The Copilot conversation usually starts the same way. The owner heard about it from a peer at a Tesla supplier dinner. The office manager saw it pop up in their Outlook ribbon. Somebody on the executive team came back from a conference and asked why we don’t have it yet.
The right answer, almost always, is: “We can turn it on, and we should — but not this afternoon. There are four things to clean up first, and one license decision to make. After that it works the way it’s supposed to work.”
This is what those four things and the one license decision actually look like.
What Copilot actually does (and what it doesn’t)
Microsoft Copilot for Microsoft 365 is an AI assistant built into Word, Excel, PowerPoint, Outlook, and Teams. It can summarize a meeting, draft an email, pull numbers out of a spreadsheet, and write a first-draft proposal. It is genuinely useful, especially for the kinds of writing-and-summarizing tasks a small business does all day.
The part that needs to be understood up front: Copilot doesn’t make up its answers from the open internet. It reads what’s already in your Microsoft 365 tenant. Your SharePoint files. Your OneDrive. Your Teams chat history. Your shared mailboxes. Your calendar. Then it answers using that content.
That’s the feature. That’s also the problem. If your tenant is messy, Copilot is going to be messy in interesting and embarrassing ways.
Cleanup #1: SharePoint sprawl
Most small businesses we audit have somewhere between five and forty SharePoint sites that nobody is sure what’s in. The legal team made one in 2022 for a deal that closed. HR made one for the company picnic. Somebody made one for a project that got cancelled. The site is still there. The files are still there. The permissions are probably still set to “everyone in the company.”
Copilot can read all of it. So if an employee asks Copilot a perfectly normal question — “summarize what we paid for the [vendor] contract last year” — and the answer to that question is sitting in a SharePoint folder that was supposed to be private, Copilot is going to find it and tell them.
The cleanup is unglamorous. Audit the SharePoint sites. Archive the dead ones. Lock the sensitive ones to the people who actually need them. Confirm that “shared with everyone” is the exception, not the default. This usually takes a few days for a 25-person business, and it’s the single biggest predictor of whether Copilot is going to be useful or scary.
Cleanup #2: Documents that aren’t sorted into “current” and “old”
The other oversharing pattern is files inside a single shared drive that nobody has cleaned out in years. The 2019 employee handbook is in there next to the 2026 one. The old pricing sheet is next to the new one. The contract template that the lawyer told you to stop using is still sitting in the templates folder.
Copilot reads them all and weights them by how recent they are, but “recent” doesn’t mean “correct.” If the only difference between the right document and the wrong one is the year in the filename, Copilot will get it wrong roughly half the time.
The fix is a one-day cleanup pass: an “Archive” folder, a “Current” folder, and a habit of moving things over when they get replaced. Whoever does the cleanup will probably find a few things they’re glad they found.
Cleanup #3: Permissions that haven’t been reviewed since the team grew
A 25-person business that was 12 people two years ago almost always has stale permissions. The old controller still has access to the financial folder. The salesperson who left in 2024 might still be in a Teams group. The intern from last summer is somehow still a member of the marketing site.
Copilot inherits all of those permissions. Sometimes that’s fine. Sometimes the bookkeeper asks Copilot a payroll question and Copilot helpfully cites a file the bookkeeper isn’t actually supposed to see, because Copilot can see it on the bookkeeper’s behalf and didn’t think to check whether they should.
A permissions review is a half-day project. Walk the org chart. Confirm each person’s access matches what they actually do today, not what they did three jobs ago. Remove the alumni. Lock down the high-sensitivity folders to a named list, not “company-wide.”
Cleanup #4: A short policy on what Copilot is allowed to write
Copilot will draft an email, but it doesn’t know the tone you use with your largest customer. It will summarize a meeting, but it doesn’t know which parts were confidential. It will write a proposal, but it doesn’t know what your pricing actually is — it might use a stale number.
A one-page Copilot policy fixes most of this. “Copilot drafts get reviewed before they go out. Don’t paste sensitive client information into a Copilot prompt unless the document is already in your tenant. Don’t use Copilot for legal advice.” The policy isn’t there to slow people down. It’s there so that when Copilot makes a mistake — and it will, occasionally — there’s a written agreement about whose job it is to catch it.
The license decision
Microsoft Copilot for Microsoft 365 is currently $30 per user per month, on top of your existing Microsoft 365 license. That’s real money for a 25-person company. Before you license everyone, the question is: who actually benefits?
In our experience the early winners are the people who write a lot, the people who run a lot of meetings, and the people who work in spreadsheets all day. The owner. The salespeople. The bookkeeper. The operations manager. The receptionist who lives in Outlook does not need it. The warehouse team does not need it.
We usually recommend a pilot of five to eight licenses for ninety days, with a quick check-in at the end to see who’s actually using it. Then license up from there. The math almost always works in your favor if you target the licenses correctly. It almost never works if you turn it on for everyone on day one.
What “good” looks like
The Reno businesses we’ve helped roll out Copilot well had the same pattern. Cleanup happened first. Pilot happened second. The owner learned what Copilot was actually good for in their specific business — sometimes meeting summaries, sometimes proposal drafts, sometimes a weekly numbers digest — and then licensed up from there. Six months in, the team isn’t talking about Copilot anymore. It’s just there, doing the boring writing tasks that used to take an hour.
The Reno businesses that turned Copilot on for everyone the day it shipped are usually the same ones that turned it off three months later because somebody got an answer they shouldn’t have.
What we do about it
We do Copilot readiness assessments as part of our Microsoft 365 work. Two to three days of cleanup, a written policy, a license-and-pilot recommendation. After that the rollout is boring, which is the goal. If your team has been asking about Copilot and you’re not sure whether you’re ready, the assessment is the right first step.
Get a Free Assessment — we’ll review your Microsoft 365 tenant and tell you whether Copilot is ready to be useful in your specific business, or what would need to be cleaned up first.
Call (775) 772-6134 — Reno-local IT team. We’ve helped enough offices in the Tesla-supplier corridor roll out Copilot to know what works.