| Service | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| SharePoint | Advanced Management | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/advanced-management.md | Whether preparing for [Copilot deployment](/copilot/microsoft-365/microsoft-365- :::image type="content" source="media/sam-overview/0-sam-overview-pillars-new.png" alt-text="Screenshot of SharePoint Advanced Management pillars." lightbox="media/sam-overview/0-sam-overview-pillars-new.png"::: -We recommend utilizing SharePoint Advanced Management features along with our [best practices for Copilot for Microsoft 365](/sharepoint/sharepoint-copilot-best-practices) to reduce the risk of oversharing, control content sprawl, and manage content lifecycle. +We recommend utilizing SharePoint Advanced Management features along with our [best practices for Microsoft 365 Copilot](/sharepoint/sharepoint-copilot-best-practices) to reduce the risk of oversharing, control content sprawl, and manage content lifecycle. SharePoint Advanced Management features are managed by [IT administrators](/microsoft-365/admin/add-users/about-admin-roles) with access to the [SharePoint admin center](https://go.microsoft.com/fwlink/?linkid=2185219). Some features can be used by site owners. Licensing details for each feature listed above are included in those articles. [Microsoft 365 Government - how to buy](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/microsoft-365-government-how-to-buy) -[Get started with Microsoft Copilot for Microsoft 365](/copilot/microsoft-365/microsoft-365-copilot-setup) +[Get started with Microsoft 365 Copilot](/copilot/microsoft-365/microsoft-365-copilot-setup) |
| SharePoint | Get Ready Copilot Sharepoint Advanced Management | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/get-ready-copilot-sharepoint-advanced-management.md | Last updated 09/12/2024 Title: Get ready for Copilot for Microsoft 365 with SharePoint Advanced Management (SAM) + Title: Get ready for Microsoft 365 Copilot with SharePoint Advanced Management (SAM) search.appverid: - MET150 description: "Learn how to get ready for Microsoft 365 Copilot by using SharePoint Advanced Management (SAM) to govern your organization's data effectively by controlling content sprawl, preventing oversharing, control content access by Copilot, and manage content lifecycle." -# Get ready for Copilot for Microsoft 365 with SharePoint Advanced Management (SAM) +# Get ready for Microsoft 365 Copilot with SharePoint Advanced Management (SAM) ## Copilot and SharePoint -Your organization is preparing to enable Microsoft Copilot for Microsoft 365, an AI-driven productivity tool that enhances creativity, productivity, and skills in real-time. As the SharePoint admin, itΓÇÖs crucial to govern your organization's SharePoint data properly to ensure Copilot's results are appropriate, accurate, and compliant. Understanding the significance of content governance in SharePoint for Copilot begins with knowing [how Copilot works through three components](/copilot/microsoft-365/microsoft-365-copilot-overview#copilot-integration-with-graph-and-microsoft-365-apps): +Your organization is preparing to enable Microsoft 365 Copilot, an AI-driven productivity tool that enhances creativity, productivity, and skills in real-time. As the SharePoint admin, itΓÇÖs crucial to govern your organization's SharePoint data properly to ensure Copilot's results are appropriate, accurate, and compliant. Understanding the significance of content governance in SharePoint for Copilot begins with knowing [how Copilot works through three components](/copilot/microsoft-365/microsoft-365-copilot-overview#copilot-integration-with-graph-and-microsoft-365-apps): - Large language models (LLMs) - The Microsoft 365 productivity apps that you use every day, such as Word, Excel, PowerPoint, Outlook, Teams, and others. Content in Microsoft Graph includes emails, files, meetings, chats, calendars, a ## Use SharePoint Advanced Management(SAM) to get your organization ready for Copilot -Microsoft SharePoint Premium ΓÇô SharePoint Advanced Management (SAM) is an essential Microsoft 365 add-on that helps you, as the SharePoint admin to address these three pillars around content governance. To get ready for your organizationΓÇÖs Copilot for Microsoft 365 adoption, there are a few highly recommended steps you can take, primarily using SharePoint Advanced Management tools. These steps reduce accidental oversharing, minimize your content governance footprint, improve Copilot response quality, control content access by Copilot, and ensure data safety specifically for business-critical sites. Let's delve into the specific steps you can take: +[Microsoft SharePoint Premium ΓÇô SharePoint Advanced Management (SAM)](/sharepoint/advanced-management) is an essential Microsoft 365 add-on that helps you, as the SharePoint admin to address these three pillars around content governance. To get ready for your organizationΓÇÖs Microsoft 365 Copilot adoption, there are a few highly recommended steps you can take, primarily using SharePoint Advanced Management tools. These steps reduce accidental oversharing, minimize your content governance footprint, improve Copilot response quality, control content access by Copilot, and ensure data safety specifically for