Know what Copilot will actually see before you turn it on.

A two-week, fixed-fee audit of your Microsoft 365 tenancy against the reality of an LLM with search permissions. Ends with a clear go / no-go and a fix list.

Book a readiness review Back to AI Consultancy

01/ What's involved

Four domains, two weeks.

A serious Copilot readiness review covers four things. We work through them in parallel, with a go / no-go recommendation and a remediation plan at the end.

Domain · 01

Microsoft 365 adoption

Who's actually using what — SharePoint, Teams, OneDrive, Copilot licences already provisioned — and where Copilot earns its keep fastest. Departmental prioritisation so the rollout lands with the teams that benefit, not the ones that shout loudest.

Domain · 02

Security posture

Identity, MFA coverage, Conditional Access, privileged roles, tenant hardening. Plus an adversarial prompt-test against a controlled instance — what a curious employee could actually extract today, not in theory.

Domain · 03

Technical readiness

Licensing, tenancy prerequisites, search index health and language-model settings. The mechanical checks that stop a deployment stalling on something avoidable in week two.

Domain · 04

Data governance

Sensitivity labels, DLP, retention, oversharing and "anyone with link" sprawl. Sample classification review to confirm the label taxonomy actually matches the content in flight.

Plus a written go / no-go recommendation — deploy now, deploy with mitigations, or hold — sized for your exec team to make a call, not a briefing to schedule another workshop.

02/ What you get

Deliverables, not just a verbal readout.

01
Risk register with severity
Every finding scored by likelihood and impact, with a named owner and a suggested remediation path.
02
Prioritised remediation roadmap
What to fix in week one, what to fix before rollout, and what can be addressed as ongoing hygiene.
03
Exec-level readout
A short, board-ready deck translating the technical findings into business risk and investment asks.
04
Technical evidence pack
The raw scan output, permission maps and screenshots — so your IT team can act without re-discovering the work.

03/ Typical findings

What we usually surface.

No tenancy is clean. The question is whether the mess is the kind Copilot will quietly amplify.

Sensitive HR and finance folders shared "org-wide" from years ago.
Board papers in a SharePoint site with inherited guest access.
"Anyone with the link" sharing set as the tenant default.
Standing Global Admin rights on a dozen accounts that don't need them.
OneDrives of former employees still licensed and indexed.
Contract libraries with lawyer commentary that shouldn't be summarised.

/ Backed by

Delivered by M-Tech Labs with the compliance and security discipline of M-Tech Systems — Cyber Essentials certified, aligned to NCSC CAF 4.0 and progressing through the Assurix trustmark programme.

Back to AI Consultancy

/ Start a conversation

Book a Copilot readiness review.

Two weeks, fixed fee, clear answers. If you're within a month of flipping the switch, this is the pre-flight check.

Book a readiness review Ask a scoping question

Know what Copilot will actually see before you turn it on.

Four domains, two weeks.

Microsoft 365 adoption

Security posture

Technical readiness

Data governance

Deliverables, not just a verbal readout.

Risk register with severity

Prioritised remediation roadmap

Exec-level readout

Technical evidence pack

What we usually surface.

Book a Copilot readiness review.