Skip to content

Control 2.5: Data Minimization and Grounding Scope

Control ID: 2.5 Pillar: Security & Protection Regulatory Reference: GLBA §501(b), Data Minimization Principles Last Verified: 2026-05-25 Governance Levels: Baseline / Recommended / Regulated

Objective

Control and limit the scope of data that Microsoft 365 Copilot can access for grounding responses. By combining Restricted SharePoint Search (RSS), Restricted Content Discovery (RCD), Microsoft Purview, SharePoint Advanced Management (SAM), sensitivity labels, role-based access control (RBAC), and DLP, organizations can support least-privilege AI interactions. RSS and RCD are scope-limiting controls: they do not change user permissions, provide complete exclusion, or replace labels, RBAC, or DLP. This control helps reduce oversharing amplification, where Copilot surfaces content that users have technical permissions to access but should not practically encounter in AI-generated responses.

Why This Matters for FSI

  • GLBA §501(b) requires that safeguards be reasonably designed to protect customer information — limiting the data Copilot can access reduces the surface area for potential customer information exposure
  • Data minimization principles (embedded in GLBA, state privacy laws, and prudential guidance) require that data processing be limited to what is necessary for the stated purpose — Copilot should only access data relevant to the user's legitimate business needs
  • FFIEC IT Examination Handbook expects access controls that follow least privilege — Copilot's default behavior of searching all content a user can access may exceed least-privilege standards
  • SR 11-7 / OCC Bulletin 2011-12 (Model Risk Management) expects controls over model inputs — limiting grounding scope controls what data feeds into Copilot's AI model for response generation
  • SEC Reg S-P requires protection of customer nonpublic personal information (NPI) — restricting Copilot's grounding scope helps prevent NPI from appearing in AI-generated responses outside its intended context

Control Description

Microsoft 365 Copilot grounds its responses by searching content across the Microsoft 365 tenant using the Microsoft Graph. By default, Copilot can access any content the authenticated user has permission to view. For financial institutions, this default scope is often too broad.

Grounding Scope Control Mechanisms

Mechanism Description Scope Control
Restricted SharePoint Search (RSS) Short-term tenant-wide allow-list for SharePoint sites while permissions are reviewed Limits Copilot and SharePoint search primarily to up to 100 allowed sites; recently accessed or Teams/Outlook-shared sites can still appear
Restricted Content Discovery (RCD) Site-level setting for high-risk SharePoint sites Hides sites from tenant-wide discovery experiences such as SharePoint home, Office.com, Bing, Delve where applicable, and Copilot; direct access and owned or recently used files can still appear
Data Access Governance (Purview) Visibility into overshared sites and recommendations Monitoring: Identify and remediate oversharing
SharePoint Advanced Management (SAM) Restricted access controls, lifecycle management, and data access governance reports Management: Control site-level permissions at scale
Microsoft Graph Permissions User-level graph permissions that Copilot inherits Foundation: Copilot can only access what user can access

Restricted SharePoint Search (RSS)

RSS is a transitional tenant-wide scoping mechanism for Copilot onboarding while SharePoint permissions are audited. Microsoft positions RSS as a short-term approach that is not intended or scalable for long-term use, and it is not a security boundary.

Mode Behavior Use Case
Disabled (Default) Copilot can ground on SharePoint sites the user can access Use only after permissions, labels, DLP, and SAM controls are validated
Enabled — Allow List Copilot and SharePoint search are scoped primarily to allowed sites, but Microsoft notes recently accessed sites or sites shared via Teams/Outlook can still appear Temporary initial rollout — start with curated, clean sites while documenting exceptions
Transitioning to Disabled Gradually move from RSS to long-term Purview, SAM, RBAC, DLP, and sensitivity-label governance Target state after Pillar 1 readiness is confirmed

RSS Configuration Flow

Admin enables RSS
  Define Allowed Sites
  (curated, clean list; ≤100 sites)
  ┌──────────────────────────────────────────┐
  │  Copilot / SharePoint tenant search      │
  │                                          │
  │  ✓ Allowed Site A                        │
  │  ✓ Allowed Site B                        │
  │  ✓ Allowed Site C                        │
  │  ⚠ Non-allowed sites may still appear    │
  │    after recent access or Teams/Outlook  │
  │    sharing; direct SharePoint access     │
  │    is unchanged                          │
  └──────────────────────────────────────────┘
   Monitor via Data Access
   Governance reports
   Transition to Purview,
   SAM, labels, RBAC, and DLP

