atlas by clearpeople

Get your people and content ready for Microsoft 365 Copilot


The hype and buzz created by the release of ChatGPT 3.5, followed by announcements of Microsoft's investments in OpenAI and Microsoft 365 Copilot (M365 Copilot), was unprecedented and was obviously incredibly interesting to follow and be part of.

What has followed has been equally interesting. After the initial jaw drops and eyes-wide-open reactions we've been speaking to a number of organisations, and we've learned that a general consensus is taking shape.

While the use of AI within organisations is inevitable, there are real concerns and questions around trust, risk and security – and a realisation that you need to get organised first. In other words, before leveraging M365 Copilot in earnest, it is clear to all that we must first have content managed and under control. We also need to understand how to prepare our colleagues to work – or not work – with this technology.

These conversations we have had, have been with seasoned CIO's, CTO's, Digital Workplace specialists, Knowledge Managers and Information Managers, in addition to analysts, AI specialists and Microsoft's own specialists. The most telling for me is - as per above - how everyone's cautioning just jumping in with both feet first. Even the most hardened Microsoft sellers highlight the need for organisations to have their content under control before turning on M365 Copilot.

The readiness of people and the content is the main topic for this blog.

Blog contents:

What is Copilot and Microsoft 365 Copilot?

Start from the top

Preparing people for M365 Copilot

Preparing your content for M365 Copilot

What is M365 Copilot and Copilot for developers?

M365 Copilot and Copilot for developers are effectively a set of tools that support users in leveraging AI technology to work more efficiently - and to reduce the burden of content (or code) related tasks where access to AI can assist. If you are looking for a more in-depth introduction, then please do look at some of the following links:

Start from the top 

Few technical decisions are going to have the potential for higher impact or risk than decisions that involve using AI in your standard business operations. Deciding to use M365 Copilot is one of those.

We strongly recommend that, not only is C-Level "bought in", but the senior leadership must set-out a clear vision for how this will benefit the organisation and why it believes the rewards outweigh the risks. It must also consider it's principles, responsibilities, obligations and ethics  as an organisation, and how this will impact employees. 

We suggest drawing up a charter for the organisation's aims and the principles for using M365 Copilot (and AI) and within this also make each employee's responsibilities and obligations clear.

You can draw some inspiration from these resources here:

Microsoft: Responsible AI 

OpenAI: OpenAI Charter 

UK Government: Understand how to use artificial intelligence ethically and safely  

McKinsey: From Principles to Practice: Putting AI Ethics into Action 


Preparing people for M365 Copilot

Who are the lucky few?

Considering the costs (read about costs here), the implications are likely that only a subset of users will be given access to M365 Copilot.

For argument sake, let us say that in a 10,000 user organisation there is a 15,000 USD/month (USD 300,000 per year) budget allowing for 500 users to get access (based on USD 30 per user per month). This would correspond to 5% of users. For the whole organisation, the budget requirement would of course be USD 3.6 million per year - so let me assume for the purpose of this blog that the 5% target user audience is reasonable.

Who are these lucky few users? How will you identify them? Are they the typical "technical enthusiasts" in the company? Or those that will derive most value from it? Do they normally create valuable content? Are they those that are overloaded? Are they the SME (Subject Matter Experts) who you can trust to create good prompts, good draft content and deliver even better outcomes? Or a combination of all those?

The point is: You will need to look for data - hard analytics - to select your candidates and allow for decisions to be made based on facts, and not base it on who happen to know someone in IT. I do recommend you consider this point before promising any Copilot licenses to any users.

If you don't know where to start, you can have a look at what our platform has to offer: Maximise the ROI of your intranet and Microsoft 365 with Atlas Analytics (get in touch to get a deep dive on that subject).

End-user responsibilities and obligations

Being one of the lucky few should come with responsibilities and obligations.

A lot will be learned from using M365 Copilot, and the organisation will need to get constructive feedback on where M365 Copilot adds value and where it does not. Where does it speed you up - where does it slow you down? Does it produce trustworthy summaries and content drafts? What can we - as an organisation - do to improve the outcomes? And so on.

In other words, prepare the lucky few that using M365 Copilot is not a free ride - the organisation will need to learn from it, and improve from it. 

