Now Reading: Why AI Cannot Fix Your SharePoint Sprawl
-
01
Why AI Cannot Fix Your SharePoint Sprawl
1
00:00:00,000 –> 00:00:05,520
Administrator, do you hear that? Your internet is too quiet, but the quiet is busy. It crawls.
2
00:00:05,520 –> 00:00:12,880
You think co-pilot will fix it. It won’t. It reads the house as it is. Not as you wish it to be.
3
00:00:12,880 –> 00:00:18,320
In a minute, I’ll show you why AI echoes your share points, Brawl. Permission drift,
4
00:00:18,320 –> 00:00:26,080
orphaned teams, ROT data, shadow sites, and how hallucinations slip in. Then I’ll show the
5
00:00:26,080 –> 00:00:34,560
ritual that holds. Lean information, architecture, life cycle, labels, DLP, retention.
6
00:00:34,560 –> 00:00:42,480
With audits, before aftermaps, and prompt results. One mistake makes co-pilot wear a shadow of your
7
00:00:42,480 –> 00:00:50,960
face that mistake arrives soon, the lie of the internet. Why AI reads your mess? Not your mind.
8
00:00:50,960 –> 00:00:57,200
The silence is lying. Your internet isn’t a garden. It’s an archive, and the archive remembers
9
00:00:57,200 –> 00:01:04,640
every bad choice. AI doesn’t read your intent. It reads the residue, structure, labels, permissions.
10
00:01:04,640 –> 00:01:10,240
If the ground is mud, the answer drags mud. Here’s the thing most people miss.
11
00:01:10,240 –> 00:01:18,560
Co-pilot, search, and agents live inside a walled garden. SharePoint, one drive, teams,
12
00:01:18,560 –> 00:01:26,480
outlook, strong walls, known paths, but beyond those walls, confluence, jira, google,
13
00:01:26,480 –> 00:01:32,720
there’s knowledge your people use every day, the AI can’t see it, so it fills gaps with what it can
14
00:01:32,720 –> 00:01:40,720
reach. Echoes in a narrow room sound confident. They’re still echoes. You ask for policy guidance?
15
00:01:41,520 –> 00:01:49,760
What’s the latest return process? Co-pilot grounds on three files. A 2021 PDF marked final v7,
16
00:01:49,760 –> 00:01:57,120
a 2023 draft in a deep folder, and a shiny 2024 PowerPoint that only two managers can open.
17
00:01:57,120 –> 00:02:02,400
Permissions drifted in heritans broke years ago. The model sees the PDF. It sees the draft.
18
00:02:02,400 –> 00:02:07,840
The fresh policy sits behind a door. Your questioner can’t open, so the answer blends,
19
00:02:07,840 –> 00:02:13,680
stale and partial. It sounds smooth, it’s wrong. The reason this happens is ordinary, not exotic.
20
00:02:13,680 –> 00:02:19,920
Your people made it so. Too many metadata fields too soon. 13 at launch, 7 mandatory.
21
00:02:19,920 –> 00:02:26,000
Adoption died. Users fled to folders deep and twisted. Final copies multiplied.
22
00:02:26,000 –> 00:02:32,880
Arout, redundant, obsolete, trivial, piled high. Site creation ran wild. Sub-sites now shadow
23
00:02:32,880 –> 00:02:39,440
sites bloomed with a single file and no owner. It felt free. Freedom fed the fog. And search,
24
00:02:39,440 –> 00:02:46,880
it staves or it overfeats. If you clamp restricted content discovery everywhere, you starve grounding.
25
00:02:46,880 –> 00:02:54,480
The model can’t see enough, so it guesses. If you swing the other way, opens brawl. Answers pull in noise.
26
00:02:54,480 –> 00:03:00,880
Same sin, different mask. Let me show you the shortcut nobody teaches. Make friction small where it hurts.
27
00:03:00,880 –> 00:03:08,480
Lean mandatory fields. Two, maybe three, tied to purpose. A hub and spoke information architecture,
28
00:03:08,480 –> 00:03:15,760
so people know where to put work that matters. Use Raycy and RCD like doors, not walls. Shape exposure
29
00:03:15,760 –> 00:03:20,960
so high risk sites don’t surface broadly but don’t starve the index. This isn’t about hiding rot.
