilot is just bringing it to the forefront to that point of that we've talked about before, is Copilot doesn't necessarily introduce any new security vulnerabilities.
Like, I I don't know how many times I've talked about this.
It just it brings to the forefront quicker and easier mistakes that maybe you've done in the past with your Microsoft three sixty five environment.
And that's kinda where even this slide is, like and I'm sharing kind of the slides that I did at the presentation.
We can work through those as we talk through it.
But it all starts with what should you be thinking about when it comes to Copilot, and a lot of these bullet points too.
The things I think through are like, what types of data do you have in Microsoft three sixty five?
In particular, SharePoint.
What type of data do you put in SharePoint?
Because Copilot has access to Exchange or Outlook, your Teams, conversations, all of that stuff.
But by and large, that's already secured.
Right?
Like It should be.
It should be.
And I don't think Copilot actually even has access yet to share mailboxes.
I think that's one limitation is if someone shared their mailbox with you, they have access to a shared mailbox.
I don't believe Copilot can reason over that.
So I try to frame it as what types of data are out there.
You wanna think about should Copilot have access to sensitive data.
And this is one that maybe you haven't thought about before, but it's maybe you need access to sensitive data for your day to day work.
Right?
Like, you're in finance, you're in education, maybe there's data around bank accounts out there, there's financial spreadsheets out there, there's student data that's in your environment.
People legitimately need access to some of that to do work, but do you want Copilot to have the same access to it that a user does if they just go open a particular file?
So that's another thing to think about.
And then one is just who has access to your content.
Where has stuff been overshared?
This one's been talked about a ton.
And then thinking through, so how do you start fixing it, and how do you maintain it once you've done it?
You have ten years of bad practices.
You go spend six months fixing it.
How do you keep those bad practices from continuing after you fix it?
It's this kinda, like, whirlwind thing, and as I get more into the world in my day job of thinking about agentic AI and, like, some of the MCP stuff that we talked about, So if you look at tools like Copilot, you can go create your own declarative agent, you can maybe go create an agent in Copilot Studio, there's tools out there or there's services out there like Azure AI Foundry that then have their own tool integrations, all these kinds of things.
So we're kind of on this weird cusp again of you have to rationalize things like Copilot and the value and TCO and all that for your organization, but now we're kind of looping back around to user access plus agent access or agentic access.
So like what's the right way to build those things?
What does that look like and how does that come together?
Because eventually, it's like these things are all just going to be like talking to each other.
Like that finance example that you have, it might be somebody going in and having access to a a fine tuned model, right, that helps them spit out a financial report at the end of the quarter.
Like, use this template.
Here's good examples.
Here's how these are legally compliant.
All these kinds of things, but, you know, those agents are going to either interact as real applications within the environment, so now you're back to like application access and thinking about scoping things, maybe like permissions for, for those, and what are the rights that you give them within the environment.
It could be user access.
It could be a mix of both depending on what was going on and how it composed and what came together.
And then you further kind of muddy the waters there with, like, oh, like, maybe that's not an agent that's just or a user even that's interacting with, like, data in a single system like SharePoint.
What happens when they're using the SAP connector or they're using the Dynamics connector, like, and you have these other systems that are talking to each other on the back end and these agentic workflows.
And I think it does become, like, an important consideration along the way, and it's an it's an interesting thought exercise.
I actually think it's a little scary too depending on, like, where you sit organizationally and how things are composed in your environment today, just to think about where we are today and where the world's gonna be in the the future.
And the future could be really short.
Like, it could be the next couple months, it could be maybe the next year.
I don't think you can take you have the advantage of thinking ahead to five years from now kind of thing.
And speaking of scary, can I go completely off topic about a scary, like Squirrel?
Squirrel.
Yeah.
Okay.
Squirrel.
So but thinking about Copilot and AI and how you're asking it, I did see a really funny I think it was on Instagram where it was two people walking into a room or, like, somebody rang the doorbell of a door, and a guy picked up his phone and said, hey, ChatGPT, someone's knocking at my door.
What should I do?
And Chad GPT tells him to open it.
And then he opens it, and the lady outside the door says, Hey, Chad GPT.
He opened the door for me.
Now what should I do?
And it was, You should say hello or walk in the door and say hello.
It was these people that literally were using their phones to have chat gbt tell them how to interact with each other, but I think it does highlight, like, how much we're asking AI and, again, a little bit of a rabbit hole, but how much are we becoming dependent on it and how it could actually be one of those scary environments where we, like, yeah, how it's going to change how we work, interact, live, etcetera.
