Microsoft 365 Copilot does not create your data problem. It indexes it, then hands it to anyone with a license and a question. Everything that was quietly overshared for the last decade is now one prompt away from the wrong person.
That is the uncomfortable truth under every Copilot rollout, and it is worse in government. Copilot honors existing permissions. People hear that and relax, as if respecting permissions is a safeguard. It is not. It means Copilot is exactly as careful as your permissions are, and in most tenants your permissions are a decade of accumulated mistakes nobody has looked at since the site was created.
Copilot Is a Mirror, Not a Leak
Copilot only returns content a user already had access to. So it does not technically leak anything. What it does is make existing oversharing trivial to find. The file that was buried fifteen clicks deep in a site nobody remembered is now surfaced, summarized, and cited in a single sentence. The exposure was always there. Copilot just removed the friction that was hiding it.
This is why a readiness effort that focuses on the model is aimed at the wrong target. The model is fine. Your permissions, your labels, and your site ownership are the work.
Copilot does not leak your data. It removes the friction that was hiding the leak you already had.
The Real Copilot Readiness Checklist for GCC
Here is the unglamorous version, the one that does not fit on a slide. This is the Copilot readiness checklist for GCC that actually determines whether your rollout is safe, in roughly the order I work through it.
Oversharing: the “Everyone” problem
Start with the broad grants. “Everyone,” “Everyone except external users,” and “Anyone” sharing links are the three phrases that turn a single site into tenant-wide exposure. Run the Data Access Governance reports in SharePoint and look for sites with thousands of permissioned users or sensitive content behind an organization-wide link. Those are not edge cases. In a tenant that has run for years, they are the norm, and they are the first thing Copilot will happily index.
Permission sprawl: a decade of one-off grants
Underneath the broad links is the slower rot. Years of one-off permissions, people who changed roles but kept access, sites shared with a group that has since absorbed half the agency. Nobody audits this because nothing forced them to. Copilot forces them to. Before you scale it, you need a real picture of who can reach what, and a way to walk the worst of it back.
Site ownership: the prerequisite to everything
You cannot clean up a site nobody owns. A surprising share of government tenants have orphaned sites with no active owner, which means no one can confirm whether the content is still needed or who should have access. Run a site ownership policy and require at least two owners per site. This sounds like busywork. It is actually the foundation, because every later step depends on a human who can make a call about a site.
Label drift: when your sensitivity labels lie
Sensitivity labels are only as good as their coverage, and in most environments coverage is a mess. Labels applied by hand get applied inconsistently. Auto-labeling was scoped narrowly and never expanded. The taxonomy changed two reorganizations ago and half the documents still carry the old scheme. This is label drift, and it matters because your DLP, your encryption, and your Copilot protections all assume the labels mean something. When the labels lie, the protections lie with them. Fix the taxonomy, then fix the coverage, then trust the labels. Not the other way around.
Restricting what you cannot fix yet
You will not remediate everything before go-live, and you should not pretend otherwise. For the genuinely sensitive sites you cannot clean up in time, use Restricted Access Control to limit access to a defined group, and Restricted Content Discovery to keep a site out of Copilot and agent results without changing its permissions. These are the tools that let you deploy on schedule without exposing the sites you have not gotten to. Use them deliberately, with a plan to come back, not as a permanent hiding place.
Purview and the AI-specific layer
Once permissions and labels are honest, Purview gives you the AI-specific controls: data security posture management for AI, policies that keep Copilot away from sensitive files, and the audit trail for what the agents actually touched. This is the layer that turns a one-time cleanup into ongoing governance, which is the only kind that survives contact with real users.
Why GCC Makes All of This Harder
Everything above is true in commercial M365. GCC raises the difficulty. Features land in GCC later than in commercial, and some behave differently when they arrive, so the readiness tooling you read about in a Microsoft blog may not be in your tenant yet. Your data is more likely to be statutory, which means a retention or public-records obligation, not just a preference. And the consequence of getting it wrong is not a bad headline. It is a compliance finding. Planning a Copilot rollout in GCC means planning around feature timing and a smaller margin for error, not assuming the newest commercial capability is sitting there waiting for you.
This Is What a Readiness Assessment Is For
None of this is glamorous, which is exactly why it gets skipped. The demo looks great, the pilot goes fine with ten cooperative users, and the problems show up at scale when someone asks Copilot a question they should not have been able to answer. A readiness assessment exists to find that before it finds you.
What I deliver is a fixed-scope, two-week assessment: a clear picture of your oversharing and permission exposure, your label coverage and drift, your site ownership gaps, and a prioritized remediation plan you can actually execute. Not a roadmap full of adjectives. A list of the specific sites, labels, and policies to fix, in the order that reduces risk fastest.
Who’s Behind It
I am a U.S. Navy veteran and an M365 and AI engineer, and Puget Sound AI is a veteran-owned small business (VOSB; SBA VetCert in progress). I do this work inside GCC constraints, the way I have done it in production government environments, and I do it myself. You get the engineer, not an account team.
If you are about to turn Copilot loose on a tenant that has not had a permissions reckoning in years, do the unglamorous part first. That is the conversation I want to have. Let’s talk.