Copilot Readiness Assessment
The data hygiene, permissions and governance work most firms skip. By day 15 you can deploy Copilot to a pilot cohort without the data risk, and without buying licences you'll regret.
Why a readiness sprint comes before licences.
Most Copilot rollouts disappoint, and the reason is almost never the model. It is the underlying data. The default Microsoft 365 permissions model lets Copilot see far more than most firms realise — last decade's documents, last team's overshares, last client's matters.
Before any licence is bought, you need a clear picture of what Copilot will be able to read, who can ask the questions that surface it, and where the highest-risk overshares are. This assessment delivers exactly that, plus a remediation plan you can execute (with us or anyone else) before pilot.
What the assessment covers.
A tenant-level readiness review across the four things that determine Copilot risk: oversharing, sensitivity classification, search scope, and governance posture.
1
Oversharing audit
SharePoint / OneDrive sweep
External-share inventory
'Anyone with link' map
2
Sensitivity & labels
Existing label coverage
Auto-label opportunities
Container labelling
3
Search & grounding scope
Restricted Search readiness
Sensitivity-grounded plan
Tenant-wide search risks
4
Governance posture
Acceptable use policy
Audit logging baseline
Risk / compliance reporting
Deliverables you can hold us to.
✓
Written readiness report (15–20 pages)
✓
Top-50 overshare register (with priority)
✓
Sensitivity label rollout plan
✓
Restricted SharePoint Search plan
✓
AI Acceptable Use Policy (draft)
✓
Pilot cohort design + champion brief
Firms with 50–1,000 users actively considering Copilot for Microsoft 365 — and any firm whose CISO has asked 'what will Copilot actually see?' Most valuable in regulated sectors (legal, FS, healthcare) where the cost of a wrong answer is high.
How it runs.
1
Discovery
Day 0–2: scoping call, access grant (Global Reader + Compliance Reader), agree the cohort that pilot would target.
2
Tenant sweep
Day 3–8: automated scans + manual review across SharePoint, OneDrive, Teams, and labels.
3
Risk model
Day 9–12: oversharing register, governance posture, written risk model.
4
Plan
Day 13–14: remediation plan, pilot cohort design, AUP draft, executive walk-through.
The price band, and how it lands.
Up to 100 users
£4,800
Single tenant
100–500 users
£6,200
Single tenant, multi-domain ok
500–1,000 users
£7,600
Single tenant, complex hierarchy
Related work
Often paired with this accelerator.
Common questions.
Do we need Copilot licences to do this?
No. This assessment is specifically the work you do before licences — so you know what you're committing to and what to fix first.
How much remediation work is typical?
It varies. Lower-end: a fortnight of overshare cleanup. Higher-end: 6–8 weeks of label rollout and SharePoint IA work. We tell you what's needed and you choose whether to do it with us or in-house.
Will you sell us Copilot licences?
No. We're not a reseller. You buy through your existing route. Our incentives stay aligned with your readiness, not our margin.
Can we use the report for our risk committee?
Yes — it's written for executive and risk-committee consumption, with a one-page summary and detail appendices for the technical team.
What if we're already using Copilot?
The assessment is still valuable — it tells you what Copilot has been seeing, where the live risks are, and how to tighten without removing access from users who depend on it.