Free Copilot Governance Assessment

Free readiness check before deploying M365 Copilot – tailored for Australia and New Zealand

Microsoft 365 Copilot is powerful – but it surfaces whatever your users can access. If oversharing, missing sensitivity labels, or weak access controls exist before deployment, Copilot will amplify them. This assessment checks the critical controls that Microsoft and security practitioners recommend before go‑live.

New Zealand context: References the Privacy Act 2020 and NZISM. Without proper data classification and access reviews, Copilot could expose personal information, triggering mandatory breach notification.

Australian context: Aligned with the Privacy Act 1988 (Cth)Notifiable Data Breaches (NDB) scheme, and Essential Eight access control requirements. Copilot’s access to sensitive data must be governed to avoid reportable breaches.

This free self‑assessment takes about 5 minutes. You’ll receive a “Not Ready / Needs Work / Likely Ready” result, a list of missing critical controls, and a prioritised action plan – no obligation.

 Already using Microsoft 365? Start with our M365 Secure Score Review to check your tenant’s overall security posture. For broader AI governance, see our AI Readiness Assessment.

  • Data classification check

    Sensitivity labels deployed, DLP policies active, auto‑labelling configured, label coverage reviewed.

  • Access controls audit

    Permissions reviews, least privilege applied, external sharing restricted, guest access governed.

  • Tenant configuration review

    Staged rollout, audit logging enabled, app consent restricted, SharePoint search evaluation.

  • User readiness check

    Acceptable use policy, Copilot training, prompting guidelines.

  • Critical control gaps

    Clear identification of missing prerequisites that Microsoft requires before Copilot deployment.

  • Priority action plan

    Ranked list of missing controls with effort estimates (Quick Win / Medium / Project).