I think it can be scary.
Like, it can be exciting, but I also think it kinda raises the priority or the importance of, like, thinking about these questions and thinking through them and making sure that as Microsoft three sixty five customers, could be Azure customer, really, like any kind of, like, SaaS cloud based product that's adopting these kinds of things, or even if you're bringing them into your internal environments, right, like these are all like I think they're common sense considerations, like there's nothing in here that's like, oh my gosh, like, but you have to really take the time and be intentional and go down the path of looking at all of them.
Like it's not just a one dimensional kind of thing, it's this multidimensional kind of exercise to to get in.
So, like, it's always kinda fun to do these things with you because I get access to the decks and your talks and everything, and we get to talk and plan it out ahead of time.
So, like, I know a little bit about where the story's going.
So why don't we keep kind of getting in that and kind of Yeah.
Yeah.
So I think, yeah, like, good place to start.
Yeah.
Just like, I've got the data out there.
How do I figure out, like, what's out there and what's going?
And like you said, like, for folks listening here, like, oh my gosh, these, like, crackpots are talking about Copilot and AI again.
A lot of these concepts broadly apply to Microsoft March, and they might apply to, heck, your on prem SharePoint environment.
Right?
There was a CVE for SharePoint on prem last month.
A lot of organizations had to go through this kind of, like, patching workflow due to a hack for on prem SharePoint that came out of China.
All these things are broadly applicable.
And, yeah, it sounds like common sense, but I encourage you, stick with us, and maybe you'll hear something in here that says, Oh, I didn't think about that, or, Oh, you know what?
That one was on the back burner for me.
Maybe I kinda need to lift it up the priority list and go spend a little bit more time on it.
Yeah.
And I would say some of these even are more broad than just SharePoint.
And this first one, it's tools related to SharePoint, but it's concepts you need to think about for any data that maybe AI has access to.
And when I start thinking about exploring the content, it's somewhat what I hit at before, but it's looking at sensitive data.
Where is this sensitive data?
What sensitive data is out there?
And to your point, I was working with one client, and they have certain policies around what should be in SharePoint and what shouldn't be.
And this was not even a Copilot exercise.
This was just, like, overall data governance.
And I used Data Explorer, so we'll tie this in a little bit, Data Explorer in Microsoft three sixty five.
But however you do this, it's we found data.
We're like, did you know you have these Social Security numbers in your SharePoint environment?
We're like, no.
We had no idea.
So they went in and cleaned that up right away.
But that's one of the first things is how do you explore this content?
Whether it's Data Explorer in Microsoft three sixty five or there's what is it?
There's I'm drawing a blank on it.
It's is it part of Azure Information Explorer?
It's, you can use it on a file share to actually explore the file share and scan all your content on a file share, and it has some ties into Purview.
Azure Data Explorer.
Yeah.
And then Yeah.
That ties into this weird weird I mean, it is what it is.
Its name's like per Purview, Activity Explorer, something like that, but that's that kinda large data volume.
Hey.
Let me go and scan that thing.
So it's part of Purview and the compliance stack.
Yeah.
So there's that.
And then the next one is just oversharing.
And again, Microsoft three sixty five, I talk about the data access governance insights.
This one's another one.
There's some PowerShell commandlets.
It's start SPO data access governance insight.
We'll put links to this PowerShell commandlet in the show notes.
But you can go run this particular report and look at OneDrive for business and look at SharePoint and spit out a summary of how many different types of sharing links exist in your environment.
I was looking at one client.
We looked at OneDrive.
We found out this particular individual had content in their OneDrive, and one of the aspects of this report is how many people it's shared with.
He had content shared with almost 2,500 different people hosted in his OneDrive.
There's also some data access governance reports in the SharePoint admin center that get included with Copilot now.
I've written some custom PowerShell scripts where it actually goes through and looks at all the content in SharePoint and spits out sharing links and URLs and the title of the files and all of that.
But this is really going back to where is content shared with people that shouldn't have access to it, whether it was laziness and just putting in I mean, not a file share, putting in, oh, we'll just share this with domain users and then not realizing what people have maybe dropped in that particular folder that shouldn't be there or forgetting that it was shared with everybody or somebody meant to do it at a subfolder and accidentally did it at the parent folder.
All those same things apply to file shares, to SharePoint.
