One year of Copilot projects

A Year of Copilot: Insights and Lessons Learned

This year has been very interesting with several Copilot projects, and I have been lucky to attend a whole lot of them!
In addition I had the opportunity to talk about it too, on both the MVPdays and Copilot on Tour with Microsoft.
I thought I would try to put my sessions into a post and try to summarize the key points on what I have seen the last year and how I have addressed them.

The gist of it

We’ve seen organizations dive into a new era of data management and automation, and with Microsoft 365 and Copilot in the mix, many companies have improved their processes. But guess what? It’s also brought some hidden challenges to light…

We have noticed some organizations embracing change, while others are dealing with “old debts” like security gaps, sensitive information leakage and access management issues. These challenges have been a bit of a wake-up call, showing just how crucial it is to keep evaluating and improving info security practices.

I will list a few of the key findings we have from our Copilot projects, and what they usually stem from. Off course, it might be different within your organization, but this is something we see a lot of. I also try to address what we can do to improve the points made here.

Absent leadership

Absent leadership is like a ship without a captain. When leaders are missing, either physically or in their influence, it can cause a lot of issues for the organization.

First, without clear guidance, employees can get confused about their roles and what’s expected of them, which lowers productivity and morale.

Second, decision-making can slow down or stop altogether, missing opportunities and reacting instead of planning ahead.

Third, accountability drops. Without someone to uphold standards, work quality can suffer, and employees might not put in their best effort.

Lastly, the organization’s culture can take a hit. Leaders help shape values and norms, and their absence can lead to a fragmented culture and a lack of team cohesion.

In short, having strong, engaged leaders is crucial for guiding teams and ensuring success. This include taking leadership in all organizational changes and own the process.

Technological challenges

One of the biggest challenges is the “lift and shift” approach, where organizations move existing systems to the cloud without optimizing them for the new environment.
Like moving file shares into SharePoint and Teams. Getting users to delete irrelevant information is task no one wants to start and getting a leader to say that we will only move information from the last 2 years are like asking them to fly off a bridge, they just don’t want to take that sort of unpopular decision.
This can lead to inefficiencies and really poor data quality.

If the data being fed into Copilot isn’t clean or well-organized, the insights generated can be flawed.

Strict and overly controlling regulations can also stifle flexibility, making it harder to implement new systems smoothly. A lot of organizations have very strict rules on what is not allowed to do, but they forget the tell the users on what and how they can achieve certain tasks.

Proper data governance is essential to ensure that data is managed and used effectively, but many organizations struggle with this aspect. Both the tasks of deleting old and irrelevant information and the task of keeping important information, are key to achieving good data quality and governance. Labeling documents and make sure that you have a understanding of your data is key.

Then there’s the lack of training. For Microsoft 365 Copilot to be effective, employees need to understand how to use the new tools and features. Without proper training, adoption rates can be low, and the benefits of the system can be underutilized.

Rapid growth within an organization can also strain existing resources and infrastructure, leading to performance issues and potential system overloads.

Technical debt, or the burden of outdated systems that require constant maintenance and patching, can also be a significant obstacle. These old systems can hinder the integration and functionality of new technologies like Copilot.
Additionally, silos of data within an organization can prevent seamless integration and communication between departments, limiting the overall effectiveness of the system.

Overall, while Microsoft 365 Copilot offers fantastic capabilities, addressing these technological challenges is crucial to fully realizing its potential and ensuring a smooth and successful implementation.

A few points on how to get Copilot ready-ish

Understanding the Tools: It is essential to have a deep understanding of the new tools and technologies that are being used. Employee education and training are key to unlocking their full potential.
With the use of Microsoft Learn and a good user adoption plan, we can make sure that all users have access to and get proper training.
Make surveys, ask people what they know and don’t know, take the time to figure out where you are at.

Identifying Security Holes: Early identification and addressing security holes is crucial. This requires regular audits and updates of security systems. Use Microsoft Purview and Compliance Manager to get started! Here you get a fairly good list of activities you need to do to be as compliant as you can get. Add an assessment template such as GDPR or NIST to help you map the required controls to your Microsoft365 environment.

Access management: A robust access management strategy is critical. This means ensuring that the right person has access to the right information at the right time.
We see this over and over again, users without MFA, conditional access rules that make no sense, users keeping access rights to everything even though they move departments. Permanent admin rights. Have a look at PT’s posts, there are tons of good articles on how to manage this in a better and more effective way.

Continuous Improvement: Information security is not a one-time measure, but a continuous process. It requires constant assessment and adaptation to new threats, and to keep up with new features and tools.

Let’s give a few moments to consider the assumptions both IT and the leadership might have.
“Everyone is using Teams” – “All employees know our guidelines” – “We’ve used Teams since the pandemic, there is no need for more training”

Assumptions is the mother of all fuck-ups.

When I look at the usage within M365, and particularly Teams, it’s very easy to see that no, not all users use Teams as intended by Microsoft. And clearly, the guidelines provided within a not-so-user-friendly system is not possible to search for or understand.. And who had time for training when the pandemic hit??

Sometimes we need to take a step back and look at what we have, and how to make it functional.

Make a good plan on how to assess and work with Compliance.

To secure ourselves against future challenges, we need to build a culture of safety within the organization. This involves creating awareness, anchoring good security practices, and investing in technology that can help us keep up with the ever-changing digital landscape.

Copilot has shown us that the future is here, and it’s automated. But with great power comes great responsibility, and it is up to each individual organization to ensure that they navigate this new world with care and care. By learning from this year’s experiences, we can ensure a safer and more efficient workplace for everyone.