business-critical sites. Let's delve into the specific steps you can take: ### Step 1: Reduce accidental oversharing with SharePoint sharing settings Identify inactive sites, then take action to reduce your governance footprint an Without looking at the actual content, how do you quickly identify sites with potentially overshared content? Usually, if you see there's content on a site that is being shared with one of the following options: ΓÇ£**Everyone Except External Users**ΓÇ¥, ΓÇ£**People in your organization**ΓÇ¥ and ΓÇ£**Anyone**ΓÇ¥, there's a bigger chance that the content is overshared. Currently, SAM activity based reports let you quickly identify most actively overshared sites, by running three individual reports: -- Usage of "Everyone Except External Users" -- Usage of ΓÇ£People in your organization" sharing links -- Usage of "Anyone" sharing links +- [Usage of "Everyone Except External Users"](/sharepoint/data-access-governance-reports#content-shared-with-everyone-except-external-users-eeeu-reports) +- [Usage of ΓÇ£People in your organization" sharing links](/sharepoint/data-access-governance-reports#sharing-links-reports) +- [Usage of "Anyone" sharing links](/sharepoint/data-access-governance-reports#sharing-links-reports) Sites with these three types of usage are at a greater risk of oversharing compared to those without such usages. Once the report is generated, select the Get AI insights button to [get AI insights](/sharepoint/advanced-management#ai-insights) generated for the report to help you identify issues with the sites and possible actions to address these issues. ### Step 4: Control access to content -When you use either Microsoft Search or Microsoft Copilot, the results come from content in Microsoft Graph, based on each individual userΓÇÖs profile and permissions. In Step 3, you have identified sites with potentially overshared content. Next, you want to ensure Copilot and organization-wide search only have access to content when appropriate. Currently, you can initiate a Site Access Review for site owners to confirm overshared content and take remediation steps. Meanwhile, you as the SharePoint admin can use the Restricted Access Control Policy to restrict access to a site with overshared content. +When you use Microsoft Copilot, the results come from content in Microsoft Graph, based on each individual userΓÇÖs profile and permissions. In Step 3, you have identified sites with potentially overshared content. Next, you want to ensure Copilot only has access to content when appropriate. Currently, you can initiate a Site Access Review for site owners to confirm overshared content and take remediation steps. Meanwhile, you as the SharePoint admin can use the Restricted Access Control Policy to restrict access to a site with overshared content. #### Site Access Review by site owners -- For any site that is identified with potentially overshared content, [Site Access Review](/sharepoint/site-access-review) is needed. As the SharePoint Admin, you should initiate the Site Access Review. -- Site Owners use a new Site Access Review UI to review the broadly shared content in their site-- The site owners need to determine whether the broad sharing is appropriate, or it's indeed oversharing and requires remediation. +- For any site that is identified with potentially overshared content, [Site Access Review](/sharepoint/site-access-review) is needed. As the SharePoint Admin, you should [initiate the Site Access Review](/sharepoint/site-access-review/#initiate-a-site-access-review). +- Site Owners [receive notification](/sharepoint/site-access-review#site-access-review-process-for-site-owners) for each site that requires attention. They can use the [**Site reviews page**](/sharepoint/site-access-review#manage-multiple-site-access-review-requests-for-site-owners) to track and manage multiple review requests. +- The site owner [reviews access in two main areas](/sharepoint/site-access-review#review-everyone-except-external-users-site-access-review-requests-for-site-owners): SharePoint groups and individual items to determine whether the broad sharing is appropriate, or it is indeed oversharing and requires remediation. - If the site owner determines that the content is indeed overshared, they can take easy remediation actions by using the Access Review dashboard to update permissions. #### Restrict access with the Restricted Access Control Policy -Until the Site Access Review is complete, you as the SharePoint Admin may want to take action to mitigate oversharing risks. To restrict access to a site with overshared content, the SharePoint Admin can set up a Restricted Access Control Policy. As a result, all access to the site is restricted to only the group of users specified in the policy. Accordingly, the content from this site is visible in Copilot for Microsoft 365 *only for this restricted group of users*. This policy can be configured at an individual site or OneDrive. +Until the Site Access Review is complete, you as the SharePoint Admin may want to take action to mitigate oversharing risks. To restrict access to a site with overshared content, the SharePoint Admin can set up a [Restricted Access Control Policy](/sharepoint/restricted-access-control). As a result, all access to the site is restricted