30
00:03:20,960 –> 00:03:26,720
It’s about not feeding it to the model. Okay, so the tricky part. Permissions. They drift.
31
00:03:27,600 –> 00:03:35,440
Nested groups, item level breaks, temporary shares that never die. An external guest added just
32
00:03:35,440 –> 00:03:41,920
for this week who still walks the halls months later. You need a question the house can answer
33
00:03:41,920 –> 00:03:50,720
cleanly. Who can access? Versus who should? Run the diff. The delta is the creature. Name it, close it.
34
00:03:51,680 –> 00:03:59,600
Now a micro story. Last month an admin ran a copilot prompt. Summarize our incident response policy
35
00:03:59,600 –> 00:04:06,880
for vendors. The answer cited a share point page from 2019 and a word doc with a draft watermark.
36
00:04:06,880 –> 00:04:13,360
Both visible. The current policy lived in a team site locked by RAC to a narrow group.
37
00:04:13,360 –> 00:04:19,920
After an IA cleanup hub alignment, label inheritance and a collapsed permission model.
38
00:04:20,480 –> 00:04:27,600
They ran the same prompt. New answer. Correct citations. Variance dropped not because the AI got smarter
39
00:04:27,600 –> 00:04:34,000
because the ground stopped lying. Before we continue, you need to understand the scale. Every day
40
00:04:34,000 –> 00:04:42,160
your tenant adds more billions of files across the cloud. Millions of sites born and left to wonder
41
00:04:42,160 –> 00:04:48,160
that growth isn’t evil. It’s indifferent. Without life cycle it becomes a swamp. With life cycle
42
00:04:48,160 –> 00:04:54,160
create a test archive dispose it becomes a current. AI swims better in a current. The game changer
43
00:04:54,160 –> 00:04:59,760
nobody talks about is this. Copilot can’t fix your structure. It can only reflect it.
44
00:04:59,760 –> 00:05:07,280
Automatic classification helps but if you flood a library with noise, the model tags noise well.
45
00:05:07,280 –> 00:05:14,000
You get precise chaos and with overuse of restrictions you force it to hallucinate bridges over gaps
46
00:05:14,000 –> 00:05:20,000
you dug yourself. If you remember nothing else remember this. AI won’t read your mind. It reads your
47
00:05:20,000 –> 00:05:25,920
mess. Clean the house and it will sound wise. Leave it drifting and it will wear your voice while
48
00:05:25,920 –> 00:05:35,120
it misleads your people. Up next the first creature. Permission drift. Unlocked doors in a silent house.
49
00:05:35,120 –> 00:05:41,840
Creature one permission drift. Unlocked doors in a silent house. Administrator, do you hear it now?
50
00:05:41,840 –> 00:05:48,880
Hinges that never squeak. Doors that open by themselves. Permission drift is not loud. It is patient.
51
00:05:48,880 –> 00:05:57,680
It waits. And through that gap truth leaks. Why this matters is simple. When inheritance breaks your
52
00:05:57,680 –> 00:06:05,200
ordered trail breaks with it you think site members mean something clear. It doesn’t. Nested groups pull
53
00:06:05,200 –> 00:06:13,520
in strangers. Item level breaks turn a neat room into a maze. External shares invite the cold inside.
54
00:06:13,520 –> 00:06:21,680
Ghost owners vanish from HR but their keys still work. And then every who saw this. Becomes a guess.
55
00:06:21,680 –> 00:06:29,360
A soft answer. A lie you can’t detect. The thing most people miss. Complexity looks like control.
56
00:06:29,360 –> 00:06:36,320
It isn’t. Complex nested as your AD group’s promise elegance. They breed blind spots.
57
00:06:36,320 –> 00:06:42,320
A team site that temporarily shared a folder by link. A library with a single file that broke
58
00:06:42,320 –> 00:06:50,800
inheritance in 2019. A contractor added for a week who now lives in 300 drives. Drift isn’t one act.
