Microsoft 365 Broken Permissions: How Copilot Exposes Access

If you’ve ever thought, “We’ve got permissions under control,” you’re not alone. Most IT teams assume their data is safe because access is “managed” by SharePoint. When Microsoft Copilot and SharePoint Agents entered the mix, that illusion started to crumble.

As Michal Pisarek and David Francoeur explained in Unseen, Unsecured Part 3: Agents, AI, and the HiddenDangers of Broken Permissions, the issue isn’t that Copilot creates new access. It’s that it surfaces everything users already have access to, including forgotten links, misaligned permissions, and years of inheritance sprawl.

“Copilot isn’t breaking governance. It’s showing you how broken it already is.” -Michal Pisarek

🎥 Watch the webinar: Michal Pisarek and David Francoeur walk through real-world Microsoft 365 permission drift and how Copilot can expose hidden gaps.

Key takeaways

• Copilot and SharePoint Agents don’t create new access. They surface existing access, including drift from sharing links and broken inheritance.
• Redemption matters. Org-wide links grant access only when the user clicks the link, which explains inconsistent Copilot results across users.
• Share vs Copy Link behave differently. Share breaks inheritance on the item. Copy Link can also fracture inheritance at the library level.  
• Direct permissions ≠ link permissions. Removing direct access does not disable old sharing links.
• Any site member can edit an approved agent, and embedded knowledge can remain visible after agent access is revoked.
• SAM/DAG reports are valuable tools, but they have limits. Snapshot and trend views, slow cadences, and thin item-level detail create governance gaps at scale. 
• Do now: disable Anyone links, set Existing access as default, enforce expirations, avoid breaking inheritance, and use Orchestry reporting to find and fix at scale. 

How Microsoft 365 permissions drift

Microsoft 365 permissions are like trying to untangle Christmas lights — messy, layered, and somehow always more complicated than you remember.

You’ve got:

• M365 Groups and Teams managing membership, 
• SharePoint sites and libraries inheriting (or breaking) those permissions, 
• and a dizzying mix of folders, files, and sharing links that can deviate from everything above them.

When everything’s properly aligned, it works beautifully. But as David put it, “Once users start adding people directly to sites or folders, visibility disappears.” 

When users add people directly to sites or folders, visibility drops. Out-of-the-box tools don’t provide a single view of where inheritance has drifted, so risks grow quietly until AI makes them obvious.

6 permission risks you need to fix

The webinar broke down six major “dangers” that can turn small mistakes into major governance headaches.

1: Anyone links expose files outside your organization

It’s quick. It’s easy. And it’s one of the biggest risks in M365. 

Once shared, Anyone Links can be forwarded freely, giving anyone access, even outside your organization. 

“That ‘Anyone’ link is super simple, and that’s why it’s dangerous,” said Pisarek. “You have to balance user experience with security, and that’s not easy.” 

Why it matters: Forwardable to anyone, including outside your org. 

Best practice: Disable “Anyone” links tenant-wide, or confine them to a clearly designated public site. Replace them with “People in your organization” links or “Specific people” links whenever possible.

2: Link redemption changes Copilot results and access

When you share a file with an org-wide link, the recipient doesn’t get access until they click the link, a process called redemption. Without the click, the link exists but the user is not explicitly permissioned to the content. 

During the webinar, we asked the attendees a simple question: 

If I create an Organizational link, when does the user get access to that content? 

Over half of respondents assumed access was immediate, while 44% knew about redemption. That subtle behavior leads to confusion and inconsistent Copilot results. Two people can search the same term and see different files, simply because one clicked the link and the other didn’t. 

For example, look at these results from Copilot before and after the link has been redeemed by that user: 

Before:

After:

Why it matters: Copilot reflects current, effective permissions. Redemption changes who actually has access in practice, which changes what Copilot can surface. 

3: Over-shared folders create accidental data exposure

Sharing folders feels harmless… until it isn’t. 

You might share a folder thinking, “It only contains one harmless document.” Months later, someone drags a batch of sensitive HR files into that same folder, unaware it’s already been shared company-wide. 

What to do: Train users to share individual files for sensitive content. Run automated reporting to detect overexposed folders and remediate quickly before audits or incidents.

4: Broken inheritance in SharePoint

If governance had a “silent killer,” this would be it. 

Broken inheritance happens when an item or folder stops inheriting permissions from its parent, often because someone clicked “Share” or “Copy Link” without realizing what that does behind the scenes. Even if you remove the link later, the unique permissions remain. Over time, these fragments build up until no one is sure who can see what. 

One attendee put it plainly: “Broken permissions are the bane of my existence.” 

“We’re not zealots about never breaking permissions. Sometimes you have to. But the more you do it, the harder it is to maintain control.” -Michal Pisarek

Consequence: Unique permissions accumulate until no one is sure who can see what.

