AI ActReady · Copilot Ready

Switch on Microsoft 365 Copilot without exposing your data.

An executive asks Copilot for "the comp plan" and gets a document they were never meant to see. Copilot doesn't open a new hole: it makes the oversharing you already had queryable in plain language. We get it under control before switch-on, not after the incident.

Request the diagnostic
The risk, in plain terms
16%
of an organisation's critical data is already overshared (Concentric AI).
802,000
files accessible to people who shouldn't have access, per organisation.
Why now
Microsoft pushes the Copilot app via Windows Update, ready or not. The AI Act deadline: 2 August 2026.
In short

Copilot inherits your access rights, not your judgment.

You switch Copilot on. What looks like a leak isn't one: everything it surfaces was already accessible. The problem isn't the AI, it's a sharing configuration built up over years that no patch fixes for you (even after EchoLeak, CVE-2025-32711, since patched by Microsoft).

First, it's a GDPR risk: personal data becomes queryable by the wrong people. And a blind spot for AI governance: as a deployer, the EU AI Act expects you to know which AI tools run in your organisation and what they expose.

The approach

What the audit checks, before you switch Copilot on.

Six concrete points, with native Microsoft tools. The point isn't to buy yet another solution, but to set right what you already have.

Deliverable: a risk score and a prioritised remediation plan you can act on. Not a slide deck.

01 · Access & identity

Entra ID: stale accounts, external guests, over-permissioned groups.

02 · Oversharing surface

SharePoint Advanced Management: sites shared with the whole org, anonymous links, broken inheritance.

03 · Sensitivity labels

Purview: is business-critical content labelled, and is access actually restricted.

04 · Copilot-aware DLP

Exclude sensitive labelled content from what Copilot can process.

05 · Indexing scope

Restricted SharePoint Search: limit what Copilot reads during the pilot.

06 · Usage reality

Which AI tools your teams already use, with no guardrails.

How it works

A free scoping call, then the audit that secures your rollout.

You know where you stand before you scale Copilot, not after the first incident. And you choose your level of commitment.

1
Scoping1 day · free

Scope, access, objectives, no commitment. You leave with a first read of your exposure.

2
Diagnostic2 to 4 days · deducted

A map of your oversharing and a risk score, on your tenant. To know where you stand before you commit.

3
Audit & remediation1 to 2 wks · by scope

The six points on your native tools (Entra ID, SharePoint Advanced Management, Purview), the prioritised remediation plan and support through to switch-on. No agent to install.

Pricing

The scoping call is free, and the diagnostic is deducted if you move to the full audit. Indicative ranges (excl. VAT), adjusted to scope and country.

Diagnostic
from €1,900 · qualify your exposure

Know where you stand before you commit: a map of your oversharing and a risk score.

  • 2 to 4 days, on your Microsoft 365 tenant
  • Oversharing map and risk score
  • No agent to install

Deducted from the audit if you move ahead.

You leave with

A first map of your oversharing exposure.

Audit & remediationRecommended
from €6,500 · by segment and scope

The six points, the prioritised remediation plan and support through to a secured Copilot switch-on.

  • SME: from €6,500
  • Mid-market: from €12,000
  • Enterprise: on request
  • Risk score, remediation plan, support
You leave with

A secured Copilot and an access inventory, presented.

Compliance

One audit, two outcomes.

On one side, Copilot you switch on with peace of mind. On the other, an inventory of access and usage that feeds your GDPR file and your AI governance (the documentation the EU AI Act expects from a deployer). One partner for both, not a security vendor on one side and a compliance firm on the other.

Secure your Copilot rollout.

Free scoping call. We reply within 48h, no sales follow-up.

Book a diagnostic