Skip to main content

Audience

IT, Security, and Operations administrators.

Goal

Launch a secure and governed Copilot Enterprise workspace that scales without creating policy debt.

5 steps to Copilot rollout

  1. Assess readiness: Check your organisation’s data, security, and compliance to prepare for Copilot.
  2. Assign Copilot licenses: Purchase and assign Copilot licences to eligible users.
  3. Validate app and network requirements: Ensure Microsoft 365 apps are updated and network settings support Copilot.
  4. Configure security and compliance: Set up sensitivity labels, DLP, auditing, and eDiscovery to protect data.
  5. Communicate policies and train users: Share AI guidelines, acceptable use policies, and provide training to all users.

Assess readiness

Run Copilot readiness report

How to do it:
  • Go to Microsoft 365 Admin Centre.
  • Navigate to Reports > Usage > Microsoft 365 Copilot.
  • Open the “Readiness” tab.
  • First, review which users, apps, and environments are ready for Copilot.
  • Then, review app and network compatibility for all users.
  • Note any issues or ineligible users for follow-up.
Reference: Copilot Readiness Report Guide Why: Ensures you quickly identify any technical blockers and only deploy Copilot where it will work, avoiding wasted effort and rollout failures.
Run the report weekly during rollout to catch new issues early and keep deployment on track.

Review data locations and permissions

How to do it:
  • Go to SharePoint Admin Centre and OneDrive Admin Centre.
  • Run sharing and permissions reports.
  • Identify overshared or sensitive content.
  • Restrict access to sensitive data and archive outdated files.
  • Document changes and confirm only appropriate users have access.
Reference: Microsoft SharePoint Advanced Management Why: Prevents accidental data leaks and ensures only the right people can access sensitive business information.

Check security and compliance controls

How to do it:
  • Go to Microsoft Purview Compliance Portal.
  • Review which sensitivity labels are currently applied to confidential data.
  • Check if Data Loss Prevention (DLP) policies are already active and working.
  • Verify that auditing and eDiscovery features are enabled.
  • Assess existing compliance policies to identify gaps before Copilot deployment.
Why: Identifies security and compliance gaps that could expose your organisation to regulatory breaches during Copilot use.
If compliance or security gaps are found, stop rollout immediately. Use Microsoft Purview to identify issues, remediate with IT/security team, and recheck before proceeding.
Reference: Microsoft 365 Copilot Privacy & Security

Assign Copilot licenses

Confirm licensing eligibility

Where to go:
  • Microsoft 365 Admin Centre → Billing → Your products
Actions:
  • Check your current subscription (E3, E5, Business Standard, etc.).
  • Confirm your plan is eligible for Copilot add-on.
  • Reference: Copilot Licensing Guide
Why: Only eligible plans can add Copilot licences, preventing wasted purchases and rollout delays.

Purchase Copilot licenses

Where to go:
  • Microsoft 365 Admin Centre → Billing → Purchase services
Actions: Why: You need to buy Copilot licences before you can assign them to users.
Purchase a few extra licences for testing and onboarding to avoid delays if user numbers change unexpectedly.

Assign licenses to users or groups

Where to go:
  • Microsoft 365 Admin Centre → Users → Active users
Actions:
  • Select the users or groups you want to assign Copilot licences to.
  • Click “Manage product licences.”
  • On the Licences and apps tab, check “Copilot for Microsoft 365.”
  • Save changes and verify licence assignment.
  • Reference: Assign a Copilot for Microsoft 365 license
Why: Assigning licences enables Copilot features for selected users, controlling access and compliance.

Validate app and network requirements

Check Microsoft 365 app versions

Where to go:
  • Microsoft 365 Admin Centre → Health → Software updates
Actions:
  • Ensure Word, Excel, PowerPoint, Outlook, and Teams are updated to the latest versions.
  • Reference: Copilot App Requirements
Why: Latest app versions are required for Copilot features to work reliably.
Schedule regular app updates to avoid compatibility issues and ensure all users have access to new Copilot features.

Confirm network and privacy settings

Where to go:
  • Microsoft 365 Admin Centre → Settings → Org settings → Services
Actions:
  • Verify network connectivity to Microsoft 365 endpoints.
  • Ensure privacy settings allow Copilot features.
  • Reference: Copilot Network Requirements
Why: Proper network and privacy settings ensure Copilot can access necessary data and services.

Configure security and compliance

Apply sensitivity labels and Data Loss Prevention (DLP)

Where to go:
  • Microsoft Purview Compliance Portal → Information protection → Labels & DLP
Actions: Why: Protects sensitive information and ensures only authorised users can access or share confidential data.

Enable auditing and eDiscovery

Where to go:
  • Microsoft Purview Compliance Portal → Solutions → Audit & eDiscovery
Actions: Why: Tracks user actions and supports investigations, legal requests, and compliance audits.

Review and update compliance policies

Where to go:
  • Microsoft Purview Compliance Portal → Policies → Compliance management
Actions: Why: Ensures Copilot usage aligns with legal, regulatory, and organisational standards.

Communicate policies and train users

Share AI guidelines and acceptable use policies

Where to go:
  • SharePoint, Viva, or Teams
Actions: Why: Ensures users understand how to use Copilot responsibly and securely.

All resources

Assess readiness

Assign Copilot licenses

Validate app and network requirements

Configure security and compliance

Communicate policies and train users

FAQ: Most commonly asked questions

Check if your subscription is eligible and you have enough licences. Only certain plans support Copilot. If not on an eligible plan, contact IT or procurement to upgrade your subscription before proceeding.
Make sure their Microsoft 365 apps are updated and they have the correct licence assigned.
Check app version, deployment settings, and network connectivity. Update apps if needed. If apps are old or internet blocks Microsoft, update Office to the newest version and allow Microsoft sites in your network settings.
Apply sensitivity labels and DLP policies in Microsoft Purview Compliance Portal before rollout.
Review and restrict permissions in SharePoint and OneDrive. Use sensitivity labels and access controls.
Enable audit logging and eDiscovery in Purview. Run usage and readiness reports regularly.
Contact IT or procurement to upgrade your plan before assigning Copilot licences.
Share guidelines and acceptable use policies via Teams, SharePoint, or email. Keep messages clear and simple. If users resist training, start with a small pilot group to show real productivity benefits.
Accidental data leaks from overshared files or incorrect permissions. Always review data access before rollout.
First check if labels are applied in the right order because priority matters. Then review policy settings in Microsoft Purview to fix conflicts. If you’re still unsure, ask your compliance officer for help before continuing rollout.
Reach out to your IT admin or Microsoft support if you encounter issues you can’t resolve.