Tobias Maestrini

Maximizing your Information Architecture Strategy with Microsoft 365 Content Features for Copilot and Microsoft Search


Microsoft Search Information Architecture

Information governance and structure

It’s very important to control data access and usage in M365, therefore we should invest in inforamtion governance and structure. There are 2 issues related to permissions: over-permissioning (too mcuh internal access) or under-enforcement (too few internal controls). As implications, risks of exposure in search and IT tools or hard conditions to get started with AI and solve without the right tools will result out on this.

Common causes of Copilot oversharing in SharePoint:

  • site privacy set to public
  • default sharing option is everyone
  • broken permission inheritance
  • use of “everyone except external users domain group”
  • sites and files without sensitivity labels

To improve control of how data is used in Copilot and Search, a proper goverance and information structure is crucial. Focus on these topics:

  • Permissions (ACL’s): only set inclusions (by defining usage rights / acccess), make use of Entra Groups in SharePoint (instead of adding people directly)

  • SharePoint Advanced Management (included with Copilot license)

  • Data access governance reports in SharePoint Admin Center > Reports > Data acess governance
    👉 when having a Copilot license, there will be additional Governance reports

  • Conditional Access Policies: set rules to limit how and where content can be accessed (needs either Microsoft Entra ID P1 or P2 license) alt text

    Note

    There are new CA Policies come in – see:aka.ms/espc2024/copilotcap

  • Restricted Access Control (RAC)°: Miccrosoft says that the feature allows administrators to “restrict site access to specified users using Microsoft 365 group or AAD security groups. Users not added in the specified group(s) will not be able to access the site even if they were previously granted site access.” The idea is “to reduce the risk of oversharing or permission sprawl within their organizations.” (see https://office365itpros.com/2023/09/06/restricted-sites-spo/)

  • Restricted Content Discoverability (RCD)°: block specific sites from surcaing in Search Copilot (to be set via PowerShell)

  • Restricted SharePoint Search (RSS)°: limit resuluts to information you have a relationship with (files / epaople you have worked with or files shared with you); contains an explicit allow list on data returned from search API0s (100 sites; only to be set via PoSh)

  • Sensitivity Labels (Purview; reuires E3 / E5 or M365 Business Premium)

  • Information Barriers: prevent communication with people in blocked segments (via PoSh)

  • Disable Item insights: Graph signals that bring up information on shared documents / items

° = Part of Advanced SharePoint Management

Microsoft 365 Archive

Archive in the context of SharePoint means “put it in Read-only mode” – unless you have purchased the Archiving abilities. M365 Archive is for SharePoint sites only – not for files, not for items. Therefore, you cannot restore items or documents for now.

Note

As soon as a sites (and its content) is archived, it’s not retrievable for an end user anymore – except for an administrator. This is about to change.

eDiscovery searches can still be processed on archived sites (except when labeled). At this time publishing sites, Teams with channel sites and a handful of legady site tmeplate types are not available to archive with M365 Archive. Archived content will NOT become visible for Copilot – and also never will.

SharePoint Embedded

The option to make content fromSharePoint Embedded can be retrieved via Search or Copilot can be set by on the container level. Just set via an appropriate Graph Request (POST):

"sharePointOneDriveOptions": {
    "includeHiddenContent": true
}

Changing the visibility can take up to 30 days.

#BishopTells