Get started with Microsoft 365 Copilot - admin guide

Microsoft 365 Copilot is an AI-powered productivity tool that uses large language models (LLMs). It integrates with your data, with Microsoft Graph, and with Microsoft 365 Apps.

It works alongside popular Microsoft 365 Apps, like Word, Excel, PowerPoint, Outlook, Teams, and more. Copilot provides real-time intelligent assistance, enabling users to enhance their creativity, productivity, and skills.

This article covers how IT admins can prepare their organization for Copilot.

Tip

If you're an end user, then the Copilot Lab is a good resource.

Before you begin

This section gives an overview of the prerequisites (licensing and admin centers access), and apps that can use Copilot. There might be more requirements at Microsoft Copilot 365 requirements.

Prerequisites

App requirements

Step 1 - Optimize search in SharePoint

Optimize your SharePoint content for search

When a user makes a request to Copilot, it processes the request and then generates a response with LLMs. LLMs leverage content from Microsoft Graph and web content (optional).

Content in Microsoft Graph includes emails, files, meetings, chats, calendars, and contacts. A significant portion of this data is stored in SharePoint. Copilot gathers SharePoint content in the same way SharePoint Search gathers content.

To get the most out of Copilot and get the best results, optimize your SharePoint content for search:

Microsoft 365 Copilot allows users to find and access their content through natural language prompting. Copilot ensures data security and privacy by following existing obligations and integrating with your organization's policies. It uses your Microsoft Graph content with the same access controls as other Microsoft 365 services.

To learn more about privacy with Microsoft 365 Copilot, see Data, Privacy, and Security for Microsoft 365 Copilot.

Step 2 - Apply principles of Just Enough Access

Prevent sharing and control access with SharePoint and OneDrive

To get ready for your organization’s Microsoft 365 Copilot adoption, there are a few highly recommended steps you can take with SharePoint and OneDrive.

To start, you can:

Reduce accidental oversharing with SharePoint sharing settings

To minimize accidental content oversharing with Copilot results, implement sharing settings at the organization and site levels:

  1. At the organization level:

  2. Reduce accidental oversharing at the site level:

Check permissions and site access in SharePoint admin center

To ensure data is secure, review SharePoint site access and permissions. Prioritize sites that contain sensitive information.

  1. In the SharePoint admin center, see Active Sites > select a site > Edit > Settings.

    Private means that only users in your organization with access to the site can find it. Public (default) means anyone in your organization can find the site and access its content.

    Screenshot showing the SharePoint admin center active sites panel.

  2. In the Membership tab, review access to site owners, members, and visitors. Ensure that only the necessary users have access to the site.

Identify sites with potentially overshared content and control access

  1. Use the following SharePoint Advanced Management (SAM) activity-based reports to quickly identify the most actively overshared sites:

  2. Initiate a Site Access Review for site owners to confirm overshared content and take remediation steps. SharePoint admins can use the Restricted Access Control Policy to restrict access to a site with overshared content.

For business-critical sites, there are features in SharePoint Advanced Management and Microsoft Purview you can use:

Note

SharePoint Advanced Management has more features to help you get ready for Copilot fast and at scale. To learn more, see Get ready for Copilot for Microsoft 365 with SharePoint Advanced Management (SAM).

Sensitivity labels from Microsoft Purview

Use sensitivity labels to protect your data

In the Microsoft Purview portal, you can create sensitivity labels (Information protection > Sensitivity labels). Use these labels to identify how sensitive the data is in your organization. When they're applied to items like documents and emails, the labels add an extra layer of protection and can affect Copilot results.

Screenshot showing the Microsoft Purview screen for sensitivity labels.

The extra later of protection includes:

  • Copilot Business Chat can reference data from different types of items. The sensitivity label with the highest priority is visible to users.

  • If the label applies encryption, Copilot checks the usage rights for the user. For Copilot to return data from that item, the user must be granted permissions to copy from it.

With sensitivity labels, you can:

  1. Create labels or activate default labels: If you don't already have sensitivity labels, you might be eligible to have some default labels automatically created for you, like Public, General, and Confidential. The default labels are suitable for items like files, emails, and meetings. You can modify the default labels and always create your own labels.

    To learn more, see:

  2. Define the data sensitivity requirements and review your SharePoint sites & files in OneDrive. Focus on the most critical repositories and determine the sensitivity of the data on these sites.

    If you're piloting Copilot, deploy Copilot licenses to users who have access to these critical sites. Then, iterate through the rest of your repositories and expand your user base.

    For a more detailed strategy to deploy and drive adoption, see Step 7 - Deploy to some users and measure adoption (in this article).

  3. Enable and apply sensitivity labels: Enable sensitivity labels for files in SharePoint and OneDrive. Then, with a publishing label policy, you can configure a default label and users can manually apply your labels. To label at scale, use autolabeling to automatically apply labels based on sensitive information detected.

