We Know Why Copilot Isn't Working Like You Expected

Copilot works best when it can access the right information securely, consistently, and in context.

For many nonprofits, Copilot challenges are usually about how information is organized and shared day to day, as well as how it is governed overtime. Below are five patterns that most often limit Copilot’s value in nonprofit tenants along with practical ways to address them without enterprise level overhead.
 

1. Overly Broad or Inconsistent SharePoint Permissions

When SharePoint sites and document libraries have overly broad access (e.g., “Everyone can edit”), Copilot may surface outdated, irrelevant, or sensitive content, or miss authoritative files entirely. This reduces trust in Copilot responses and can create uncertainty about what information is safe to use.

What This Might Look Like:

•    Many staff added directly to sites over time
•    Legacy folders shared “just to be safe”
•    Little distinction between read vs. edit access
•    No clear ownership of sites or libraries

How This Can Be Fixed:

1. Conduct a lightweight permissions review of key SharePoint sites. 
2. Align access to roles using security groups where possible and apply a least privilege approach. 
3. Even modest cleanup can significantly improve Copilot relevance and confidence.

2. Limited Use of Sensitivity Labels or Information Protection

Most small and medium sized nonprofits do not actively use Microsoft Purview or advanced information protection tools, often due to cost or capacity constraints. Copilot will still function without sensitivity labels, but the absence of basic classification can make it harder to consistently protect sensitive information.

What This Might Look Like:
•    No formal data classification policy
•    Sensitive files identified by folder location or “tribal knowledge”
•    Staff unsure what content is considered confidential
•    No expectation to label documents or emails

How This Can Be Fixed:

1. Start small. Even a simple, manually applied labeling scheme (e.g., Public, Internal, Confidential) helps establish boundaries and improve Copilot behavior without requiring advanced Purview licensing. 
2. Labels enhance governance, but they are not a prerequisite for Copilot to work.

3. Core Microsoft 365 Workloads Not Fully Enabled or Adopted

Copilot relies on Microsoft Graph to surface context from everyday tools like Outlook, Teams, SharePoint, and OneDrive. In most nonprofit tenants, no special Graph permissions or app consent steps are required, but issues arise when core workloads are underused, inconsistently configured, or partially disabled.

What This Might Look Like:
•    Email used heavily, but files live everywhere
•    Teams used for chat, not document collaboration
•    Staff storing key files only in personal OneDrive
•    Legacy tools still used alongside Microsoft 365

How This Can Be Fixed:
 

1. Ensure core Microsoft 365 workloads are enabled and actively used. 
2. If staff can access content in Outlook, Teams, SharePoint, or OneDrive, Copilot can too. 
3. Focus on adoption and consistency — not technical Graph configuration.

4. Inconsistent Teams and OneDrive External Sharing Practices

External sharing is essential for nonprofit collaboration, but inconsistent policies can confuse Copilot. Overly restrictive settings may prevent Copilot from accessing legitimate collaboration content, while overly permissive sharing increases the risk of unintended exposure.

What This Might Look Like:
•    Ad hoc sharing links created under time pressure
•    Guest users added without periodic review
•    Different sharing rules across Teams and OneDrive
•    Unclear guidance on what should (or shouldn’t) be shared externally

How This Can Be Fixed:

1. Standardize external sharing policies across Teams and OneDrive. 
2. Establish clear guidance for guest access and regularly review sharing links. This helps Copilot accurately summarize collaboration while maintaining appropriate boundaries.

5. Poor Content Hygiene (Outdated or Disorganized Content)

Even with correct permissions, Copilot struggles when content is duplicated, outdated, or scattered across multiple locations. Without clear signals about which files are authoritative, Copilot may produce inconsistent or low quality outputs.

What This Might Look Like:
•    Multiple versions of the same document
•    Files stored in both Teams and SharePoint with no clear owner
•    Old content never archived or deleted
•    Inconsistent naming and folder structures

How This Can Be Fixed:

1. Define basic content standards: where key documents live, how they’re named, and who owns them. 
2. Archive outdated files and identify authoritative sources. Improving content hygiene is one of the fastest ways to improve Copilot quality.

Need help cleaning up your M365 environment? We can help! Our fixed-price and custom projects can be tailored to your goals and capacity. Fill out the form below to connect with a tech expert: