AI doesn’t know what’s sensitive, unless you tell it

Randy Rouse at Quest Software explains how Microsoft 365 migrations can quietly break the governance that keeps AI in check

 

AI assistants like Microsoft Copilot are reshaping how organisations interact with content in Microsoft 365. They summarise documents, answer prompts, and surface files based on user access. But they don’t understand context, and that’s a growing risk.

 

If a file contains salary data, legal strategy, or confidential IP, Copilot won’t inherently recognise it as sensitive. It knows whether a user has access, but it doesn’t automatically understand whether that access should result in visibility. Copilot doesn’t ask, “Should I show this?” unless you’ve told it how to answer.

 

Those answers come from governance signals, like permissions, retention policies, and sensitivity labels. And during Microsoft 365 tenant migrations, those signals can quietly break. When that happens, AI starts operating with partial context, and that is when overexposure risks emerge.

 

Sensitivity labels are signals, not siloed protection 

In Microsoft 365, sensitivity labels don’t act in isolation. They are one part of a broader governance and protection framework that includes SharePoint permissions, RBAC, Purview policies, and DLP (Data Loss Prevention). But labels remain a key layer that adds contextual meaning and intent to content.   

 

They can help enforce:  

• Encryption and scoped access
• External sharing controls
• Header and watermark policies
• DLP and eDiscovery visibility
• Whether content is indexed or available to tools like Copilot  

They don’t override permissions, but they instruct the system on how sensitive data should behave, especially in automated workflows and AI summarisation. For instance, a document labelled “Confidential – Finance Only” might apply encryption, restrict external sharing, and exclude the file from Copilot suggestions outside the finance team.

 

Without that label, those protections might never activate. And because Copilot can summarise or suggest content a user technically has access to, that visibility can rapidly extend beyond what was originally intended.

 

Copilot follows the rules you’ve set, but it makes access more visible. That’s the real risk. Gaps that once went unnoticed can suddenly show up in an AI-generated summary.

 

The hidden threat in Microsoft 365 migrations 

Tenant-to-tenant migrations are common during M&A, divestitures, and restructures—typically focus on uptime, user access, and operational continuity. But governance signals, especially sensitivity labels, are often overlooked, and their absence is rarely noticed until it’s too late.

 

Here’s where exposure creeps in:

 

1. Label mismatches. Two tenants may use the same label names but with different rules. If they’re not reconciled, files can retain the name but lose the policy behind it.

 

2. Broken encryption. Labels that apply encryption often rely on tenant-specific keys. If those keys don’t transfer, content may become unreadable, or worse, readable without the proper control.

 

3. Metadata loss. Not all third-party migration tools handle label preservation or encryption consistently. Files may arrive unclassified or with incomplete protections.

 

4. Audit gaps. Sensitivity labels support audit logging and compliance monitoring. When labels are lost, so is the trail that tracks how sensitive content is handled.

 

These aren’t hypothetical problems. According to Gartner’s 2024 survey on Microsoft 365 Copilot, 52% of organisations cited security challenges, including data exposure, as a major factor slowing adoption. And yet, label validation rarely makes it into the core migration checklist.

 

What that looks like in practice 

Consider this: your company merges with another, and you migrate both Microsoft 365 tenants into a single environment. Everything looks stable: email, SharePoint, Teams all working.

 

Then someone in marketing types a prompt into Copilot: “Summarise recent financial planning documents.”

 

Copilot returns a summary that includes spreadsheets that were previously labelled “Highly Confidential – Finance Only.” But those labels didn’t survive the migration. And because access permissions were broadened, the marketing team now has technical access.

 

No breach. No malicious insider. Just an AI assistant surfacing information that was technically accessible, but contextually inappropriate. This isn’t an AI failure. It’s a governance breakdown.

 

Security determines who can access what. Governance determines what should happen, even if access exists. When governance signals are misaligned, AI tools like Copilot may increase the visibility of sensitive content in ways that were never intended.

 

Protecting sensitive content from silent AI exposure

To maintain governance integrity during and after migration, IT and security teams must take deliberate steps:

 

1. Audit sensitivity label usage. Before migration, identify which labels are in use, where encryption is applied, and how they map to compliance requirements. Focus on high-risk areas like HR, finance, and legal.

 

2. Map labels across tenants. Ensure that label names, behaviours, and encryption rules are aligned between source and destination environments.

 

3. Use available tooling, but don’t assume it’s enough. Microsoft provides tools to export/import label policies, automate classification, and audit label usage. But they require careful setup and don’t cover every scenario. Many organisations turn to specialised third-party platforms to support complex tenant migrations, but not all of them handle sensitivity labels or encryption consistently. That’s why manual testing and governance checks should be built into every migration plan.

 

4. Validate access post-migration. Confirm that protected documents remain accessible only to intended users. Check that labels, encryption, and AI exclusion rules remain intact.

 

5. Check what Copilot can surface. Run prompt tests using real user profiles across roles. If Copilot suggests sensitive files in unintended contexts, that’s a signal your migration broke something.

 

6. Reclassify and restore labels where needed. Some files will need manual review and relabelling. Treat this as a core part of the migration lifecycle, not a deferred admin task.

 

Copilot doesn’t break rules; it amplifies them

AI tools like Copilot don’t invent access. They expose what the system already allows, but in ways that are more visible, more accessible, and harder to control if governance signals are misaligned. When sensitivity labels disappear during migration, you lose more than metadata. You lose the context that defines responsible AI behaviour.

 

The result isn’t a dramatic breach. It’s quiet over-exposure, amplified at scale.

 

If your organisation is investing in AI, it must also invest in the governance that tells AI what not to do. Otherwise, Copilot won’t break the rules, but it might follow the wrong ones. 

 

---

 

Randy Rouse is Field CTO at Quest Software

 

Main image courtesy of iStockPhoto and The best photo for all