Skip to main content
< All Articles

Why SharePoint Architecture and Governance are so important in the world of Copilot

I am sure you have heard about AI-based Copilot making its way into Microsoft 365 applications. It promises faster content curation, more relevant search results, easy data analysis and data aggregation, and increased productivity. However, as with any new technology, there are plenty of areas of concern, especially from the Architecture & Governance perspective.

Concern # 1: Unexpected Search Results

The first concern deals with unexpected search results the user might receive when searching in SharePoint. This can already happen today, but it is amplified significantly with CopIlot’s help – let me explain.

Security & Permissions

Long before Copilot, SharePoint security and Permissions were always a big concern and matzo ball for many. With Classic SharePoint, we had lots of inadvertent permission inheritance with the subsite model. With modern SharePoint, a much more liberal permission model of SharePoint and Teams, and an abundance of external sharing and company-wide link types, we are prone to oversharing quite easily. That is before the Copilot AI.

The Delve Effect

Delve, which we have had since the early days of Office 365, was the first wave of Microsoft applications that brought content to you without “search.” When users accessed Delve and saw the documents their colleagues worked on front and center, I bet this raised the blood pressure of many.

world of Copilot

In fact, I even published an article on why you should not be afraid of the Delve app. Of course, Delve never showed the private or restricted documents of others if you did not have access to them. However, it helped uncover potential loopholes in the security and permissions model.

Even though understanding how security & permissions work in SharePoint requires you to have a Ph.D. in SharePoint and the ability to consume large amounts of alcohol, the way security works in SharePoint is pretty solid. Searching for something in SharePoint only gives you the results from sources you have access to. We call this concept Security Trimming.

The Copilot effect

Copilot promises more relevant searches, easy data aggregation, and roll-ups from multiple sources. An example could be where I ask Copilot to aggregate all the documents from the Project Sites modified by Mary, created over the last year, and tagged with a Document Type = Financial. And present all those results on a SharePoint page sorted by the last modified date.

Executing such a query using SharePoint out-of-the-box web parts is a bit of a pain at the moment. You need to create queries, utilize managed properties, etc., and you might not be able to capture all the sources, either. In contrast, Copilot might tap into other sources and sites you could not have imagined or thought you did not have access to.

Concern # 2: Unmanageable Content Creation

The other potential issue is content creation. Copilot promises faster content creation via SharePoint Pages, Sites, Web Parts, and documents on those sites. With the creation of content and SharePoint structural elements (sites/pages) potentially growing exponentially, there are definitely concerns about proper Information Architecture and Governance. You would need to ensure that you spell out the rules of engagement clearly and make your employees aware about it, that new content is created in the locations it needs to be created in as this impacts the retention and search I mentioned earlier in this article.

The Bottom Line

Copilot can be a great assistance when it comes to relevant searches. However, it will be as good as your SharePoint Information Architecture and Governance. If you thought Delve presented a danger, wait until we have Copilot firmly integrated into SharePoint.

About Me

I’m Greg Zelfond, a U.S. based SharePoint consultant, and I provide affordable out-of-the-box SharePoint consulting, training, and configuration assistance to small and medium-sized businesses all over the world.

Need help?