We all know that the biggest problem in SharePoint is oversharing. And when Copilot comes this problem becomes visible an attracts attention. As SharePoint admins we are bouncing between three forces – 1) Microsoft who tried to simplify permissions with Teams but actually made it worth, 2) Users who are struggling trying figuring out access and overshare content and 3) Management who ignores engineers for years and then requires quick simple solutions. Microsoft knows all that and tries to to reduce the tension with a “SharePoint Advanced Management” suite of administrative features.

I have 15+ years experience in SharePoint, including really large tenants. I have been dealing with oversharing and search and delve for years… but now it’s Copilot. If I was asked to configure new tenant, here is what I would do.

Disable “Everyone Except External Users” in people picker

Implement site sensitivity labels

Disallow private and shared channels under public teams

WIP…