I mean, technically, it can apply to Dropbox, Box.
Anywhere where you have content is really thinking through, and how do you report on where is content shared more broadly than it should be, or where are folders?
This is the other interesting one.
Where are folders shared more broadly than they should be?
And people can just drop content into it, and all of a sudden it becomes shared because they just dropped it in a folder or a SharePoint site Mhmm.
Or a Teams SharePoint site, any of those.
Do you feel overwhelmed by trying to manage your Office three sixty five environment?
Are you facing unexpected issues that disrupt your company's productivity?
IntelliJunk is here to help.
Much like you take your car to the mechanic that has specialized knowledge on how to best keep your car running, Intelligent helps you with your Microsoft cloud environment because that's their expertise.
Intelligent keeps up with the latest updates in the Microsoft cloud to help keep your business running smoothly and ahead of the curve.
Whether you are a small organization with just a few users up to an organization of several thousand employees, they want to partner with you to implement and administer your Microsoft cloud technology.
Visit them at inteligink.com/podcast.
That's intelligink.com/podcast for more information or to schedule a thirty minute call to get started with them today.
Remember, Intelligink focuses on the Microsoft cloud so you can focus on your business.
So that was one of, configuration changes, again, where somebody accidentally changes permissions, sets up permissions the wrong way.
One interesting thing that came out, I hadn't thought of this before, but somebody else brought it up at the conference and I was like, oh, that's an interesting one, is comparing sites or duplicate content.
How many companies have you been in, Scott, where, like, somebody creates a file and then creates that file v two and v three and v four and v five and v six and v seven, all the way up to whatever, and now you have, like, 20 copies of a nearly identical file all out there?
Guess what gets really confused about pulling accurate information when you have 10 or 20 nearly identical files?
Doctor.
Nearly identical and also mixed in with identical identical, right?
Doctor.
Right.
Doctor.
I do this sometimes where somebody writes a paper and I'm like, Oh, I want to save that as an example for later.
So I take that and put it in my OneDrive and it's still like the canonical version still sits, but I want like that point in time snapshot maybe to reference back to you later as a doc, a PDF, a PowerPoint, whatever.
So my OneDrive is like just absolutely littered with things like that.
I can tell you very specifically what does not do a good job here is Copilot notebooks, which we talked about.
I actually did this recently where I had a couple iterations of not the same document, but similar documents.
It was more like there was a section in this one, limitations of Copilot notebooks because what the notebook was doing was while it was grounded in the information that was available in there, right, I added these, like, I actually went beyond the limit.
I had to take docs out because you can only have, like, up to 20 documents in a Copilot notebook right now or combination of documents and OneNote and things like that.
So I was at, like, 28 or something.
So I was really trying to confuse it, but it was getting, like, extra confused because not only were the documents in the Copilot notebook where I'd said, hey.
Here they are.
Like, here's the canonical version, but other people had copies of them out there, like you said.
Like, they had the like, they've done the thing I did, right, where they made a copy in their own space.
But when they made a copy in their own space, like, some folks put those in other public areas that I have access to, or they might have emailed it to me.
So, like, figuring out how to wrangle the prompts and get things to where, like, oh, I actually can do what I wanna do with this, super hard to do.
I wasted more time in the Copilot notebook trying to get it to behave the right way when I literally could've just walked over to my 32 inch monitor and pulled up five docs on the top row and five docs on the bottom row and just started, like, scrolling through.
I I would've been better off for the amount of time that I was trying to fight that process and have it come through.
But it was a good lesson for me, like, hey.
Right tool for the right job.
Here's the limitation of this thing.
But it it did kinda get the back of my head tingling, like the Spidey sense going, right, to say, like, I wonder, like, what happens to other people or how this is out here.
So it it was one of those things I saw it in the presentation here.
I was like, like, good.
Ben Ben's thought about this too.
I'm not crazy.
Doctor.
I'm thinking about this, and this is a tool I recently found out.
It's the site policy comparison tool in the SharePoint admin center, and it'll go I've never even heard of that one, but I haven't I haven't spent a lot of yeah.
I haven't spent a lot of time in SharePoint lately.
The downside is it doesn't necessarily look for duplicate files, but it will tell you if you have two sites where over 70% of the content on the sites is duplicated.
So it's like if somebody took a copy of a site or copied all the contents of a site to another site, it would be nice to maybe see it expanded in the future to look for just duplicate files.
Like, do a file comparison of how many nearly duplicate files do I have across my environment.
