Oversharing hangover?

Microsoft 365 Copilot Personal Content Mode, finally a Copilot button for your oversharing hangover!

You want to roll out Microsoft 365 Copilot, but your content governance is still somewhere between “we really should fix that one day” and “why is this SharePoint site shared with Everyone including the janitor”.

Personal Content Mode, PCM if you want to sound fancy, is the new safety net that lets you move ahead with Copilot while you are still untangling years of oversharing.

In short, PCM tells Copilot, “stick to what this person clearly touches in their day job” instead of “please crawl everything they technically have access to and hope for the best”.

When PCM is enabled for a user, Copilot still uses Microsoft Graph, but the scope is narrowed to their actual working set, including things like

• Their own OneDrive files
• Files from SharePoint sites they actually visit frequently
• Files that were shared directly with them
• Files they have viewed, edited or created recently

If a user has access to a SharePoint site only because someone shared it broadly with Everyone, and they have never opened it, Copilot will not magically drag that site into the conversation.

Unlike Restricted SharePoint Search, PCM does not rely on allow lists and it does not break SharePoint search for users. People can still use normal search and custom search apps. Copilot in PCM simply reasons over a smaller, more realistic slice of their world.

Is this as good as fixing your data estate properly, no, obviously not. Is it better than pretending the oversharing problem does not exist while you roll out Copilot everywhere, absolutely.

Where Personal Content Mode actually lives

PCM at the moment is wired to the service plan called “Microsoft Copilot with Graph grounded chat” inside the Microsoft 365 Copilot licence.

That service plan is what allows Copilot Chat to roam across the full Microsoft Graph for that user, files, emails, chats, meetings, the lot.

• When the service plan is enabled, Copilot can reason over the user’s full Graph scope
• When you clear this service plan, Copilot switches to the Personal Content Mode style scope described above

So the trick is not a new portal, it is how you configure that specific service plan for your Copilot users.

When PCM makes sense

Personal Content Mode is not a substitute for proper data governance!!

You still need to

• Fix “Everyone” and “Company wide” sharing where it never should have existed
• Lock down obvious crown jewels, finance, HR, board, M&A, health data and so on
• Get serious about Purview labels, DLP and basic access hygiene

PCM is the move you use when

• You want to start a Copilot pilot now, not in three years
• You have identified some obvious high risk areas and can shut those out quickly
• You are honest enough to admit that your tenant is still messy, and you prefer Copilot to look at a smaller slice while you clean up

It buys you time, it reduces exposure, and it removes one of the favourite excuses, “we cannot even think about Copilot until every SharePoint site is perfect”.

Before you flip the switch, a tiny bit of prep

If you are “not completely there yet” in terms of compliance, but you at least know where some of the sensitive content lives, do a very quick hygiene pass before you start toggling PCM.

1. Make a short list of the most vulnerable sites.
   Finance, HR, payroll, board packs, clinical or case management systems, anything that would ruin somebody’s week if it leaked.
2. Remove ridiculous sharing.
   On those sites, get rid of “Everyone”, “Everyone except external users” and random mail enabled security groups that no one owns any more.
3. Consider hiding specific sites from global search.
   For very sensitive areas, use SharePoint’s “search and offline availability” controls or Restricted Content Discoverability so those sites do not show up in Microsoft Search and Copilot at all, except for people who go into the site consciously.
4. Check Copilot licensing.
   Make sure your pilot users actually have Microsoft 365 Copilot licences assigned, otherwise PCM is just an interesting thought experiment.

Once you have done that minimum, you are ready to use PCM as part of your “safe enough to start” Copilot rollout.

Step by step – how to enable Personal Content Mode in the admin centre

Step 1 – pick your pilot users

1. Decide which users you want to place in Personal Content Mode
   Start with a small pilot group, for example IT, a friendly business unit, or a security aware team who can give decent feedback.
2. Confirm they have a Microsoft 365 Copilot licence
   In the Microsoft 365 admin centre, go to Users, then Active users, open one of the users and look at the Licences and apps tab. Check that “Microsoft 365 Copilot” is assigned.

Step 2 – open the right licence settings

For each pilot user you want in PCM

1. Go to the Microsoft 365 admin centre
2. Go to Users, then Active users
   • NB: If you have licensing via Groups, you have to click on the license group and then you will get the same choices – keep in mind that if you change anything here, it will be that way for all the users in that group…
3. Select the user
4. Choose Licences and apps
5. Find the Microsoft 365 Copilot product in the list and expand it to show the individual service plans

You should now see several service plans under that product, including entries like

• Microsoft 365 Copilot in productivity apps
• Microsoft 365 Copilot in Microsoft Teams
• Microsoft 365 Copilot for SharePoint
• Intelligent Search
• Microsoft Copilot with Graph grounded chat

The last one is the one we care about.

Step 3 – switch the user into Personal Content Mode

1. Locate the service plan called “Microsoft Copilot with Graph grounded chat”
2. Clear the check box for that service plan
3. Leave the other Copilot service plans enabled
4. Save your changes

Results

• The user still has Microsoft 365 Copilot across Word, Excel, PowerPoint, Outlook and Teams
• Copilot Chat still exists for them, but it now behaves according to the Personal Content Mode rules, grounded in their personal content footprint instead of the full Graph scope

Give it a few minutes, then ask the user to:

1. Open the Microsoft 365 Copilot app or Copilot Chat in Teams.
2. Ask Copilot to search for something they know sits only on a broadly shared site they have never touched.
3. Verify that Copilot no longer happily drags in content from that “Everyone” site just because the ACLs are loose.

If it does, double check that you have cleared the correct service plan and that the change has actually applied.

How agents behave under PCM

Agents respect Personal Content Mode. Users in PCM cannot suddenly bypass the restriction by creating an agent that grounds on a random site or file that lies outside the PCM scope. If Copilot cannot see the content under PCM, their agents cannot either.

That means you can start experimenting with Copilot Studio and Microsoft 365 agents for these users without handing them a magic tunnel into legacy overshared sites.

What this does not fix

Just to be clear, and I will repeat my self until I turn blue:

• PCM does not fix bad permissions, it only limits what Copilot can reason over.
• PCM does not replace Restricted Content Discoverability or site level search controls, you still need to use those for truly sensitive locations.
• PCM does not magically label or classify anything, you still need Purview labels, DLP and proper lifecycle management.

What PCM does give you is a realistic path to “start Copilot now, clean up as you go” without pretending everything is perfect.

And yes, I am very much hoping this becomes a proper cloud policy we can apply to security groups, instead of click therapy on individual users.

For now, this is your oversharing governance feature, use it to get Copilot into the hands of your users sooner, safely enough, while you keep doing the grown up work on the content side.