Microsoft Copilot Oversharing Data? Not Anymore. Meet Zscaler’s New Wizard

Microsoft Copilot is accelerating how people work in Microsoft 365—and it can accelerate exposure when access controls aren’t clean. Copilot runs on your existing permissions model, so if SharePoint, OneDrive, and Teams are over-permissioned, it can end up saying the quiet part out loud: surfacing sensitive data to underprivileged users through seemingly harmless prompts.

The good news: you don’t need to hit pause on Copilot to be safe. You need to be Copilot-ready—with a clear understanding of what data is exposed, why it’s exposed, and how to remediate it fast at scale.

That’s exactly where the Zscaler’s new Copilot Readiness Wizard adds value.  But more on that later.

Ready for Copilot Readiness?

When it comes to Microsoft Copilot “readiness”, most discussions focus on licensing, user eligibility, and adoption. These are Important—but not where the try success of a deployment is.

True Copilot readiness is answering questions like the following, which challenges your data risk level:

• Which sensitive files in M365 are dangerously overshared?
• Which items are missing the sensitivity labels (or have the wrong ones)?
• How much exposure is driven by anonymous links, org-wide links, or broad collaborator access?
• Can we fix the issue across our tenant without weeks of manual effort?
• Can we reduce risk without slowing users down or creating an admin bottleneck?

As you can see, these force you to evaluate how overshared your data is (in the spirit of collaboration).  A good readiness plan needs to ensure your Data Security approach can ace the test when it comes to the questions above.

Data Risk: Brought to you by Collaboration

The main challenge with collaboration is data security often takes a back seat to other approaches in the company that help drive productivity.  So what collaboration approaches cause the most risk? 

• “Everyone in the company” permissions to “keep things simple”
• Org-wide links used as a shortcut
• External sharing that persists long after a project ends
• SharePoint sites that evolve into de facto data lakes

But let’s be clear - these collaboration approaches in Copilot don't break security. It just makes the consequences of oversharing immediate.  Put simply, Copilot Prompt helps everyone discover data quickly using semantic search.

The challenge becomes what Copilot can share in user prompts.  Without the ability to clean up issues above, Copilot can over share sensitive data within user prompts when it isn’t appropriate - like company wide salary information, acquisitions plans, or customer level PII data.  This type of data should be kept within a small, trusted circle—not repeated in responses prompts to underprivileged users.

Where Microsoft Purview Fits in

Microsoft Purview provides important building blocks for governing information access and classification in Microsoft 365. It’s also true that Copilot respects sensitivity labels and permissions. In other words, if a document is properly labeled and protected, Copilot will follow those rules.

The challenge is getting to “properly labeled and protected” across the dynamic insanity of a real-world M365 deployment

• Users often over share in the spirit of productivity and collaboration
• Labels are often applied inconsistently when done manually.
• Lack of auto-labeling capabilities, which are only available with E5 licensing.
• Rinse and repeat all bullets above thousands of times a day, when new data arrives.  

Many teams then need a faster, more actionable path to reduce overexposure beyond what Purview can help with - especially when Copilot adoption accelerates.

Enter Zscaler Copilot Readiness Wizard 

The Zscaler Copilot Readiness Wizard is built to help security and IT teams quickly understand whether Copilot could surface sensitive information—and to reduce that risk with targeted, scalable remediation.

It focuses on the practical realities of Copilot exposure:

• Sensitive data living in widely accessible locations
• Sharing links that got created and forgotten
• Large collaborator sets that ballooned over time
• Inconsistent labeling (or no labeling) across high-risk content

Most importantly, it’s designed to help you move from “insight” to “action” quickly—because the window between Copilot enablement and exposure discovery is often uncomfortably short.

Putting Copilot Readiness on Steroids

Here’s how the Zscaler Copilot Readiness Wizard can take traditional Purview approaches to the next level in order to help you control oversharing faster and smarter. 

Get Actionable Exposure Visibility

Instead of simply “you have exposure,” you want to know how exposure happens.  You can see:

• See Public/anonymous links
• See Internal/org-wide links
• Understand overly broad collaborator access (and how broad)

This granularity matters, because it changes the remediation strategy. A public link problem is different from a “1000+ collaborators” problem.

Understand Richer Context

Richer context for what’s overexposed provides valuable insights so security teams can prioritize what matters:

• Where sensitive info is overexposed
• Which content contains privacy identifiers?
• Where risk is concentrated so you can reduce it quickly

Deliver File-level remediation

With the ability to enable File-level remediation, you get better control over a small subset of high-value files. If remediation is only practical at the SharePoint site level, you can end up overcorrecting and disrupting business collaboration.  

File-level action lets you be precise:  Fix the risky files without breaking the entire site’s workflows.

Comparing Zscaler to Native Copilot Controls

So how does Zscaler's Copilot Readiness Wizard stack up to M365 native capabilities?  The table below spells it out.
 

It’s important to note that Microsoft's Auto-labeling functionality comes at the E5 licensing level, where Zscaler’s approach can help you this achieve this key value-add functionality with only an E3 license.  
 

Bringing it all together

Copilot can be transformational—but only if your data permissions and protections are ready for a world where anyone can ask, “Show me everything about X.” 

The Zscaler Copilot Readiness Wizard helps you quickly assess where Copilot could unintentionally surface sensitive information and gives you practical, file-level remediation paths to reduce risk without slowing the business down.

If you're ready to learn more about Zscaler, jump on over to our solution website, or schedule a demo to chat with us!