I imagine it that takes a little bit more processing power, but it's it's definitely a thing.
And then I wrapped up here too when I was giving this presentation with just a few tools and examples of using custom PowerShell to look for some of these things.
Microsoft has reports.
They're not always as detailed as you need, and that's where I wrote some of these reports to pull a list of all my files and all my sharing links across all of SharePoint.
I need to go tweak it.
I looked ran this against a site that had, like, millions of items.
I think the PowerShell script was running for, like, three weeks.
Takes a hot minute to enumerate that much data.
Yeah.
Yeah.
But then I had a CSV from all of the sites in the environment with all of the sharing links, and I went and threw them out in Azure Data Explorer, And then I could do a bunch of KQL to go help narrow it down, like, how many organizational wide sharing links do I have?
Which sites have the most sharing links?
Where are all my links that don't have expiration dates on them, and they've just been shared indefinitely for years and years?
So just a couple different ways there to help dig through the content a little bit more.
I think it's generally manageable and goes back to the a little bit of, like, hey.
Like, this stuff is known, but you as a customer need to go out and spend that time, do that research, and figure out what that is.
Like, a lot of the things you're talking about here, like, maybe like a PowerShell script for that discovery aspect, like, these things exist.
There's a bunch of community examples, blog posts, stuff on GitHub from community contributors, from Microsoft themselves.
Right?
But you don't have to reinvent the wheel, but you do gotta do some work along the way.
From there, then it's, okay, now I know what I have.
How do you go in and fix it all?
And this is where I get a ton of discussion because, for instance, another example, one of my clients, they had, like, 45,000 links across their organization.
Like, how do we even begin to fix this or evaluate it?
You cross your fingers and you hope for the best.
Right?
And it's that whole combination of one is we need to get a lot better at permissions in SharePoint.
I'm guilty of this, Scott.
I have examples.
I can think of examples with clients where I totally did the whole security by obscurity.
Mhmm.
Again, maybe not a big deal because a lot of times when I did this, it's, yeah, we don't necessarily want people to just stumble across it.
If they find it, it's not the end of the world.
We just wanna make it a little bit more difficult.
Well, with Copilot, that difficulty becomes a lot less.
So I think you you definitely want to be thinking about permissions a lot more in SharePoint, avoiding the whole security by obscurity and doing security the right way.
There's these opportunities, right, to go and think about these things.
Yep.
The thing I always think about in the back of my head I'm a little spoiled here, right?
Like like my employer kinda just has every capability lit up, and everything's available to me there as a user, as a developer, as an admin, like I can go make all those things happen and play in the playground, and it's all hunky dory and great.
But I think there is a step for customers to rationalize along the way, things like licensing.
Right?
Like, now not only do I need to evaluate if I need the feature, now I need to weigh out, do I need the feature, and can I afford the feature, or does the feature have the right kind of TCO for my company?
So that could be things like the ability to apply sensitivity labels, right, and enforce them.
It could be some of the Purview components that are out there.
Like, those are gonna cost you money for maybe Purview.
They might cost you money per API call, right, to to come in and figure that.
So, like, hey, are you gonna figure out that like, like, how do you figure out, like and sit down.
Like, you gotta do some kinda hard modeling and a little bit of work and extrapolation and other things based on your environment, your users, your corpus of data, all that kind of stuff.
I will say, generally, like, it feels like the TCO is there and like the juice is worth the squeeze as of right now, but, you know, my thinking, like I said, is kind of colored by just having access to everything all the time.
And I don't know that I'm so grounded in, here's like a vanilla tenant.
Right?
Somebody who never came off, like, e threes or something like that, and they're still in in that world because I've been in different one for a while now, and I think it does, like, change and color my thinking.
We could go down a whole licensing features that you pay for.
If you use everything that's in the license, I can't I feel like it's worth it.
I'm also a small company.
You work for the company that owns it all.
It is absolutely expensive.
I'm not gonna deny that either.
I look at some of these bills where you get into eight, ten thousand person companies spending $50 on an e five.
I mean, that's, yeah, 50.
You're hundreds of thousands or millions of dollars a year in investment, and then there are companies that are still using other third parties.
I was on with one today, and they're using a different antivirus.
They're using something else for MDM.
And I'm like Mhmm.
Do I think you could use e five?
Yeah.
Is it a little harder to justify it when you're not gonna use all the features because you're using other third party features?
Absolutely.
Mhmm.