Data Access Governance Reports

SharePoint Advanced Management Data Access Governance provides reports that identify:

Report Description FSI Action
Overshared sites Sites with broad permissions (e.g., "Everyone except external users") Remediate before adding to RSS allow list
Inactive sites Sites with no recent activity but active permissions Archive or remove from Copilot scope
Sensitivity-labeled sites Sites containing labeled content by classification Verify label accuracy before Copilot access
External sharing sites Sites shared with external guests Exclude from Copilot grounding or restrict
Sites with overshared files Individual files with broad access File-level remediation

Site Exclusion Strategy for FSI

Site Category Default Action Justification
Executive/Board sites Exclude Board materials too sensitive for general Copilot access
HR/Compensation sites Exclude Employee PII and compensation data
Legal/Litigation hold sites Exclude Privileged information
Compliance/Regulatory sites Exclude SAR, examination correspondence
M&A deal rooms Exclude MNPI and deal-specific information
Archived client sites Exclude Stale permissions, historical data
Departmental collaboration Include (curated) Standard business content after hygiene review
Project sites (active) Include (curated) Active work product after permission review
Intranet/communication sites Include Generally safe, broadly shared by design

Copilot Surface Coverage

M365 Application RSS Applies Site Exclusion Data Access Governance Notes
Microsoft 365 Copilot Chat Yes Yes Yes Primary grounding scope concern
Word Partial Yes Yes Grounding from SharePoint/OneDrive
Excel Partial Yes Yes Data analysis from linked files
PowerPoint Partial Yes Yes Content suggestions from SharePoint
Outlook No No Limited Email grounding uses Exchange, not SharePoint
Teams Partial Yes Yes Teams-linked SharePoint sites
OneNote Partial Yes Yes Notebook sites in SharePoint
Loop Partial Yes Yes Loop workspaces in SharePoint
Copilot Pages Yes Yes Yes Pages grounding follows RSS
SharePoint (Agents) Yes Yes Yes Agent scope limited by RSS and site access

Governance Levels

Level Requirement Rationale
Baseline Use RSS as a temporary initial allow-list of 10-50 curated sites; apply RCD to executive, HR, legal, and compliance sites where tenant-wide discovery should be suppressed; run Data Access Governance reports monthly Reduces grounding scope during onboarding while documenting that direct access remains governed by permissions
Recommended Expand or retire RSS based on Data Access Governance results; implement RCD for sensitive site categories; use SharePoint Advanced Management for at-scale permission reviews; quarterly grounding scope reviews; document site inclusion, exclusion, and exception rationale Balanced approach that expands Copilot utility while moving toward durable data boundary controls
Regulated Manage RSS and RCD changes through formal change control; require data hygiene certification before adding sites to the allow-list; monitor grounding scope changes; integrate DSPM for AI to track sensitive data access patterns; conduct annual grounding scope audit by compliance Stronger governance for firms with highest regulatory scrutiny while long-term Purview, SAM, RBAC, label, and DLP controls mature

Setup & Configuration

Portal: SharePoint Admin Center > Settings > Search > Restricted SharePoint Search

  1. Toggle "Restrict SharePoint Search" to On
  2. This helps limit Copilot's SharePoint grounding to the allowed list, but does not change user permissions or provide complete exclusion
  3. Note: This setting applies org-wide — plan communication to users before enabling and document known exceptions for recently accessed or Teams/Outlook-shared sites

Step 2: Build the Allowed Site List

# Connect to SharePoint Online
Connect-SPOService -Url "https://contoso-admin.sharepoint.com"

# Verify and enable RSS mode
Get-SPOTenantRestrictedSearchMode
Set-SPOTenantRestrictedSearchMode -Mode Enabled

# Add sites to the RSS allowed list
Add-SPOTenantRestrictedSearchAllowedList -SitesList @("https://contoso.sharepoint.com/sites/Department-A")
Add-SPOTenantRestrictedSearchAllowedList -SitesList @("https://contoso.sharepoint.com/sites/Project-B")

# View current allowed list
Get-SPOTenantRestrictedSearchAllowedList

# Remove a site from the allowed list
Remove-SPOTenantRestrictedSearchAllowedList -SitesList @("https://contoso.sharepoint.com/sites/OldSite")

