Microsoft is—once again—in hot water over its Copilot AI, this time because it is giving users unauthorized access to emails and documents.

Salesforce CEO Marc Benioff, one of Copilot’s biggest critics, posted a message on X about the issue.

According to the Business Insider article Benioff links to, Copilot is oversharing information to such a degree that some companies are delaying deployment of the tool. Despite the issue, Microsoft says Copilot is not to blame, with companies’ lax data-governance models being the real culprit.

“Many data-governance challenges in the context of AI were not caused by AI’s arrival,” a Microsoft spokesperson told BI.

“Microsoft is helping customers enhance their central governance of identities and permissions, to help organizations continuously update and manage these fundamental controls,” the spokesperson added.

The issue seems to stem from the way AI models work, consuming and indexing content in order to provide insights and perform tasks based on it. Evidently, become some organizations do not have strong data-governance policies in place, Copilot is making sensitive information available to employees who shouldn’t have access to that information.

While not technically a Copilot problem, Microsoft is nonetheless rolling out changes designed to help companies identify data-governance issues and address them, as the company describes.

For Copilot administrators, it can be overwhelming to know where to start. Existing administrators can also be unfamiliar with how some features can enhance their data security.

To address the need for shorter, actionable, and prescriptive guidance, you can use this deployment blueprint.

In this deployment blueprint, we provide a recommended approach to address internal oversharing concerns throughout a Microsoft 365 Copilot deployment.

Administrators can find the deployment blueprint here, and are encouraged to make any necessary changes to ensure proper data access.