Being AI-ready means assuring that security requirements are met, from implementing advanced threat protection to enacting stronger data management policies. As a managed service provider (MSP), it may take time to get your clients where they need to be (or get there yourself) before deploying a solution like Copilot for Microsoft 365 (M365). But your clients may be anxious to get started with AI, lest they lose their competitive edge. One solution? Start with Restricted SharePoint Search.
Why is security so important for Copilot?
Security is a key first step for AI adoption, as Copilot inherits all your existing M365 security and compliance requirements. It also integrates with the organization’s data sources, including emails, meetings, chats, documents, and more.
You need to make sure that everyone who will use Copilot has the right access granted, meaning that only people with the right permissions have visibility into the content it draws from. During deployment, it’s important to audit the data access conditions, retention controls, and sensitivity labels already in place.
It can seem overwhelming to tackle this all at once, as there is a lot to consider for MSPs and their small to medium-sized business (SMB) clients alike. This is why restricting SharePoint Search can be a good way to start testing Copilot before making sure the rest of your security measures are in place.
What is Restricted SharePoint Search, and why is it important?
Restricting SharePoint Search means setting strict Copilot access to only certain areas. This allows the team to explore AI without a breach of sensitive data being shared, providing more time to tighten up security across the data estate.
Restricted SharePoint Search permits you the capability to review and audit site permissions, helping you maintain momentum with your Copilot deployment. It disables organization-wide search and limits both Enterprise Search and Copilot to a selected set of SharePoint sites. While the team starts using Copilot within these data limits, you can work on implementing robust data security and manage content lifecycle with SharePoint Advanced Management.
Regardless of whether Enterprise Search or Restricted SharePoint Search is enabled, users can still access files and content they own or have previously accessed.
How does Restricted SharePoint Search work?
By default, Restricted SharePoint Search is off. If enabled, both Copilot and non-Copilot users can access content from a curated list of up to 100 SharePoint sites, frequently visited SharePoint sites, their OneDrive files, chats, emails, calendars, directly shared files, and previously viewed, edited, or created files. Copilot users will see a message indicating that access to certain SharePoint sites is restricted by the admin, limiting the content Copilot can search and reference.
To restrict SharePoint Search, you need to be the global SharePoint administrator for the organization. Enable it by running PowerShell scripts that require Global/Tenant and SharePoint permissions. You can also use these same tools to control the list of allowable sites.
“This actually allows you to put whatever restrictions you see fit,” says Jake Humphrey, Senior Manager, Partner Enablement Experience at Pax8. “You can put in specific sites and say, ‘hey, we only want to allow searching in these sites.’ You can do a mass restriction, or you can set whatever rules you want users to play by.”
One note: restricting SharePoint will likely result in Copilot having less information available, so that may impact how useful and accurate it is.
Digging deeper
To learn more about Restricted SharePoint Search, be sure to watch our episode of TECHnically Unraveled, “M365 Copilot: The SMB solution with Blackpoint & Cyrisma.” And you can learn more about the technical details of restricting SharePoint access via Microsoft.
