AI GovernanceSecurity

Stop oversharing before Copilot surfaces it.

Continuous monitoring and automated remediation of permission sprawl across your tenant.

From $7,500one-time deployment

Get Your Copilot Readiness Score See Pricing

compass://data-access-governance

Governance Posture

78%

Up from 34% before remediation

Remediation Activity

Org-wide links removed

Anonymous links expired

123

Guest access revoked

Pending site owner review

Labels applied

1,247

Resolved

188

In Progress

Open

Overview

16% of business-critical data is overshared across the average M365 tenant, with organizations averaging 802,000 files at risk. Microsoft's SharePoint Advanced Management provides discovery reports, but remediation remains largely manual and is capped at 1,000 site access reviews per month. For large tenants with thousands of sites, that's a years-long cleanup timeline while Copilot exposes everything today.

Compass Data Access Governance Engine is a continuously running governance layer built on Python Azure Functions and Azure Logic Apps that monitors and remediates permission sprawl automatically. Scheduled Durable Functions scan for newly created sharing links, detect company-wide permissions, identify anonymous links without expiration dates, flag guest access to labeled sites, and detect permission changes that introduce broad access. When issues are found, Azure Logic Apps workflows either send alert notifications via Teams and email or execute auto-remediation actions through callback Azure Functions.

Use Cases

Pre-Copilot permission cleanup
Ongoing governance posture monitoring
Automated permission remediation at scale
Guest access compliance enforcement

Key Features

Continuous scanning via Durable Functions fan-out/fan-in for parallel site analysis

Detection of company-wide sharing (organization scope links)

Automatic identification of anonymous links without expiration

Guest access monitoring for sensitivity-labeled sites

Configurable policy engine in React UI: alert-only, alert-and-recommend, or auto-remediate

Azure Logic Apps workflows: Teams notifications, email alerts, remediation callbacks

Automated actions: expire stale links, remove broad access groups, notify site owners

Baseline and delta tracking in Azure SQL for governance posture trending

React governance posture dashboard with trend charts and risk heatmaps

Microsoft Graph Data Connect support for bulk extraction in large tenants (50,000+ sites)

Technical Architecture

Deployed in your tenant

Your Microsoft 365 Tenant

Timer TriggerContinuous monitoring

Python Azure FunctionsDurable Functions scanner

MS Graph APIPermission enumeration

Azure Logic AppsAlert + remediate

React DashboardGovernance posture

trigger

compute

api

output

action

All components run in your Azure subscription

The EchoLeak vulnerability (CVE-2025-32711, CVSS 9.3) enabled zero-click data exfiltration through Copilot. The U.S. House of Representatives and European Parliament both banned Copilot from staff devices. Automated governance prevents these scenarios.

Ready to deploy Copilot Data Access Governance?

Book a consultation and we will walk through your tenant to show exactly how this product maps to your requirements.

Get Your Copilot Readiness Score See all pricing

Copilot Audit Log Retention

Analytics Retention