to only the group of users specified in the policy. Accordingly, the content from this site is visible in Microsoft 365 Copilot *only for this restricted group of users*. This policy can be configured at an individual site or OneDrive. ### Step 5: Take proactive measures on business-critical sites In Step 4ΓÇöcontrol access to content, it's advised to begin with the Site Acces In addition, in Step 5, to further protect content on your business-critical sites, you can use Restricted Content Discoverability to leave permissions in place, but prevent the content from being available to Microsoft 365 Copilot and Organization-wide search experiences. -The Restricted Content Discoverability policy leaves site access unchanged but prevents the siteΓÇÖs content from being surfaced in Copilot for Microsoft 365 or organization-wide Search. The SharePoint Admin can set Restricted Content Discoverability on that site. +The Restricted Content Discoverability policy leaves site access unchanged but prevents the siteΓÇÖs content from being surfaced in Microsoft 365 Copilot or organization-wide Search. The SharePoint Admin can set Restricted Content Discoverability on that site. ### Use AI Powered Semantic matching to find similar sites |
| SharePoint | Restricted Sharepoint Search Admin Scripts | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/restricted-sharepoint-search-admin-scripts.md | description: "Learn how to use PowerShell scripts as a SharePoint Administrator # Use PowerShell Scripts for Restricted SharePoint Search > [!IMPORTANT]-> Restricted SharePoint Search is designed for customers of Copilot for Microsoft 365. Visit [here](https://go.microsoft.com/fwlink/p/?linkid=2260808) and the [overview of Restricted SharePoint Search](/sharepoint/restricted-sharepoint-search) for more information. +> Restricted SharePoint Search is designed for customers of Microsoft 365 Copilot. Visit [here](https://go.microsoft.com/fwlink/p/?linkid=2260808) and the [overview of Restricted SharePoint Search](/sharepoint/restricted-sharepoint-search) for more information. By default, **Restricted SharePoint Search** isn't enabled. To enable and set up Restricted SharePoint Search, you need to have a [SharePoint Administrator](/sharepoint/sharepoint-admin-role) or [above](/microsoft-365/admin/add-users/about-admin-roles) role in Microsoft 365. Depending on the scenario, some actions you need to take are: |
| SharePoint | Restricted Sharepoint Search Allowed List | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/restricted-sharepoint-search-allowed-list.md | description: "Learn how to use SharePoint Admin Center active sites report and S # Curate the allowed list for Restricted SharePoint Search > [!IMPORTANT]-> Restricted SharePoint Search is designed for customers of Copilot for Microsoft 365. Visit [here](https://go.microsoft.com/fwlink/p/?linkid=2260808) and the [overview of Restricted SharePoint Search](/sharepoint/restricted-sharepoint-search) for more information. +> Restricted SharePoint Search is designed for customers of Microsoft 365 Copilot. Visit [here](https://go.microsoft.com/fwlink/p/?linkid=2260808) and the [overview of Restricted SharePoint Search](/sharepoint/restricted-sharepoint-search) for more information. As a [SharePoint Administrator](/sharepoint/sharepoint-admin-role) or [above](/microsoft-365/admin/add-users/about-admin-roles) in Microsoft 365, you can set up an allowed list of Restricted SharePoint Search with a maximum of 100 selected SharePoint sites. For Copilot and organization-wide search, besides the contents that they already have access to, either by direct sharing, visiting, or owning, your organizationΓÇÖs users will only be able to reach the sites on the allowed list, honoring these sitesΓÇÖ current permissions. The SPAC DAG report (Data access governance reports for SharePoint sites) is par ## Resources -[Microsoft Copilot for Microsoft 365 - best practices with SharePoint](/sharepoint/sharepoint-copilot-best-practices) +[Microsoft 365 Copilot - best practices with SharePoint](/sharepoint/sharepoint-copilot-best-practices) |
| SharePoint | Restricted Sharepoint Search | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/restricted-sharepoint-search.md | description: "Helps you prevent certain content on SharePoint sites from being s # Restricted SharePoint Search > [!IMPORTANT]-> Restricted SharePoint Search is designed for customers of Copilot for Microsoft 365. +> Restricted SharePoint Search is designed for customers of Microsoft 365 Copilot. ## What is Restricted SharePoint Search? Only the hub site (the URL in the Allowed list) is included in the 100. The sub ## What to do next? -After setting up Restricted SharePoint Search and enabling Microsoft Copilot for Microsoft 365 for your organization, you should evaluate the SharePoint sites [activities](/microsoft-365/admin/activity-reports/sharepoint-activity) and [usage](/microsoft-365/admin/activity-reports/sharepoint-site-usage) to adjust the allowed list. You can use [Microsoft SharePoint Admin Center](/sharepoint/advanced-management) and [Microsoft Purview](/purview/ai-microsoft-purview) to gradually increase the scope of search and Copilot experience for your organization. Restricted SharePoint Search honors existing site permissions, so