Mismanaged permissions, oversharing, and broken inheritance in Microsoft 365 create hidden risks for security and AI adoption. Learn the top challenges and best practices to protect your organization before Copilot and AI tools magnify the problem.
In most organizations, Microsoft 365 is the backbone of collaboration. Teams share documents, spin up sites, and exchange knowledge every day. But here’s the catch: every click of “Copy Link” or “Share” could be quietly opening the door to sensitive data exposure.
What used to be a governance problem is now an AI risk. Tools like Microsoft Copilot can surface hidden content in seconds, turning small permission gaps into major security holes.
As Michal Pisarek, CEO of Orchestry, put it:
“Everyone’s permissions are in a massive mess. And in the world of AI, that mess no longer stays hidden.”
So, where are the cracks?
At first glance, permissions in Microsoft 365 seem straightforward. Admins manage access at the group level, expecting inheritance to take care of the rest. In reality, things rarely stay aligned.
Our Unseen, Unsecured – Part 2: Permissions, SharePoint, and the Path to Control for AI in Microsoft 365 webinar highlighted three key challenges:
The result? Owners often assume their content is locked down when, in reality, it’s far more exposed.
Perhaps the biggest eye-opener from the webinar was just how risky sharing links have become.
A quick “Copy Link” in SharePoint or OneDrive feels harmless, but it creates a durable access object that is different than traditional security and introduces an additional level of complexity.
Depending on the link type, this can mean:
Here’s the kicker: links also affect what AI can find. A file invisible to Copilot today can suddenly appear tomorrow if someone clicks a link. And folder links? Every file, present and future, comes along for the ride.
That's why “oversharing” has become a buzzword in the age of AI.
Broken inheritance, where a file or folder stops inheriting permissions from its parent, is another silent risk.
That's because creating a sharing link automatically breaks inheritance, and even if the link is deleted, the object remains in a “broken” state. Detecting and fixing broken inheritance at scale is nearly impossible with native tools.Now multiply that across thousands of documents, folders, and sites. The result? Permission sprawl so tangled that even your admins don’t really know who has access anymore.
AI agents make collaboration smarter, but permissions still rule.
As Orchestry’s David Francoeur warned:
“Even if you remove access to the agent, users still retain access to embedded content. It’s a governance nightmare.”
AI doesn’t create new risks. It magnifies existing ones.
Microsoft is aware of the problem. SharePoint Advanced Management (SAM) now includes data access governance reports that flag oversharing, sensitivity labels, and broad access groups.
But reports have limitations:
For large organizations, this is not enough to manage risk at scale.
To address these risks, here are five best practices:
These changes don’t fix everything, but they close the biggest holes before AI makes them impossible to ignore.
This is where Orchestry steps in. Instead of relying on fragmented reports and manual fixes, the platform offers:




Permissions in Microsoft 365 have always been messy. But with Copilot and AI tools now able to surface hidden content through natural queries, oversharing is no longer just an IT issue. It’s an organizational risk.
By combining best practices with tools like Orchestry, you can clean up permissions, rein in oversharing, and get truly Copilot-ready.
Ensure that your AI future isn’t undermined by unseen, unsecured data. Explore how Orchestry can help you identify oversharing, remediate risks, and get Copilot-ready with a 28-day managed evaluation trial.
👉 Book a demo or speak to an expert on our team to see Orchestry in action.
Get the latest & greatest insights on Microsoft 365, MS Teams, and SharePoint delivered directly to your inbox once a month.