🔥 3-day streak
Microsoft Cybersecurity Architect Expert75 / 158
Question 75 of 158

A financial services company is deploying Microsoft 365 Copilot to boost employee productivity. During pre-deployment testing, the security architect discovers that Copilot can surface sensitive documents (containing PII and financial records) to users who technically have SharePoint access but should not view them, due to years of accumulated permission sprawl and broad sharing links. Leadership wants to proceed with deployment but demands that Copilot not become a vector for data oversharing. Following Microsoft Cybersecurity Reference Architecture (MCRA) guidance for secure AI adoption, which approach should the architect prioritize FIRST?

Reviewed for accuracy · Report an issueNext question