In addition, using it requires you to be a responsible user and apply critical thinking. One of the biggest risks is that the work done by M365 Copilot and the AI is not accurate. In fact - as a user, you must remember that what you get from Copilot (or AI) is not the final outcome. It is your responsibility - as a professional - to ensure the content is right and that the final output is something that you can justify and put your name (and your organisation's name) to.

Adoption and Change Management (there is no AI for that)

As with any other tool, there will be various levels of comfort, understanding and dexterity with regards to M365 Copilot's use.

Understanding how to effectively use M365 Copilot, how to use prompts, appreciating the risks and the policies is going to be paramount. So training, including both formal training, self-serve training and bite-size "know how", needs to be in place. Combined with skilled champions that can check-in and support users  to make best use of the technology. The champions should also assess - given the cost of these tools - whether the licenses are better used elsewhere. 

Once again, analytics is going to be useful. Get as many hard facts as you can. Who is actively using it, what is being produced, what outcomes can be measured? This will help guide the Adoption and Change Management team.

I am not going into further detail on this, but I do recommend that it is a topic to consider early and well before launching M365 Copilot.

(Here is a blog written by our CEO a few years back that is still very useful: Adoption tip 5: Measure success)


Preparing your content for M365 Copilot

In Microsoft's own words "it is important to have good content management practices in the first place" before taking M365 Copilot into use. 

Microsoft 365 Copilot Graph Query
It may be obvious why this is the case, but let me reinforce this point:

Before M365 Copilot sends your prompt to the Large Language Model (LLM) it will ground your prompt and combine your prompt with information it finds in the Microsoft Graph (Graph). The Graph is - in simple terms - an index of your content. Which includes your documents (files), emails, messages, meetings and so forth. Read more here.

So - if your content is not organised, how can you trust and de-risk the use of M365 Copilot? How can you feel safe and secure, if you are not confident content is in the right place and secured with the right permissions.

This is why the consensus is so strong amongst organisations, specialists, Microsoft and analysts: Get your house in order, before using M365 Copilot.

I will split the following into three sections, starting with some basic principles that Microsoft rightly highlight. I will then touch on basic content hygiene, and finally, I will go into some detail on the application of content management.

Basic principles 

In Microsoft's own (Microsoft Mechanics) walk-through a few key principles are called out which I feel are useful to list out here. The <9 min recording is worth a watch.

Here are my key take-aways from the recording:

  • Get your information ready for search.
  • Provide "just enough access" for each user.
  • Stop and govern over-sharing.
  • Review file level controls (through policy).
  • Review (Team or Site) level policies.

You can watch the full video here on the right.

See below on how to tackle this in a real-life use case.


Content hygiene

An often overlooked aspect is the basic level of content hygiene. A lot of content just keeps "rolling forward" - often because no one really owns it, so no one actually even knows what it is, and so finally, no one dares to delete it. Content effectively becomes sticky, migration after migration, even if the content has zero value/purpose. The reality is that most companies have a significant amount of "content debt" owing to legacy content systems, such as file shares, legacy DM platforms, etc. 

We refer to content hygiene as having cleaned up the content that "should stay" versus content that "should go". As tasks go, this is obviously in the boring, painful and cumbersome end of the spectrum - unless it can be partly or fully automated. 

For example, a storage area named "Business Development Team Activities" has been marked as read-only for 2 years, has no active users, has not been accessed for more than 2 years, but contains 100s of proposals, price sheets, and sales related documentation. Sounds like this is a clear-cut case of deletion or archiving, but if you are reading this - you probably know that it is more likely to not be deleted in most organisations.  

The point is that if you don't remove it, then it will be available for M365 Copilot. How will M365 Copilot deal with it? How will it prioritise the content here higher or lower compared to other content? By leaving it there, and available for M365 Copilot to find, we are just making its' job harder.

Naturally, dealing with this retrospectively and at scale is the real issue - and you often don't have the luxury of good data intelligence, analytics or metrics to help make these decisions in an automated way.

With good content management governance and controls in place (see below), content hygiene should become a mute point, and is dealt with proactively, in business-as-usual, rather than as a retrospective / reactive exercise. 


The application of content management 

Content Management lies at the heart of getting ready for M365 Copilot. It is worth repeating the following in Microsoft's own words: "it is important to have good content management practices in the first place" and this is indeed part of Microsoft's own guidance for getting ready for M365 Copilot. 

