If you’ve ever thought, “We’ve got permissions under control,” you’re not alone. Most IT teams assume their data is safe because access is “managed” by SharePoint. When Microsoft Copilot and SharePoint Agents entered the mix, that illusion started to crumble.
As Michal Pisarek and David Francoeur explained in Unseen, Unsecured Part 3: Agents, AI, and the HiddenDangers of Broken Permissions, the issue isn’t that Copilot creates new access. It’s that it surfaces everything users already have access to, including forgotten links, misaligned permissions, and years of inheritance sprawl.
“Copilot isn’t breaking governance. It’s showing you how broken it already is.” -Michal Pisarek
🎥 Watch the webinar: Michal Pisarek and David Francoeur walk through real-world Microsoft 365 permission drift and how Copilot can expose hidden gaps.
Microsoft 365 permissions are like trying to untangle Christmas lights — messy, layered, and somehow always more complicated than you remember.
You’ve got:
When everything’s properly aligned, it works beautifully. But as David put it, “Once users start adding people directly to sites or folders, visibility disappears.”
When users add people directly to sites or folders, visibility drops. Out-of-the-box tools don’t provide a single view of where inheritance has drifted, so risks grow quietly until AI makes them obvious.
The webinar broke down six major “dangers” that can turn small mistakes into major governance headaches.
It’s quick. It’s easy. And it’s one of the biggest risks in M365.
Once shared, Anyone Links can be forwarded freely, giving anyone access, even outside your organization.
“That ‘Anyone’ link is super simple, and that’s why it’s dangerous,” said Pisarek. “You have to balance user experience with security, and that’s not easy.”
Why it matters: Forwardable to anyone, including outside your org.
Best practice: Disable “Anyone” links tenant-wide, or confine them to a clearly designated public site. Replace them with “People in your organization” links or “Specific people” links whenever possible.
When you share a file with an org-wide link, the recipient doesn’t get access until they click the link, a process called redemption. Without the click, the link exists but the user is not explicitly permissioned to the content.
During the webinar, we asked the attendees a simple question:
If I create an Organizational link, when does the user get access to that content?
Over half of respondents assumed access was immediate, while 44% knew about redemption. That subtle behavior leads to confusion and inconsistent Copilot results. Two people can search the same term and see different files, simply because one clicked the link and the other didn’t.
For example, look at these results from Copilot before and after the link has been redeemed by that user:
Before:
After:
Why it matters: Copilot reflects current, effective permissions. Redemption changes who actually has access in practice, which changes what Copilot can surface.
Sharing folders feels harmless… until it isn’t.
You might share a folder thinking, “It only contains one harmless document.” Months later, someone drags a batch of sensitive HR files into that same folder, unaware it’s already been shared company-wide.
What to do: Train users to share individual files for sensitive content. Run automated reporting to detect overexposed folders and remediate quickly before audits or incidents.
If governance had a “silent killer,” this would be it.
Broken inheritance happens when an item or folder stops inheriting permissions from its parent, often because someone clicked “Share” or “Copy Link” without realizing what that does behind the scenes. Even if you remove the link later, the unique permissions remain. Over time, these fragments build up until no one is sure who can see what.
One attendee put it plainly: “Broken permissions are the bane of my existence.”
“We’re not zealots about never breaking permissions. Sometimes you have to. But the more you do it, the harder it is to maintain control.” -Michal Pisarek
Consequence: Unique permissions accumulate until no one is sure who can see what.
A major surprise for many attendees:
That means a simple button press can unknowingly fracture permissions across multiple layers of your SharePoint structure, making it even more difficult to remediate.
If you didn’t know this, you’re not alone -- only 13% of webinar participants got this right. Chat reactions captured the mood: “That’s dumb,” “OMG,” “I’m having a panic attack now,” and “Too many ways to share content. An admin’s nightmare.”
As Francoeur admitted, “Even we were shocked when we tested this. It’s the kind of thing no one would expect, and it’s incredibly easy to do.”
Why it matters: A single button can fracture inheritance at the library level, multiplying cleanup efforts.
If you remove someone’s direct access to a file, you might assume that this act also revokes their access via one or more links. It doesn’t.
Why? Because link-based access and direct permissions live in separate systems. Removing one doesn’t remove the other, so old links can continue to work long after direct permissions are removed.
“None of this is intuitive. It’s way too technical for normal users to understand, and that’s what makes it so dangerous.” -Michal Pisarek
SharePoint agents roles and permissions
Every SharePoint site now includes a default SharePoint Agent trained on that site’s content. Site owners can create additional agents scoped to specific libraries or documents.
Here’s the catch:
Even if an agent is approved by a site owner, any member of that site can edit the agent, thereby completely reconfiguring its data sources and instructions for all users.
Even well-intentioned users could unknowingly reconfigure an agent to access data it shouldn’t. Users of an Agent (even the Owner) might have no idea that the scope and logic used by the agent have changed, potentially leading to misleading answers or exposure.
Plus, embedded knowledge persists. When Copilot Agents pull from files uploaded into the agent’s own container, revoking access to the agent doesn’t remove access to the embedded content. The files stay visible, even to users who should’ve lost access.
Copilot doesn’t cause data leaks; it reveals them.
Its magic lies in surfacing content users already have access to. But when that access is broader than you thought, Copilot suddenly starts showing documents, messages, or sites that no one realized were open.
That’s the heart of the problem: AI is forcing organizations to finally confront years of permission sprawl that used to be invisible.
In other words: AI isn’t breaking your governance, it’s revealing how broken it already is.
SharePoint Advanced Management (SAM) and Data Access Governance (DAG) reports are steps in the right direction, but real limits remain:
If you’re managing hundreds or thousands of workspaces, that’s not governance. It’s guesswork.
Orchestry fills the visibility and action gap by combining deep reporting, analytics, and remediation across Microsoft 365 without elevated permissions or manual audits.
You don’t need to overhaul your environment overnight. Start by tightening the basics:
These controls help ensure Copilot and Agents only surface the right content to the right people.
You can’t prepare for AI adoption without preparing your governance. When permissions are clean, Copilot and Agents become a productivity multiplier. When they’re not, they act as a mirror, showing exactly where your risks live.
See how Orchestry helps organizations restore control and prepare for AI-driven collaboration. Start a 28-day trial to uncover hidden risks in your tenant.