Skip to main content
All CollectionsProtectCopilot Readiness Assessment
Copilot readiness assessment security overview
Copilot readiness assessment security overview
Updated over a week ago

The Copilot readiness assessment reads Microsoft 365 data to generate an overview of a tenant's readiness for Copilot.

Required permissions and access

A global or privileged role admin must consent to several Microsoft 365 permissions and grant access to the assessment.

To learn more about the required permissions, see Required permissions to use the Copilot readiness assessment.

To learn how to grant access to the assessment, see Assign the Assessor role in Entra ID.

Data storage

The Copilot readiness assessment stores required data in Microsoft Azure's East US 2 region.

Data collected

Some of the collected data to provide insights into Copilot readiness includes the following:

  • Tenant display name

  • Available licenses and activation status

  • Workspace names, members, and permissions metadata

    • Workspaces include SharePoint sites, Microsoft 365 groups, and OneDrive for Business.

  • User display names and job titles

  • Shared document names and metadata

The data is continuously updated to reflect changes in your Microsoft 365 environment.

Data the assessment does not collect

The Assessment Tool only stores data necessary for Copilot readiness insights.

The Assessment Tool does not collect:

  • User access tokens

  • Full document contents (only document names and metadata are analyzed)

  • Personal messages or email content

Data processing and encryption

All data processed within the Copilot Readiness Assessment follows industry-standard security protocols, ensuring encryption at rest and in transit.

This section outlines 3 data types the Copilot readiness assessment accesses and explains how they're secured.

User data

This includes Microsoft 365 membership and ownership information.

All data in this category has 3 layers of encryption:

  • Encryption in transit (TLS 1.2).

  • Encryption at rest (256-bit AES).

  • Application-level encryption (256-bit AES) using a per-tenant key stored in the Azure Key Vault.

Application state data

This is data used to track different settings and options associated with your account and actions made using ShareGate.

Data in this category has 2 layers of encryption:

  • Encryption in transit (TLS 1.2).

  • Encryption at rest (256-bit AES encryption).

To learn more about these encryption technologies, see 256-bit AES encryption at rest and TLS 1.2 in transit

Sub-processors

The data transitions from Azure to two other sub-processors:

  • MongoDB is used as a cache for data that's hard to process directly from Microsoft 365. That data is refreshed at a certain frequency.

  • LogRocket is used for research purposes. All data that transitions to LogRocket is anonymized.

Telemetry Data

Some non-sensitive data is sent to telemetry services for performance monitoring and improvement. If telemetry data contains sensitive information, it is fully anonymized before transmission.

Data retention & purging

All data related to a tenant is permanently deleted a day after an admin revokes application consent, and access is blocked immediately.

Terms and privacy

You can find links to our official terms and privacy pages in the footer below.

Did this answer your question?