Simon 2.0: Copilot Admin Setup Guide

Step-by-step configuration guide for enabling Microsoft 365 Copilot semantic search on Jim Mullan's SharePoint folders. This document covers everything needed for initial setup and can be referenced throughout the pilot.

Prepared: March 2026 Admin: Derrick Bertrand Support: Matt Cooper, Volta Effect
← Back to Projects

Setup Steps

1 Pre-Flight Checklist 2 Verify Indexing 3 Assign Copilot License 4 Privacy & Org Settings 5 Access Scoping 6 External Access 7 PII Scanning 8 Verify It Works
i

Context

Southwest has 16 Microsoft 365 Copilot licenses. These include built-in semantic search capabilities that are not yet configured. This guide walks through enabling Copilot search for a pilot with Jim Mullan's Construction & Development team.

Pilot Scope

ItemDetail
Pilot userJim Mullan (VP Construction & Development)
SharePoint areasDevelopment, Properties/RE, Construction
Copilot featuresSharePoint search, Outlook summarization, Copilot Chat
Testing period3-4 weeks (Jim tests 30 min, 2-3x/week)
GoalProve semantic search works on existing content, then expand to other departments

For the full project scope including success criteria, risks, and rollout plan, see the POC Scope Document.

1

Pre-Flight Checklist

~5 min

Confirm these before starting configuration:

License Tier

Check Southwest's base M365 license tier. This determines which features are available out of the box.

M365 Admin Center Billing Your products

If tier is...What's included
E5Everything: Copilot, Purview DLP, auto-labeling, content explorer. Full PII scanning available.
E3Copilot works fully. Basic DLP included. Advanced PII scanning (auto-labeling, Copilot DLP) requires Purview add-on.
Business PremiumCopilot works. DLP coverage is more limited. Purview features require upgrade.

Copilot License Pool

Confirm which of the 16 Copilot licenses are currently assigned and which are available.

M365 Admin Center Billing Licenses Microsoft 365 Copilot

Jim's SharePoint Access

Confirm Jim currently has read access to the three pilot folders in SharePoint. Copilot inherits SharePoint permissions, so if Jim can access these folders today, Copilot will be able to search them.

2

Verify SharePoint Indexing

~5 min
SharePoint indexing is automatic. Content in SharePoint Online is crawled and semantically indexed every ~4 hours. There is no switch to turn on. If documents exist in SharePoint, they are being indexed. This step is about confirming that indexing is healthy, not enabling it.

Check the Crawl Log

SharePoint Admin Center More features Search Crawl Log

Filter by the site URL(s) containing Jim's folders and check for errors:

  • Green = successfully crawled and indexed
  • Red = errors (usually permissions or corrupted files)
  • Missing = site may not be crawled yet

If everything is green, move on. If there are errors, the most common causes are permission issues with the crawl service account or unsupported file types.

Force a Recrawl (if needed)

If content seems out of date or a library isn't appearing in the crawl log:

  1. Navigate to the specific document library in SharePoint
  2. Open Library Settings Advanced Settings Reindex Document Library
  3. Content will be picked up in the next crawl cycle (within ~4 hours)
How the semantic index works On top of the regular keyword index, Microsoft automatically creates vector representations of document content. This is what lets Copilot understand meaning. A search for "assisted living agreements" will find documents mentioning "long-term care contracts" even without those exact words. This happens automatically with no configuration.

File Type Support

FormatSupportNotes
.docx, .xlsx, .pptxFullModern Office formats, fully indexed
.pdfFullText-based PDFs indexed; scanned PDFs need OCR
.doc, .xls, .pptLimitedLegacy binary formats, partial support
Images, videoNoneContent not searchable by Copilot

If Jim's folders contain many legacy .doc/.xls files, Copilot may not fully index them. Converting to modern formats would improve results, but this is not a blocker for the pilot.

3

Assign Copilot License to Jim

~2 min

M365 Admin Center Users Active Users Jim Mullan Licenses and apps

  1. Find Jim Mullan's user account
  2. Under "Licenses," check if Microsoft 365 Copilot is assigned
  3. If not, assign it from the available pool
  4. Save changes
Takes effect within a few hours. Once assigned, Jim will see Copilot features in Teams (chat), Word/Excel/PowerPoint (summarize, draft), Outlook (email summarization and search), and Microsoft 365 Copilot Chat (cross-app search).
4

Privacy & Org Settings

~5 min

These org-level settings can silently block Copilot from working. Check them before Jim starts testing.

"Connected experiences that analyze content" must be ON. This is the #1 cause of "Copilot isn't working" reports. If this privacy control is turned off, Copilot will not function in Word, Excel, Outlook, or PowerPoint, even with a valid license assigned.