Do you need to make that choice of where you want it to sit?
I think it's part of, like, the rationalization.
Right?
So once you've onboarded to these things, kind of opened a little bit your talk track around maintenance and governance and ongoing kinds of things, these are certainly part of that conversation.
So you might start off your journey at license level a, and then you sit and you hear about like a new capability or something that might be in a license, it might be a one off feature you can buy, so you're kind of on this constant path of evaluation.
I I used to think about this all the time when I was doing SharePoint and Office three sixty five consulting and kind of administration for organizations and things like that, like, is your role goes from hugging servers and managing infrastructure to changing a lot into just rationalizing ROI for your organization, what's your total cost of ownership.
So, like, you know, that ten hours a week that you used to spend patching servers, well, guess what?
You're spending ten hours a week now maybe doing, like, comparative research and going out there, and may maybe doing things like lighting this up in, like, test environments and really trying to figure it out.
So the world is changing rapidly.
I think we all kinda see that, right?
Like, it's all moving at a kind of a crazy pace going in different directions and often feels like diverging directions.
Like, all of a sudden, you were going to the right and you were on a path, and you're like, no.
I gotta turn the car around, do a one eighty, and go back the other way, and drive just as far as you just came, but in the opposite direction, and then some kind of thing.
So it is important to think through this stuff to go back and look at it, and kind of figure out and weigh it.
And is that justification there along the way for you?
And then even once the justification's there, there's still all the hard work of what's now like, hey.
Great.
I got access to, I don't know, sensitivity labels.
Like, how am I gonna configure those?
What part of the stack am I gonna do it in?
Like, you still have to go and evaluate the corpus of data in your environment, understand how your users talk to it, understand the impacts of maybe applying things like that, what type of training you need to give, and all that stuff.
So it's a it's a lot, but it also keeps us all employed, which is kinda fun.
Pays the bills.
Anyways, that was, like, permissions.
The other thing I've seen, people created a lot of public sites, and that's especially in or public teams in Microsoft three sixty five groups, especially initially without thinking through or maybe even realizing it sometimes that if it's public, anybody can go grant themselves access to that group and just get access to all the content in it.
So another one of those, I think people really need to think about where do we need to either move content out of public groups or create private groups going forward as the default.
Mhmm.
That's something to think about.
Correctly configure default sharing links.
This is becoming one of my pet peeves.
People that leave org wide Nobody does this.
They don't.
Maybe they do, and I'm I'm just not seeing it.
I see it a lot in customers.
It it it's kinda fun to go through, like, the Office three sixty five subreddit and things like that and just see some of the, the issues that pop up over time to ultimately, like, what's a low hanging fruit configuration task, but I get it takes time.
Like, again, like, you can't just shut it off wholesale without understanding how your users are using it and and what's going on out there.
And, like, all of a sudden, like, that little thing where it's like, yeah, let me change that configuration item turns into, like, a project or something that requires a little bit a little bit more long term thinking, but it is funny how that's kinda ends up being the just the default state in a lot of places.
And then these are often the things that you hear about in the news, right?
Like when somebody gets quote unquote hacked, and it's like, no, they didn't get hacked.
They were just configured wrong.
They were wide open from the start.
Yeah.
Your Facebook account wasn't hacked.
You just stayed signed in on a device someone else had access to.
Mhmm.
100%.
And if you leave it as org wide, guarantee it's nothing people are doing intentionally.
They just click share content and click the copy link button.
They don't even realize what they're doing.
So I also place some of the blame here on people that just roll this out without training their end users on how to properly share.
Org wide is easy.
You still need to train your users.
Don't click org wide only or organizational link.
This is what it does.
One nice thing I do, Microsoft is coming out I don't know if you've seen this on the roadmap, with the hero links coming the end of this year, where right now when you go share it, it actually creates multiple links.
Every time you share it, it creates another link.
So you have one organizational wide link, and then you have an edit link, and then you have a view link, you know, all of this.
It is changing so that in December, when this new hero link comes out, it creates one link, and then you're actually just able to adjust permissions on a single link.
So you don't need to go back and clean up a whole bunch of links.
You're just gonna have one link.
You're gonna have to manage permissions on it.
The other thing that is going to be part of this, even better than hero links, is changing the default right now, and I've heard a lot of people complain about this.
You can't set the default to people with existing access.
You can either set it to specific people or set it to org wide.
You can set it to just by default create a link, but only people that have access already are gonna use this link.