While content hygiene will help get rid of the old and zero-value content, good application of content management will enrich the content, making it valuable information and ultimately allowing it to be perused as knowledge in the context of your work (read more in the Knowledge Productivity eBook). As a consequence this well managed content will enrich the index of the content in the Microsoft Graph.

And that is what we are after, when we are preparing for M365 Copilot: We need a rich and up to date index of valuable content in the Graph for Copilot to query.

Scope of content management

Content Management loosely covers general information management, document management, pages management, list management and so forth. Basically anything involving the management of an actual piece of content.

In particular, we recommend getting the following aspects of governance and content management under control:

  • Information Architecture, which roughly speaking covers,
    • structure of your content storage containers (such as Teams, Channels, Sites, Libraries, Folders), and
    • the metadata tagging of the content.
  • The (automatic) classification / labelling of the content, which is often directly or indirectly related to the Information Architecture (IA).
  • The security settings (access permissions) applied to the containers or content items, which again is often directly or indirectly related to the IA. A good IA reduces permission issues and security pains a great deal.  
  • The policies that are applied to the content, which can be based on / derived from all of the above, and they may include,
    • Retention or disposition policies,
    • DLP policies
    • Others.
  • A governance and provisioning policy, framework and tool which helps deliver on all of the above, while supporting users in their day-to-day job.

An example use case, showing best-practice application of content management 

Imagine this use case: A Project Manager (PM) receives the brief for a project and needs to start to plan out activities. The first thing you would do as a PM is most likely create somewhere to collaborate and store project documentation.

But there are - as you know - many ways to getting this wrong. There are even more ways to do this inconsistently across an organisation. 

If the PM was  provided with the right digital workplace tools, then the user journey might look something like this (obviously I am using Atlas as the digital workplace platform to demonstrate how this "best practice" can be delivered): 

  1. The PM creates the new project workspace from the governance and provisioning tool, easily accessible from within Teams or SharePoint:
    • PM selects specific Project Workspace type.
    • PM fills in details through the wizard and submits for provisioning.
    • Based on the Project Workspace type and the details completed/selected by the PM the following will happen:
      • Workspace is created (with a Team or not, depending on the chosen project type).
      • Workspace default sensitivity label is set (for instance, anything stored in this project will be minimum "Confidential").
      • Folder (and Channel) structures are created.
      • Auto-tagging settings are applied to all content areas and levels.
      • Security is applied, including rules for default Owners, Members and Visitors.
      • Controls for (allowing/preventing) external users are applied.
      • And more.
  2. The PM and any included colleagues shortly afterwards receive notifications on completion.
  3. As soon as they engage and start collaborating, the governance and content controls are in place with no additional configuration required, as:
    • Permissions are pre-set.
    • Tagging is automatically applied to any uploaded/created content (documents, pages, list items, etc).
    • Documents are automatically classified with the correct minimum sensitivity level label.
    • Sharing between project team members is now a mute point, and sharing outside of the project team is governed by the policies already applied.
    • Only the project team owners, members and visitors have been provided access permissions to the relevant files.


Benefits of preparing with good content management and next steps

The consequence of the above "best practice" application of content management should be clear:

  • The content is well understood (tagged and classified), meaning the Microsoft Graph details in the index will be hugely enriched.
  • The content has been applied with "just enough access" for the right users at container, folder and item level.
  • Sharing is well-governed and under control.
  • Classification policies are automatically applied.
  • Policies can now automatically run for retention or disposition (removing the need for retrospective content clean-up).
In summary, the content is now ready for M365 Copilot.


If you have gotten this far, then you are likely to agree with the overall sentiment of this article, and I recommend you have a look at the following resources:


The other materials referenced above can be found here:


Atlas: The first Intelligent Knowledge Platform for Microsoft 365

By integrating intranet, collaboration, and knowledge management with governance and AI, Atlas improves business productivity by unlocking knowledge within Microsoft 365 and other enterprise systems.

Find out what Atlas can do. Book a demo now.

Author bio

Gabriel Karawani

Gabriel Karawani

Gabriel is Co-Founder of ClearPeople, responsible for the overall technical and Atlas Intelligent Knowledge Platform vision. He works closely with colleagues at Microsoft on roadmap alignment and innovative Content AI Services programs such as Microsoft Viva Topics and SharePoint Premium (previously known as Syntex). Gabriel was part of Microsoft's partner program for Project Cortex.

View all articles by this author View all articles by this author

Get our latest posts in your inbox