Skip to content

Control 2.5: Data Minimization and Grounding Scope

Control ID: 2.5 Pillar: Security & Protection Regulatory Reference: GLBA 501(b), Data Minimization Principles Last Verified: 2026-02-17 Governance Levels: Baseline / Recommended / Regulated

Objective

Control and limit the scope of data that Microsoft 365 Copilot can access for grounding responses. By implementing Restricted SharePoint Search, site-level exclusions, and data access governance in Microsoft Purview, organizations can enforce the principle of least privilege for AI interactions — restricting Copilot to only the data sources appropriate for each user group. This control helps prevent oversharing amplification, where Copilot surfaces content that users have technical permissions to access but should not practically encounter in AI-generated responses.

Why This Matters for FSI

  • GLBA 501(b) requires that safeguards be reasonably designed to protect customer information — limiting the data Copilot can access reduces the surface area for potential customer information exposure
  • Data minimization principles (embedded in GLBA, state privacy laws, and prudential guidance) require that data processing be limited to what is necessary for the stated purpose — Copilot should only access data relevant to the user's legitimate business needs
  • FFIEC IT Examination Handbook expects access controls that follow least privilege — Copilot's default behavior of searching all content a user can access may exceed least-privilege standards
  • OCC 2011-12 (Model Risk Management) expects controls over model inputs — limiting grounding scope controls what data feeds into Copilot's AI model for response generation
  • SEC Reg S-P requires protection of customer nonpublic personal information (NPI) — restricting Copilot's grounding scope helps prevent NPI from appearing in AI-generated responses outside its intended context

Control Description

Microsoft 365 Copilot grounds its responses by searching content across the Microsoft 365 tenant using the Microsoft Graph. By default, Copilot can access any content the authenticated user has permission to view. For financial institutions, this default scope is often too broad.

Grounding Scope Control Mechanisms

Mechanism Description Scope Control
Restricted SharePoint Search (RSS) Limits Copilot to a curated list of approved SharePoint sites Org-wide: Copilot can only ground from allowed sites
Site-Level Exclusion Excludes specific SharePoint sites from Copilot search Targeted: Remove sensitive sites from Copilot grounding
Data Access Governance (Purview) Visibility into overshared sites and recommendations Monitoring: Identify and remediate oversharing
SharePoint Advanced Management (SAM) Restrict access to sites, data access governance reports Management: Control site-level permissions at scale
Microsoft Graph Permissions User-level graph permissions that Copilot inherits Foundation: Copilot can only access what user can access

Restricted SharePoint Search (RSS)

RSS is the primary mechanism for controlling Copilot's grounding scope:

Mode Behavior Use Case
Disabled (Default) Copilot searches all SharePoint sites the user can access Not recommended for FSI without other controls
Enabled — Allow List Copilot can ONLY search sites on the approved list Recommended for initial rollout — start with curated, clean sites
Transitioning to Disabled After data hygiene is validated, gradually expand access Target state after Pillar 1 readiness is confirmed

RSS Configuration Flow

Admin enables RSS
  Define Allowed Sites
  (curated, clean list)
  ┌─────────────────────────┐
  │  Copilot Grounding      │
  │                         │
  │  ✓ Allowed Site A       │
  │  ✓ Allowed Site B       │
  │  ✓ Allowed Site C       │
  │  ✗ All Other Sites      │
  └─────────────────────────┘
  Monitor via Data Access
  Governance reports
  Gradually expand allowed
  sites as hygiene improves

Data Access Governance Reports

Microsoft Purview Data Access Governance provides reports that identify:

Report Description FSI Action
Overshared sites Sites with broad permissions (e.g., "Everyone except external users") Remediate before adding to RSS allow list
Inactive sites Sites with no recent activity but active permissions Archive or remove from Copilot scope
Sensitivity-labeled sites Sites containing labeled content by classification Verify label accuracy before Copilot access
External sharing sites Sites shared with external guests Exclude from Copilot grounding or restrict
Sites with overshared files Individual files with broad access File-level remediation

Site Exclusion Strategy for FSI

Site Category Default Action Justification
Executive/Board sites Exclude Board materials too sensitive for general Copilot access
HR/Compensation sites Exclude Employee PII and compensation data
Legal/Litigation hold sites Exclude Privileged information
Compliance/Regulatory sites Exclude SAR, examination correspondence
M&A deal rooms Exclude MNPI and deal-specific information
Archived client sites Exclude Stale permissions, historical data
Departmental collaboration Include (curated) Standard business content after hygiene review
Project sites (active) Include (curated) Active work product after permission review
Intranet/communication sites Include Generally safe, broadly shared by design

Copilot Surface Coverage

M365 Application RSS Applies Site Exclusion Data Access Governance Notes
Microsoft 365 Copilot Chat Yes Yes Yes Primary grounding scope concern
Word Partial Yes Yes Grounding from SharePoint/OneDrive
Excel Partial Yes Yes Data analysis from linked files
PowerPoint Partial Yes Yes Content suggestions from SharePoint
Outlook No No Limited Email grounding uses Exchange, not SharePoint
Teams Partial Yes Yes Teams-linked SharePoint sites
OneNote Partial Yes Yes Notebook sites in SharePoint
Loop Partial Yes Yes Loop workspaces in SharePoint
Copilot Pages Yes Yes Yes Pages grounding follows RSS
SharePoint (Agents) Yes Yes Yes Agent scope limited by RSS and site access

