AI assistant — not human

The 12 critical gaps + Copilot Readiness Assessment ($25K) + 30-Day Copilot Readiness Accelerator ($35K).
Last updated July 7, 2026 by Errin O'Connor, Founder & Chief AI Architect, EPC Group
Twelve M365 tenant security gaps to fix before Copilot: (1) SharePoint permission drift, (2) OneDrive broad shares, (3) Teams private channel misconfig, (4) unrestricted guest access, (5) missing sensitivity labels, (6) missing DLP, (7) no Insider Risk, (8) ungoverned BYOAI, (9) legacy authentication, (10) Entra Conditional Access gaps, (11) no Defender for Cloud integration, (12) Purview Compliance Manager not mapped. EPC Group Copilot Readiness Assessment $25K/3wk identifies all 12; 30-Day Accelerator $35K remediates top 5; Full 16-week hardening $155K covers all 12.
Twelve critical gaps: (1) SharePoint permission drift — "Everyone except external users" over-shares. (2) OneDrive shared broadly — personal folders with company-wide access. (3) Teams private channel misconfiguration. (4) Guest access unrestricted — external users can query internal Copilot responses. (5) Sensitivity labels not deployed. (6) DLP policies missing across Exchange + SharePoint + OneDrive + Teams. (7) Insider Risk Management not configured. (8) BYOAI ungoverned. (9) Legacy authentication enabled. (10) Entra ID Conditional Access gaps. (11) Defender for Cloud not integrated. (12) Purview Compliance Manager not baseline-mapped.
Copilot inherits SharePoint permissions. If files live in SharePoint sites set to "Everyone except external users" or "Company-wide members can edit," Copilot will surface them to any employee who asks. EPC Group finds this permission pattern in 87% of enterprise M365 tenants. Common culprits: (1) Files uploaded to wrong sites during migration. (2) Sites created for "just this project" and never re-permissioned. (3) Legacy migrations from file shares where NTFS permissions were flattened. Copilot exposes years of accumulated permission drift in seconds.
EPC Group Copilot Readiness Assessment is a 3-week fixed-fee ($25K) engagement that: (1) Runs Graph API + PowerShell + Purview scans to identify all 12 security gaps. (2) Quantifies exposure risk (# of over-permissioned sites, # of broadly-shared OneDrives, # of DLP-missing policies). (3) Prioritizes remediation by impact + effort. (4) Delivers a written report + remediation roadmap + fixed-fee proposal for Foundation Deployment. Roughly 60-80% of enterprises assessed have severe permission drift; 100% have at least 3 of the 12 gaps.
Timeline depends on severity. Typical enterprise remediation phases: Phase 1 (weeks 1-3, $25K) — Copilot Readiness Assessment identifies the 12 gaps + priority queue. Phase 2 (weeks 4-8, $50K) — top-priority permission cleanup + sensitivity label deployment + DLP baseline. Phase 3 (weeks 9-12, $50K) — Insider Risk + Communication Compliance + Entra hardening + Defender integration. Phase 4 (weeks 13-16, $30K) — Compliance Manager mapping + go-forward monitoring. Total: $155K over 16 weeks. Some organizations move faster on Phases 2-3 to unblock Copilot rollout while completing later phases in parallel.
EPC Group 30-Day Copilot Readiness Accelerator ($35K fixed-fee) is a compressed Phase 1 + partial Phase 2 for organizations needing fast pre-Copilot remediation. Deliverables: (1) 12-gap security assessment via Graph API + PowerShell + Purview. (2) Top-5 remediation execution (usually permission cleanup + sensitivity label baseline). (3) BYOAI policy draft. (4) Copilot governance framework outline. (5) Copilot pilot user population sizing. (6) 90-day rollout roadmap. Not a full deployment — but enough to declare a controlled Copilot pilot safe within 30 days.
Match to project intent: (1) Small-to-mid market with straightforward workloads — Microsoft FastTrack (free) + internal IT can handle if internal team has Purview + Entra depth. (2) Regulated industries (HIPAA / SOC 2 / FedRAMP / CMMC) — hire a Microsoft Solutions Partner with Security + Modern Work designations. (3) Complex M365 environments with legacy migration debt — hire a boutique Microsoft specialist like EPC Group with all six Solutions Partner designations + deep Purview + Copilot governance experience. Not every partner is qualified; ask for specific Purview + BYOAI + Copilot-governance case studies.
Six frameworks that Copilot-readiness hardening satisfies: (1) NIST 800-171 (CUI protection controls). (2) HIPAA Security Rule (technical + administrative + physical safeguards). (3) SOC 2 Type II (access controls + change management). (4) FedRAMP Moderate/High (federal compliance). (5) ISO 27001 (information security management). (6) EU AI Act (transparency + accountability for high-risk AI systems). EPC Group Copilot Readiness engagement maps remediation to your primary framework so the work satisfies both Copilot readiness AND compliance audit requirements.
$35K fixed-fee compressed remediation of top 5 gaps in 30 days. Call (888) 381-9725.
Monday-Friday, 8 AM - 7 PM CT
We respond to all inquiries within one business day