you can work with site owners and admins to add [advanced access policies](/sharepoint/advanced-management#advanced-access-policies-for-secure-content-collaboration) and [advanced site content lifecycle management](/sharepoint/advanced-management#advanced-sites-content-lifecycle-management) for specific users and groups through Microsoft SharePoint Advanced Management. Moreover, Microsoft Purview enhances your organizationΓÇÖs data security and compliance for Copilot. +After setting up Restricted SharePoint Search and enabling Microsoft 365 Copilot for your organization, you should evaluate the SharePoint sites [activities](/microsoft-365/admin/activity-reports/sharepoint-activity) and [usage](/microsoft-365/admin/activity-reports/sharepoint-site-usage) to adjust the allowed list. You can use [Microsoft SharePoint Admin Center](/sharepoint/advanced-management) and [Microsoft Purview](/purview/ai-microsoft-purview) to gradually increase the scope of search and Copilot experience for your organization. Restricted SharePoint Search honors existing site permissions, so you can work with site owners and admins to add [advanced access policies](/sharepoint/advanced-management#advanced-access-policies-for-secure-content-collaboration) and [advanced site content lifecycle management](/sharepoint/advanced-management#advanced-sites-content-lifecycle-management) for specific users and groups through Microsoft SharePoint Advanced Management. Moreover, Microsoft Purview enhances your organizationΓÇÖs data security and compliance for Copilot. |
| SharePoint | Shareable Links Anyone Specific People Organization | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/shareable-links-anyone-specific-people-organization.md | When users share files and folders in Microsoft 365, a shareable link is created Like an *anyone* link, a *people in my organization* link is a transferrable, revocable secret key. Unlike an *anyone* link, these links only work for people inside your Microsoft 365 organization. When somebody opens a *people in my organization* link, they need to be authenticated as a member in your directory. If they're not currently signed-in, they're prompted to sign in. - Creating a *People in your organization* link doesn't make the associated file or folder appear in search results, be accessible via Copilot, or grant access to everyone within the organization. Simply creating this link doesn't provide organizational-wide access to the content. For individuals to access the file or folder, they must possess the link and it needs to be activated through redemption. A user can redeem the link by clicking on it, or in some instances, the link can be automatically redeemed when sent to someone via email, chat, or other communication methods. The link doesn't work for guests or other people outside your organization. + Creating a *People in your organization* link doesn't make the associated file or folder appear in search results, be accessible via Copilot, or grant access to everyone within the organization. Simply creating this link doesn't provide organizational-wide access to the content. For individuals to access the file or folder, they must possess the link and it needs to be activated through redemption. A user can redeem the link by selecting it. Also, if the link is sent from the SharePoint or OneDrive Web UI, or as email in Outlook or chat message in Teams, it will be automatically redeemed for individual recipients, up to a limit of 100. This feature is not supported for group recipients, or for messages posted in Teams channels. The link doesn't work for guests or other people outside your organization. - *Specific people* links only work for the people that users specify when they share the item. |
| SharePoint | Sharepoint Copilot Best Practices | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/sharepoint-copilot-best-practices.md | Last updated 02/29/2024 Title: Microsoft Copilot for Microsoft 365 - best practices with SharePoint + Title: Microsoft 365 Copilot - best practices with SharePoint -description: "Learn about the best practices with SharePoint for content sharing when enabling Microsoft Copilot for Microsoft 365." +description: "Learn about the best practices with SharePoint for content sharing when enabling Microsoft 365 Copilot." -# Microsoft Copilot for Microsoft 365 - best practices with SharePoint +# Microsoft 365 Copilot - best practices with SharePoint -Microsoft Copilot for Microsoft 365 provides value by connecting Large Language Models (LLMs) to your organizational data. Copilot for Microsoft 365 accesses content and context through [Microsoft Graph](/graph/overview) and can generate responses based on your organizational data. The data sources include user documents stored in SharePoint and OneDrive, emails, calendars, chats, meetings, and contacts. Copilot for Microsoft 365 combines this content with the userΓÇÖs working context, such as the meeting a user is in now, the email exchanges the user had on a topic, or the chat conversations the user had last week. Copilot for Microsoft 365 uses this combination of content and context to help provide accurate, relevant, and contextual responses. +Microsofts value by connecting Large Language Models (LLMs) to your organizational