    For more information about the different ways that you can apply sensitivity labels, see Common scenarios for sensitivity labels.

    One of the available labeling methods is to apply sensitivity labels based on content found in documents when you use data loss prevention (DLP) policies. DLP policies can automatically apply sensitivity labels when specific types of information are identified in a document, like personal data that includes addresses, tax information, or passport numbers.

    With DLP policies, you can also:

    • Use the trainable classifier tool to identify categories of content, like source code, financial documents, and HR.
    • Set up endpoint DLP policies that restrict users from specific actions, like copying content to clipboard or removable USB devices, or printing.

Once applied, the sensitivity labels enforce your protection settings.

To learn more about sensitivity labels, see Learn about sensitivity labels.

Copilot activity and Microsoft Purview

Audit Copilot activity, create retention policies, and use eDiscovery and communication compliance

In the Microsoft Purview portal, you can use the following features to search for specific content and activities that include Copilot prompts and responses.

Tip

To learn more about these Microsoft Purview security and compliance protections for Copilot, and how Microsoft Purview AI Hub can help you more quickly deploy them, see Microsoft Purview data security and compliance protections for generative AI apps.

Step 3 - Review app privacy

Review your Microsoft 365 apps privacy settings

The privacy settings in your Microsoft 365 apps can affect the availability of Microsoft 365 Copilot features. To ensure that users can access Copilot features, review the privacy settings in your Microsoft 365 apps.

To learn more, see Microsoft 365 Copilot and privacy controls for connected experiences.

Step 4 - Update channels

Use the Current Channel or Monthly Enterprise Channel to update apps

Microsoft 365 Copilot follows the Microsoft 365 Apps standard practice for deployment and updates. It's available in all update channels, except for Semi-Annual Enterprise Channel.

Your options:

  • Production channels include Current Channel and Monthly Enterprise Channel.

    • Current Channel provides your users with the newest Microsoft 365 app features as soon as they're ready. It provides the best experience for a fast-moving product, like Copilot.

    • Monthly Enterprise Channel gives more predictability of when these new Microsoft 365 app features are released each month. It's a good option for organizations that want to validate the new features before they're released to the Current Channel.

  • Preview channels include Current Channel (Preview) and Beta Channel.

    Preview channels are a great option to validate the product before rolling out to the rest of organization. To learn more, see Overview of update channels and Microsoft 365 Insider channels.

There are multiple ways you can manage channels for user devices. To learn more, see Change update channel of Microsoft 365 to enable Copilot.

Step 5 - Provision Microsoft 365 Copilot licenses

Assign Copilot licenses using the Microsoft 365 admin center

The next step is to assign licenses so users can start using Copilot. You can manage Microsoft 365 Copilot licenses in the Microsoft 365 admin center. You can assign to individual users or to groups of users, and also reassign licenses to other users.

When licenses are assigned, Copilot shows up in the Microsoft 365 apps, like Word and Excel. To use Copilot, users sign into the app with their work or school account and the file must be editable (not read only).

To learn more, see:

Step 6 - Configure settings for Copilot

Configure more Copilot features

In the Microsoft 365 admin center > Copilot, there are more Copilot features that benefit admins and settings you can configure that benefit your organization.

You can:

  • View the status of Copilot license assignments
  • Access the latest information on Copilot
  • Manage data security and compliance controls
  • Submit feedback on behalf of users
  • Configure plugins and permissions
  • Enable the use of web data as grounding data in Copilot

To learn more, see Manage Microsoft 365 Copilot with the Copilot page.

Step 7 - Deploy to some users and measure adoption

Create a group of early adopters

There are many uses of Microsoft 365 Copilot across the various Microsoft 365 productivity apps. And, there are opportunities for users to find value in different ways.

To help drive adoption, create a group of early adopters. This group can help you understand how users are using Copilot and how it's valuable to them.

  1. Identify users across various business groups in your organization, ideally with high usage of existing Microsoft 365 features. You can identify these users by reviewing usage metrics in the Microsoft 365 admin center.

  2. Assign these users Microsoft 365 Copilot licenses and onboard them using the resources available at the Microsoft 365 Copilot adoption hub, including the user onboarding kit.

  3. As these users get more comfortable with using Copilot, they can speak to how they use it best, and where it's most valuable for them. This information provides you with product champions that can help other users adopt and use Copilot across your organization.

    With your established community of early adopters or Champions, they can better speak to their peers within their organization and contextualize the value of Copilot to best suit their needs. This framework also provides IT departments with a scalable way to handle questions through Champions, developing a team of experts across your organization.

    To learn more about driving adoption, visit the Microsoft 365 Copilot adoption hub.

Get insights and user sentiment

To measure the impact of Copilot on your organization, use the Copilot Dashboard from Viva Insights. Viva Insights gives organizational leaders and IT decision makers insights into readiness, adoption, impact, and user sentiment.

To learn more, see:

More resources