That's kinda bundled in this hero links is setting that default now to existing people only, so you're not Yes.
It makes it a lot easier to share a link and not have it change permissions than kind of that experience today.
That's another one.
The SharePoint indexes, you can remove stuff from Copilot by just turning off the search index.
Downside is it.
Also, it turns off the search index.
You remove a search.
Yeah.
Securing content with policies, sensitivity labels, setting DLP.
We're gonna run out of time here, Scott.
We might have to do part two.
And then the other one I wanna mention here, there's a button now in the SharePoint admin center that says restrict content from Copilot on each site.
I can go into a site, click the little radio button that says restrict content or restrict access to Copilot.
I want Microsoft to change the verbiage on this.
This is very deceptive to me because the way it reads, I would think, oh, I click this.
This site's not gonna be included in Copilot.
If you click on the little information bubble and hover over it and then click on learn more, and maybe it even has it in the bubble, this is not just remove it from Copilot.
This is don't return content from this site in Copilot or in search if it hasn't been recently accessed by the user.
So if a user goes to it and clicks on it or interacts with it or somehow accesses that content recently, it's all of a gust setting gonna start showing up in Copilot and SharePoint.
Does it help in the cleanup?
Yeah.
But does it really restrict it from Copilot?
They need to make it more clear.
It's not what it seems to be.
The devil's in the details.
So so, you know, that feature is called restricted content discovery.
It is not called block content discovery or never do content discovery again.
I think the rub with that one is recent interaction.
Like if somebody just hears the word recent interaction, right?
Like, All right, well, what was a recent interaction for me?
Was that thirty days?
Was it ninety days?
And, you know, however it comes together.
And then what do you do with your users who I I think this is the other side of that one, is you turn that feature on, and they have a good experience on day one, which is what you want them to do.
Like, you've gone through, you've configured your environment, That so you restricted it.
They had the recent interaction.
They were able to use it in Copilot and in Teams and business chat, all those things.
And then maybe their role is, like, quarterly or biyearly.
So they only come back and they touch that thing, and then next time it's horrible.
Like, it doesn't give them the same result.
It doesn't do the same thing.
Features like that are nice, but, like, they're also, like, really hard to rationalize, particularly as a user.
Like, why is why is a system that's already nondeterministic already being like, it's being, like, super nondeterministic now?
Like, what did it do, and which way did it go?
So, yeah, I think, in general, there is a bunch for folks to think about here.
We'd love to hear about how you're thinking about securing your environments.
Like, do you have any tips and tricks?
Maybe you've got, like, a favorite repo of PowerShell scripts or things like that that you're go that you're using for go to management.
Maybe you have alternatives for some of these things, like Ben was mentioning finding duplicate files earlier.
I know there's third party products that do that.
Maybe you're one of these customers who's like a like you said, Ben, you do the Ben thing, like you described, with multiple licenses, lots of ISV tooling, things like that.
Like, we'd love to hear more about the ecosystem and your experience with it.
So we've contact form on the website, which you can go to.
It's pretty easy.
M s cloud I t pro podcast dot com, and you'll see a big contact us button there.
That just sends Ben an email, and then he usually just loops me in on on on the thread.
You can also get us get ahold of us on LinkedIn.
The podcast has a page on LinkedIn if you wanna directly ask questions there.
Ben's on LinkedIn.
I'm on LinkedIn as well.
So, like, come back.
Give us some feedback.
Let us know how you're using it.
We're eager to hear.
And maybe like you said, Ben, maybe we can kinda come back and do a part two on this one.
And or if not, like, finish the conversation because maybe we should come back and talk about some of the, DSPM stuff, some of the reporting aspects, how to do risk assessments, and all that.
And that way, we can kind of round out the entire story.
Yeah.
I think we should do a part two on DSPM for AI and DLP and sensitivity labels and some of that.
So we'll come back and talk more about that in a later episode.
Alright.
Come back and check us out for that one.
As always, thanks, Ben.
Much appreciate it.
Glad to have you back from vacation, and we'll get back on track here.
Alright.
Thank you, and have a good weekend.
Talk to you next time.
Thanks, Ben.
If you enjoyed the podcast, go leave us a five star rating in iTunes.
It helps to get the word out so more IT pros can learn about Office three sixty five and Azure.
If you have any questions you want us to address on the show, or feedback about the show, feel free to reach out via our website, Twitter, or Facebook.
Thanks again for listening, and have a great day.