Free Microsoft 365 Copilot Readiness Tool
Microsoft 365 Copilot
Readiness Assessment
Answer 21 questions across 7 security domains and get your Microsoft 365 Copilot readiness score instantly — no consultant required.
Assessment Progress
0 of 21 answered
Your Score
—
/100
Domain 01
M365 Admin Centre — Copilot Settings
—
Q1.Have you completed the Copilot Control System (CCS) checklist in the M365 Admin Centre — including scoping licences to a security group, pinning the Copilot app, and enabling the Copilot Dashboard?
Q2.Have you reviewed and actioned the Data Security and Compliance recommendations in the CCS — covering Purview, sensitivity labels, and oversharing reports?
Q3.Have you disabled self-service purchases (via PowerShell or the M365 Admin Centre) to prevent users from independently buying Copilot licences outside of IT governance?
Domain 02
Data Governance
—
Q4.Has your organisation deployed Microsoft Purview sensitivity labels across email, SharePoint, and OneDrive?
Q5.Have you run SharePoint Data Access Governance (DAG) reports to identify overshared content and broad "Everyone" permissions?
Q6.Do you have Data Loss Prevention (DLP) policies configured specifically to protect sensitive content in Copilot workloads?
Domain 03
Compliance & Audit
—
Q7.Is Microsoft Purview Audit Premium enabled and are Copilot interaction logs being captured and retained?
Q8.Have you configured retention policies specifically for Copilot interaction data (Exchange substrate)?
Q9.Has a Privacy Impact Assessment (PIA) been conducted for your intended Copilot deployment?
Domain 04
Endpoint Security
—
Q10.Are all devices accessing Microsoft 365 enrolled in Intune with active compliance policies enforced via Conditional Access?
Q11.Is Microsoft Defender for Endpoint (MDE) deployed and active across all user devices?
Q12.Have Attack Surface Reduction (ASR) rules been reviewed and enabled for your environment?
Domain 05
Copilot Control System
—
Q13.Have you reviewed the Copilot Control System (CCS) in the Microsoft 365 Admin Centre — covering Deployment Essentials, Data Security, and End-User Experience?
Q14.Are Copilot licences assigned to a scoped security group rather than all users, with self-service purchase disabled?
Q15.Have you configured a Copilot-specific Conditional Access policy targeting the Enterprise Copilot Platform App ID?
Domain 06
Agent Governance
—
Q16.Have you audited the Copilot Agent Registry to inventory all Microsoft, partner, and creator-built agents active in your tenant?
Q17.Is org-wide agent sharing restricted (not set to "All users" by default), with an admin approval workflow for publishing?
Q18.Are Power Platform Managed Environments enabled and Copilot Studio DLP policies configured?
Domain 07
People & Process
—
Q19.Does your organisation have an AI Acceptable Use Policy in place that covers Microsoft 365 Copilot specifically?
Q20.Have your users received security awareness training on Copilot risks — including prompt injection, prompt hygiene, and agent creation responsibilities?
Q21.Does your incident response plan include specific scenarios for Copilot-related events (e.g. data surfaced by Copilot, agent misbehaviour, prompt injection attack)?
Need expert help?
Not sure how to verify or fix these settings?
Virtuelle Group can assess, verify, and remediate your Copilot configuration — delivering a full expert report within 5 business days.
Assessment Complete
Your Copilot
Readiness Score
Readiness Score
—
/100
Need expert help verifying or remediating these settings?
Book a Free Callback with Virtuelle Group
Learn more about this assessment
Copilot Readiness Report
Your Report
0
/100
Readiness Score
Domain Breakdown
Priority Findings
Ready to close these gaps
and deploy Copilot with confidence?
and deploy Copilot with confidence?
Virtuelle Group's Copilot Security Readiness Assessment delivers a full 130+ check expert audit with hands-on findings, remediation plan, and stakeholder readout — in 5 business days.
Or email info@virtuellegroup.com.au · virtuellegroup.com.au