Where to check

M365 Admin Center Settings Org settings Services Privacy

Confirm "Connected experiences that analyze content" is enabled. If it was previously turned off for privacy reasons, it needs to be re-enabled for Copilot to function.

Copilot-Specific Settings

M365 Admin Center Copilot Settings

Review the settings tabs:

  • User access: Confirm Copilot Chat is enabled for licensed users
  • Data access: Web search can be on or off depending on preference. For the pilot, having it on gives Jim richer results.
  • Copilot actions: Review any plugin restrictions if applicable

Outlook Copilot

Jim wants Copilot in Outlook for email summarization and search. This should be enabled automatically with the Copilot license, but verify under Copilot Settings that Outlook is not excluded.

Once enabled, Jim opens Outlook, clicks the Copilot icon in the ribbon, and can:

  • Summarize long email threads
  • Search across his inbox with natural language
  • Draft replies based on thread context
5

Access Scoping

~5 min
Copilot respects SharePoint permissions. There is no separate "Copilot permissions" layer. Copilot will only surface content the signed-in user already has permission to access. If Jim can access the Development, Properties/RE, and Construction folders today, Copilot will search them. No extra configuration is needed for the pilot.

For the Pilot

If Jim's existing SharePoint permissions are correct, no scoping changes are needed. This is the fastest path to getting Jim testing.

Restricting Other Sites (Optional, Future)

If there's a concern about Copilot surfacing content from other departments that Jim has access to but shouldn't see via Copilot, there are two options to apply later:

Recommended Restricted Content Discovery

Hides specific sites from Copilot search results, while users can still access them directly in SharePoint.

SharePoint Admin Sites Active Sites [site] Settings

Toggle "Restrict content from Microsoft 365 Copilot" ON for each sensitive site. Note: propagation can take up to a week for large sites.

Allowlist Model Restricted SharePoint Search

Only sites on an explicit allowlist appear in Copilot results. Everything else is excluded. More aggressive, best for environments with significant oversharing concerns.

Set-SPOTenantRestrictedSearchMode -Mode Enabled Add-SPOTenantRestrictedSearchAllowedList -SiteUrl "https://southwest.sharepoint.com/sites/Development"
Recommendation: Don't restrict anything for the pilot. Let Jim test with his natural access. If oversharing concerns emerge during testing, apply Restricted Content Discovery to specific sensitive sites at that point.
6

External Access (Volta Effect)

~15 min

Matt Cooper at Volta Effect needs read-only access to Jim's three SharePoint areas for discovery analysis. Two options, depending on what level of access is appropriate:

Programmatic App Registration (Entra ID)

Best for automated/API access. Scoped to specific sites only. Microsoft's recommended approach for third-party integrations.

Simple Guest Account

Add matt@voltaeffect.com as a Guest User in Entra ID with read access to the 3 sites. Simpler setup, browser-based access. Good enough for the pilot.

Option A: App Registration

Microsoft Entra Admin Center Entra ID App Registrations New Registration

  1. Name: "Volta AI Lab - SharePoint Discovery"
  2. Account type: "Accounts in this organizational directory only"
  3. Redirect URI: Leave blank
  4. Click Register. Note the Application (client) ID and Directory (tenant) ID.
  5. Under Certificates & secrets, create a client secret and securely share it with Matt.

Grant Scoped Permissions

  1. In the app registration, go to API Permissions › Add a permission › Microsoft Graph
  2. Select Application permissions (not delegated)
  3. Add: Sites.Selected
  4. Click Grant admin consent
Why Sites.Selected instead of Sites.ReadWrite.All? Sites.Selected means the app has zero access by default. You then grant access to each specific site individually. The app can never access any site you haven't explicitly approved. You retain full control and can revoke at any time.

Grant Access to Specific Sites

Run these PowerShell commands to grant read-only access to each of Jim's sites:

# Connect to Microsoft Graph Connect-MgGraph -Scopes "Sites.FullControl.All" # Set up the app identity (use the client ID from the registration) $App = @{ id = "<app-client-id>"; displayName = "Volta AI Lab" } # Grant read-only access to each site New-MgSitePermission -SiteId "<development-site-id>" -Roles "read" -GrantedToIdentities @{ application = $App } New-MgSitePermission -SiteId "<properties-site-id>" -Roles "read" -GrantedToIdentities @{ application = $App } New-MgSitePermission -SiteId "<construction-site-id>" -Roles "read" -GrantedToIdentities @{ application = $App }

Share the Application (client) ID, Tenant ID, and client secret with Matt securely (not via email). Once configured, Matt will confirm access is working.