5: Share vs. Copy Link are not the same

A major surprise for many attendees: 

• Share breaks inheritance on the item.
• Copy Link can break inheritance on the item and the library above it. 

That means a simple button press can unknowingly fracture permissions across multiple layers of your SharePoint structure, making it even more difficult to remediate. 

If you didn’t know this, you’re not alone -- only 13% of webinar participants got this right. Chat reactions captured the mood: “That’s dumb,” “OMG,” “I’m having a panic attack now,” and “Too many ways to share content. An admin’s nightmare.” 

 As Francoeur admitted, “Even we were shocked when we tested this. It’s the kind of thing no one would expect, and it’s incredibly easy to do.” 

Why it matters: A single button can fracture inheritance at the library level, multiplying cleanup efforts. 

6: Legacy sharing links persist after permissions are removed

If you remove someone’s direct access to a file, you might assume that this act also revokes their access via one or more links. It doesn’t. 

Why? Because link-based access and direct permissions live in separate systems. Removing one doesn’t remove the other, so old links can continue to work long after direct permissions are removed. 

“None of this is intuitive. It’s way too technical for normal users to understand, and that’s what makes it so dangerous.” -Michal Pisarek

SharePoint Agents and Copilot: How they impact data access

SharePoint agents roles and permissions

Every SharePoint site now includes a default SharePoint Agent trained on that site’s content. Site owners can create additional agents scoped to specific libraries or documents. 

Here’s the catch: 
Even if an agent is approved by a site owner, any member of that site can edit the agent, thereby completely reconfiguring its data sources and instructions for all users. 

Even well-intentioned users could unknowingly reconfigure an agent to access data it shouldn’t. Users of an Agent (even the Owner) might have no idea that the scope and logic used by the agent have changed, potentially leading to misleading answers or exposure.

Plus, embedded knowledge persists. When Copilot Agents pull from files uploaded into the agent’s own container, revoking access to the agent doesn’t remove access to the embedded content. The files stay visible, even to users who should’ve lost access.

How Copilot surfaces existing access (and uncovers governance gaps)

Copilot doesn’t cause data leaks; it reveals them. 

Its magic lies in surfacing content users already have access to. But when that access is broader than you thought, Copilot suddenly starts showing documents, messages, or sites that no one realized were open. 

That’s the heart of the problem: AI is forcing organizations to finally confront years of permission sprawl that used to be invisible. 

In other words: AI isn’t breaking your governance, it’s revealing how broken it already is. 

Limitations of Microsoft’s built-in tools

SharePoint Advanced Management (SAM) and Data Access Governance (DAG) reports are steps in the right direction, but real limits remain:  

• Snapshots or 28-day trends. Hard to diagnose granular issues or understand historic drift beyond the window.
• Monthly cadence on key reports. For example, Site permissions across your organization can only run every 30 days.
• Long initial runs. Reports can take up to 5 days to complete regardless of tenant size. 
• Trend counts without item-level details. Sharing Links reports may show counts by site, but you often need other means to identify the exact links. 
• Review loophole. Users can “complete” reviews without actually fixing anything. 

If you’re managing hundreds or thousands of workspaces, that’s not governance. It’s guesswork.

Orchestry reporting and remediation for broken permissions 

Orchestry fills the visibility and action gap by combining deep reporting, analytics, and remediation across Microsoft 365 without elevated permissions or manual audits.

• Sharing Links Reporting & Smart Actions: Detect and clean up risky “Anyone” or org-wide links at scale.
  
  
  
  
• Broken Inheritance Reporting: Identify every instance of unique permissions and restore alignment. 
  

• Workspace Review: Enable owners to audit access directly with guided prompts.
  
  
  
• Copilot Readiness Dashboard: Visualize which sites are safe for AI integration and which aren’t.
  

Best practices for sharing links and inheritance in Microsoft 365

You don’t need to overhaul your environment overnight. Start by tightening the basics: 

• Manage permissions at the highest possible level (Group → Site → Library). 
• Avoid breaking inheritance unless there’s a clear, documented need. 
• Disable “Anyone” links and set “Existing access” as the default link type. 
• Enable automatic link expiration for all sharing links. 
• Use Sensitivity Labels to control access at both container and document levels. 
• Restrict site sharing to owners only; members should only share individual files. 
• Prevent guest users from resharing items they don’t own. 

These controls help ensure Copilot and Agents only surface the right content to the right people. 

Governance is core to Copilot readiness

You can’t prepare for AI adoption without preparing your governance. When permissions are clean, Copilot and Agents become a productivity multiplier. When they’re not, they act as a mirror, showing exactly where your risks live. 

See how Orchestry helps organizations restore control and prepare for AI-driven collaboration. Start a 28-day trial to uncover hidden risks in your tenant.