That was my exact reaction—except with more coffee spit-takes—when I realized Microsoft Copilot was happily serving up content from a SharePoint site that was supposed to be more “top secret” than my Netflix password. Sensitive project docs, internal notes—basically, everything I wouldn’t want to see in a company meme, all technically available because users had access. And if users can see it, so can Copilot. (Plot twist: the AI is always watching.)

My first move? Permission panic! I dove into SharePoint like a bouncer at a VIP lounge, yanking access, checking badges, and making sure only the chosen few could peek behind the velvet rope. It worked… but it felt like using a sledgehammer to swat a fly.

Then I discovered Restricted Content Discovery (a part of the SharePoint Advanced Management). One magical toggle in the SharePoint Admin Center, and—abracadabra!—the site vanished from Microsoft Search and Copilot’s radar, but stayed visible to the folks who actually needed it. No mass permission surgery required. Clean, precise, and no need for a hard hat.

So, if you’re wrangling sensitive SharePoint content, take a peek at what Copilot can see. You might be in for a surprise—and now you know how to keep your secrets safe from our friendly neighborhood AI assistant.

More information can be found here: https://learn.microsoft.com/en-us/sharepoint/restricted-content-discovery