data. Microsoft 365 Copilot accesses content and context through [Microsoft Graph](/graph/overview) and can generate responses based on your organizational data. The data sources include user documents stored in SharePoint and OneDrive, emails, calendars, chats, meetings, and contacts. Microsoft 365 Copilot combines this content with the userΓÇÖs working context, such as the meeting a user is in now, the email exchanges the user had on a topic, or the chat conversations the user had last week. Microsoft 365 Copilot uses this combination of content and context to help provide accurate, relevant, and contextual responses. -## How do SharePoint permissions affect your usersΓÇÖ Copilot for Microsoft 365 experience? +## How do SharePoint permissions affect your usersΓÇÖ Microsoft 365 Copilot experience? -Copilot for Microsoft 365 only surfaces organizational data to which individual users have *at least view permissions*. It's important to use the permission models in SharePoint to ensure the right users or groups have the right access to the right content within your organization. -This article provides guidance and best practices that you, as a SharePoint administrator, can take control of the SharePoint permissions model before your organization [enable Copilot for Microsoft 365 for your users](/microsoft-365-copilot/microsoft-365-copilot-enable-users). +Microsoft 365 Copilot only surfaces organizational data to which individual users have *at least view permissions*. It's important to use the permission models in SharePoint to ensure the right users or groups have the right access to the right content within your organization. +This article provides guidance and best practices that you, as a SharePoint administrator, can take control of the SharePoint permissions model before your organization [enable Microsoft 365 Copilot for your users](/microsoft-365-copilot/microsoft-365-copilot-enable-users). -## Before enabling Copilot for Microsoft 365 +## Before enabling Microsoft 365 Copilot Organizations operate at various levels of maturity in governing SharePoint data. While some enterprises strictly monitor permissions and oversharing of content, others don't. The situation is further complicated because many enterprises have legitimate reasons to share "some" data widely within the organization. Sometimes, end users in your organization make choices that result in the oversharing of SharePoint content. As an example, it's noticed that end users don't always pay attention to the permissions of the site/library/folder where they're uploading files. They may end up uploading or saving business critical content in locations where other users may have access and may include external users. It's also observed that some end users tend to prefer sharing files in SharePoint with large groups rather than with individuals. This practice can result in oversharing. -Copilot for Microsoft 365 utilizes all data that a user has access to, which may include broadly shared files that the user is unaware of. As a result, users might see Copilot for Microsoft 365 as exposing content that was overshared. +Microsoft 365 Copilot utilizes all data that a user has access to, which may include broadly shared files that the user is unaware of. As a result, users might see Microsoft 365 Copilot as exposing content that was overshared. To identify and remediate overshared content in SharePoint, follow these best practices. > [!Note] These reports can be downloaded as CSV files. You can also build your own report Once you have identified the SharePoint sites with potential oversharing issues, it's time to act. Your actions should consider several factors, including data sensitivity, the severity of the oversharing, and the need to maintain business operations. These actions include: 1. For content that has been overshared and needs immediate action:- 1. The SharePoint admin should configure [Restricted Access Control Policy](/sharepoint/restricted-access-control) for such sites. As a result, all existing access to the site is restricted to only the group of users configured by the admin. Accordingly, the content from this site is visible in the Copilot for Microsoft 365 experience only for this restricted group of users. This policy works for both OneDrive and SharePoint. + 1. The SharePoint admin should configure [Restricted Access Control Policy](/sharepoint/restricted-access-control) for such sites. As a result, all existing access to the site is restricted to only the group of users configured by the admin. Accordingly, the content from this site is visible in the Microsoft 365 Copilot experience only for this restricted group of users. This policy works for both OneDrive and SharePoint. 1. For high-profile instances, you may want to determine who/how/when the oversharing took place. Use the [Change History](/sharepoint/change-history-report) feature to see what changes may have contributed to the oversharing. 1. For cases where SharePoint admin needs to consult with site owners/admins for action: 1. The SharePoint admin can reach out to the owners of sites identified in data access governance reports. SharePoint admin can advise site owners on the overshared files/folders in that site and request them to act to manually remove unnecessary access. |