Governance Levels

Level Requirement Rationale
Baseline Enable Restricted SharePoint Search with initial allow list of 10-50 curated sites; exclude executive, HR, legal, and compliance sites from Copilot grounding; run Data Access Governance reports monthly Reduces grounding scope to known-clean sites — safest approach for initial Copilot deployment
Recommended Expand RSS allow list based on Data Access Governance results; implement site-level exclusions for sensitive categories; use SharePoint Advanced Management for at-scale permission reviews; quarterly grounding scope reviews; document site inclusion/exclusion rationale Balanced approach that expands Copilot utility while maintaining data boundary controls
Regulated RSS allow list managed through formal change control process; every site addition requires data hygiene certification; real-time monitoring of grounding scope changes; integration with DSPM for AI to track sensitive data access patterns; annual grounding scope audit by compliance Maximum control over data access — suitable for firms with highest regulatory scrutiny

Setup & Configuration

Portal: Microsoft 365 Admin Center > Settings > Search & intelligence > Restricted SharePoint Search

  1. Toggle "Restrict SharePoint Search" to On
  2. This immediately limits Copilot's SharePoint grounding to only explicitly allowed sites
  3. Note: This setting applies org-wide — plan communication to users before enabling

Step 2: Build the Allowed Site List

# Connect to SharePoint Online
Connect-SPOService -Url "https://contoso-admin.sharepoint.com"

# Add sites to the RSS allowed list
Add-SPOTenantRestrictedSearchAllowedList -SiteUrl "https://contoso.sharepoint.com/sites/Department-A"
Add-SPOTenantRestrictedSearchAllowedList -SiteUrl "https://contoso.sharepoint.com/sites/Project-B"

# View current allowed list
Get-SPOTenantRestrictedSearchAllowedList

# Remove a site from the allowed list
Remove-SPOTenantRestrictedSearchAllowedList -SiteUrl "https://contoso.sharepoint.com/sites/OldSite"

Step 3: Configure Site-Level Exclusions

For sites that should never be accessible to Copilot, regardless of RSS status:

# Exclude a specific site from search (and therefore Copilot grounding)
Set-SPOSite -Identity "https://contoso.sharepoint.com/sites/LegalHold" `
  -DenyAddAndCustomizePages $true

# Use site-level settings to restrict Copilot
Set-SPOSite -Identity "https://contoso.sharepoint.com/sites/BoardMaterials" `
  -RestrictedAccessControl $true

Step 4: Run Data Access Governance Reports

Portal: Microsoft Purview > Data Access Governance > Reports

  1. Generate "Sites shared with Everyone except external users" report
  2. Generate "Overshared files" report
  3. Review results and remediate before adding sites to RSS allow list
  4. Schedule monthly report generation

Step 5: Monitor and Expand

  1. Review Copilot usage analytics to identify user requests that hit RSS boundaries
  2. Evaluate requested sites for data hygiene readiness
  3. Add sites to allow list through documented change control process
  4. Track expansion progress against target state

Financial Sector Considerations

  • Oversharing Amplification Risk: Financial firms often have years of SharePoint content with broad permissions established before data classification programs were mature. Copilot amplifies this risk by actively surfacing content users did not know they could access. RSS is the primary mitigation.
  • M&A Deal Room Protection: Deal rooms must never be included in RSS allow lists. Even if information barriers are in place, the principle of defense in depth requires site-level exclusion as a secondary control.
  • Regulatory Correspondence Sites: Sites containing examination correspondence, regulatory filings, and supervisory letters should be excluded from Copilot grounding to prevent inadvertent disclosure through AI-generated responses.
  • Client Data Repositories: Sites containing client account information, portfolio data, and transaction records require careful permission review before inclusion in Copilot's grounding scope. Stale permissions from departed employees or reorganized teams are common in financial firms.
  • Gradual Expansion Strategy: FSI firms should start with RSS enabled and a narrow allow list (critical collaboration sites only), then expand methodically as data hygiene improves. Most firms require 3-6 months to clean SharePoint permissions sufficiently for broad Copilot grounding.
  • SAM Licensing: SharePoint Advanced Management (SAM) provides the most comprehensive data access governance reports but requires additional licensing. For Regulated-level implementations, SAM is strongly recommended.
  • Documentation for Examiners: Maintain a log of RSS allow list changes (date, site added/removed, approver, hygiene certification status). This demonstrates proactive data governance to regulators examining AI deployment practices.

Verification Criteria

  1. RSS Status: Confirm Restricted SharePoint Search is enabled in the M365 Admin Center
  2. Allow List Accuracy: Verify the RSS allow list contains only sites that have passed data hygiene review
  3. Exclusion Enforcement: Query Copilot Chat for content known to exist on an excluded site — confirm no results are returned from that site
  4. Allow List Enforcement: Query Copilot Chat for content on an allowed site — confirm results are returned normally
  5. Data Access Governance Reports: Confirm monthly reports are generated and reviewed, with remediation actions tracked
  6. Sensitive Site Exclusion: Verify that executive, HR, legal, compliance, and M&A sites are excluded from Copilot grounding
  7. Change Control Process: Confirm a documented change control process exists for RSS allow list modifications
  8. User Communication: Verify that users understand Copilot's data access scope and any limitations imposed by RSS
  9. Permission Hygiene: Run the "Overshared sites" report and confirm that no sites on the RSS allow list appear as overshared
  10. Expansion Tracking: Confirm a documented plan exists for expanding the RSS allow list over time, with milestones and hygiene criteria

Additional Resources