Step 3: Configure Site-Level Exclusions

For high-risk sites that should be hidden from tenant-wide discovery and Copilot grounding while direct SharePoint access remains governed by existing permissions:

# Restrict Content Discovery — hides site from org-wide search and Copilot grounding
Set-SPOSite -Identity "https://contoso.sharepoint.com/sites/LegalHold" `
  -RestrictContentOrgWideSearch $true

# Restricted Access Control — limits site access to explicit members only
Set-SPOSite -Identity "https://contoso.sharepoint.com/sites/BoardMaterials" `
  -RestrictedAccessControl $true

Step 4: Run Data Access Governance Reports

Portal: SharePoint Admin Center > Reports > Data access governance

  1. Generate "Sites shared with Everyone except external users" report
  2. Generate "Overshared files" report
  3. Review results and remediate before adding sites to RSS allow list
  4. Schedule monthly report generation

Step 5: Monitor and Expand

  1. Review Copilot usage analytics to identify user requests that hit RSS boundaries
  2. Evaluate requested sites for data hygiene readiness
  3. Add sites to allow list through documented change control process
  4. Track expansion progress against target state

Financial Sector Considerations

  • Oversharing Amplification Risk: Financial firms often have years of SharePoint content with broad permissions established before data classification programs were mature. Copilot can amplify this risk by surfacing content users did not know they could access. RSS is a short-term scope limiter while permissions, labels, DLP, and SAM controls mature.
  • M&A Deal Room Protection: Deal rooms should be kept out of RSS allow lists and evaluated for RCD where tenant-wide discovery should be suppressed. Information barriers, RBAC, sensitivity labels, and DLP remain the durable controls.
  • Regulatory Correspondence Sites: Sites containing examination correspondence, regulatory filings, and supervisory letters should be evaluated for RCD and permission remediation to reduce the chance of inadvertent disclosure through AI-generated responses.
  • Client Data Repositories: Sites containing client account information, portfolio data, and transaction records require careful permission review before inclusion in Copilot's grounding scope. Stale permissions from departed employees or reorganized teams are common in financial firms.
  • Gradual Expansion Strategy: FSI firms should start with a narrow RSS allow list (critical collaboration sites only), document RSS/RCD exceptions, and expand or retire RSS methodically as data hygiene improves. Most firms require 3-6 months to clean SharePoint permissions sufficiently for broader Copilot grounding.
  • SAM Licensing: SharePoint Advanced Management (SAM) provides data access governance reports, Restricted Access Control, and lifecycle management capabilities that support long-term governance. Organizations should verify licensing requirements for Regulated-level implementations.
  • Documentation for Examiners: Maintain a log of RSS allow-list and RCD changes (date, site added/removed, approver, hygiene certification status, and known RSS exceptions). This demonstrates proactive data governance to regulators examining AI deployment practices.

Verification Criteria

  1. RSS Status: Confirm Restricted SharePoint Search is enabled in the SharePoint Admin Center or that Get-SPOTenantRestrictedSearchMode returns Enabled
  2. Allow List Accuracy: Verify the RSS allow list contains only sites that have passed data hygiene review and remains within the 100-site limit
  3. RSS Exception Testing: Query Copilot Chat with test users who do not own, recently access, or receive Teams/Outlook shares for non-allowed sites; document any exceptions that still appear
  4. Allowed Site Testing: Query Copilot Chat for content on an allowed site and confirm results are returned normally for users with appropriate permissions
  5. RCD Status: Confirm high-risk sites have RestrictContentOrgWideSearch = True and validate tenant-wide search/Copilot discovery behavior after index latency
  6. Data Access Governance Reports: Confirm monthly reports are generated and reviewed, with remediation actions tracked
  7. Sensitive Site Review: Verify that executive, HR, legal, compliance, and M&A sites are either remediated, excluded from RSS allow lists, or covered by RCD with documented rationale
  8. Change Control Process: Confirm a documented change control process exists for RSS allow-list and RCD modifications
  9. User Communication: Verify that users understand Copilot's data access scope, RSS/RCD limitations, and the fact that direct SharePoint access is still governed by permissions
  10. Permission Hygiene: Run the "Overshared sites" report and confirm that no sites on the RSS allow list appear as overshared
  11. Transition Tracking: Confirm a documented plan exists for expanding or retiring the RSS allow list over time, with milestones and hygiene criteria

Additional Resources