Option B: Guest Account

  1. Entra Admin Center Users Invite external user
  2. Enter: matt@voltaeffect.com
  3. After the invitation is accepted, add Matt as a Visitor to the 3 SharePoint sites
  4. Matt can then browse and search through the SharePoint web interface
7

PII Scanning (Future Phase)

Reference

This is not needed for the pilot, but is included as reference for when the team is ready to address PII scanning alongside the SharePoint cleanup initiative.

What's Available by License

FeatureE3E5Add-on
Manual sensitivity labelsYesYes-
Auto-labeling (client-side)YesYes-
Auto-labeling (service-side)NoYesPurview Info Protection
DLP policies (basic)YesYes-
DLP for Copilot specificallyNoYesPurview DLP
Content explorerNoYesPurview

SIN Number Detection (When Ready)

Microsoft Purview Data Loss Prevention Policies Create Policy

  1. Choose Custom template
  2. Select SharePoint sites as the location to protect
  3. Add condition: Content contains › Sensitive info types › Canada Social Insurance Number
  4. Set action to Report only (no blocking, just surfaces what's there)
  5. Run for 2-4 weeks to understand the scope before considering enforcement
How this connects to the cleanup initiative Starting with report-only mode gives the cleanup team data on where PII actually exists. This helps prioritize which folders need attention first. Enforcement (blocking access or preventing Copilot from referencing PII documents) can be turned on once the cleanup is further along.

Preventing Copilot from Surfacing PII (Future)

Once DLP policies are in place, a separate policy can specifically prevent Copilot from processing documents that match PII patterns:

  • Create a DLP policy scoped to "Microsoft 365 Copilot and Copilot Chat"
  • Action: "Prevent Copilot from processing content"
  • Result: even if a user has access to a document containing a SIN number, Copilot won't reference it in responses
8

Verify It Works

~10 min

After completing steps 1-4, run these tests to confirm Copilot is working for Jim.

Test 1: Copilot Chat

Have Jim open Microsoft 365 Copilot Chat (microsoft365.com/chat or the Copilot app in Teams) and try:

"Find documents related to Shannix agreements in SharePoint"
  • Pass Copilot returns results from Jim's SharePoint folders with file references
  • Fail Returns only web results or nothing. Check: license assignment, privacy settings, crawl log errors.

Test 2: Copilot in Outlook

Jim opens Outlook, selects a long email thread, and clicks the Copilot icon to summarize it.

  • Pass Copilot generates a summary of the thread
  • Fail Copilot icon is missing or grayed out. Check: "Connected experiences that analyze content" privacy setting.

Test 3: Permission Boundaries

Ask Copilot about content from a site Jim should not have access to (e.g., HR files). Copilot should not return results from restricted areas.

  • Pass No results from restricted sites
  • Fail Content from restricted sites appears. Review SharePoint permissions on those sites.

Troubleshooting

SymptomLikely CauseFix
Copilot icon missing in appsLicense not assigned or not propagated yetVerify license in Admin Center. Wait a few hours.
Copilot returns only web results"Connected experiences" privacy setting is offEnable in Org Settings › Privacy
SharePoint content not foundCrawl errors or content not yet indexedCheck crawl log. Force reindex on the library.
Old/outdated resultsCrawl hasn't picked up recent changesReindex the library. Wait ~4 hours.
Legacy .doc files not searchableLimited support for binary Office formatsConvert to .docx if critical. Not a pilot blocker.

Quick Reference: Admin Portal Paths

TaskPath
Check license tierM365 Admin › Billing › Your products
Assign Copilot licenseM365 Admin › Users › Active Users › [user] › Licenses
Check crawl statusSharePoint Admin › More features › Search › Crawl Log
Force recrawlSharePoint › Library Settings › Advanced › Reindex
Copilot settingsM365 Admin › Copilot › Settings
Privacy controlsM365 Admin › Settings › Org settings › Services › Privacy
Restrict site from CopilotSharePoint Admin › Sites › Active Sites › [site] › Settings
App registrationEntra Admin › Entra ID › App Registrations
Guest user inviteEntra Admin › Users › Invite external user
DLP policiesPurview › Data Loss Prevention › Policies
Sensitivity labelsPurview › Information Protection › Labels
Audit Copilot usagePurview › Audit › Search (filter: CopilotInteraction)
?

Support

If you hit any roadblocks or have questions during setup, reach out to Matt Cooper at Volta Effect:

  • Email: matt@voltaeffect.com
  • Phone: 902.880.6288

Matt is available to screen-share and walk through any configuration step if needed.

Prepared March 2026 by Volta AI Productivity Lab