59
00:06:50,800 –> 00:06:57,040
It’s a slow pull. A tie that moves your house inch by inch till the map is wrong. What to do is blunt.
60
00:06:57,040 –> 00:07:04,960
You need two questions that cut. Who can access? And who should? Not one. Both. Run them on a schedule.
61
00:07:04,960 –> 00:07:12,960
Site library item. Internal guest link. Then compare. That delta is the creature. It names every door
62
00:07:12,960 –> 00:07:19,120
you never meant to open. It names every group that swallowed another group and wore it like skin.
63
00:07:19,120 –> 00:07:25,840
This clicked for me when a clean site showed 53 unique permissions. Not a breach. Just gravity.
64
00:07:26,400 –> 00:07:31,440
Years of just this once. That’s drift. Let me show you exactly how to pull it back.
65
00:07:31,440 –> 00:07:39,520
Collapse item level breaks. Standardize on group based access. Owners. Members. Visitors.
66
00:07:39,520 –> 00:07:47,040
Mapped to Azure AD groups with clear human names. Tyside sensitivity labels to that structure so
67
00:07:47,040 –> 00:07:53,680
the label isn’t a sticker. It’s a circuit when the label says confidential sharing outside breaks
68
00:07:53,680 –> 00:08:00,640
at the source. Inherit wherever possible. Push exceptions to a formal request path.
69
00:08:00,640 –> 00:08:08,720
Log them. Age them. Kill them. A practical pass looks like this. Pull a permissions matrix for
70
00:08:08,720 –> 00:08:16,800
a hub and it spokes. Sort by unique. Highlight anything with link. Anyone with the link. Kill those
71
00:08:16,800 –> 00:08:25,200
first. Then sort by external user. Verify contracts. Remove ghosts. Next, roll up nested groups.
72
00:08:25,200 –> 00:08:30,800
If a group contains another group you can’t trace to business purpose. Flatnet or replace it with
73
00:08:30,800 –> 00:08:36,960
a direct mapping. Finish with site collection admins. If that list is a catch all you’ve replaced
74
00:08:36,960 –> 00:08:44,000
governance with superstition. Cut it down to named roles with owners who attest. Now the quick win.
75
00:08:44,000 –> 00:08:52,000
Block ad hoc item sharing at the tenant and site level for sensitive labels. Force. Share by people.
76
00:08:52,000 –> 00:08:58,720
Not by link. Turn on monthly reports for high risk links. Review and revoke.
77
00:08:58,720 –> 00:09:06,320
Require two owners per team with 180 day attestation. Owners who fail to attest lose the keys.
78
00:09:06,320 –> 00:09:12,080
The house stops drifting when people feel the weight of the door. Common mistakes.
79
00:09:12,720 –> 00:09:21,840
One off exceptions that never die. Temporary vendor access. Without an end date. Migration error fixes
80
00:09:21,840 –> 00:09:28,320
that left entire libraries with broken inheritance because a checklist said done. And the worst.
81
00:09:28,320 –> 00:09:36,480
Hiding behind restricted access control to starve copilot. While leaving stale links wide open.
82
00:09:36,480 –> 00:09:42,400
You’ve locked the front door and propped the back one. A micro story. An admin asked copilot for a
83
00:09:42,400 –> 00:09:48,960
summary of a partner. NDA flow. It cited a public share point page and a draft word doc both wrong.
84
00:09:48,960 –> 00:09:56,080
The current process was sealed in a project site with a label that blocked indexing for most.
85
00:09:56,080 –> 00:10:02,880
After drift cleanup, collapsing breaks, aligning labels to sites and moving the policy to a hub
86
00:10:02,880 –> 00:10:08,800
with scoped exposure. The same prompt returned the current SOP with correct citations.
87
00:10:08,800 –> 00:10:16,080
Not smarter AI. Fewer cracks. If you remember nothing else remember this. Drift makes audits
88
00:10:16,080 –> 00:10:22,400
into rituals of hope. Bind access to groups. Bind groups to purpose. Bind purpose to labels.
89
00:10:22,400 –> 00:10:27,920
And make every exception die on a schedule. The silence will fight you. But once you nail this
90
00:10:27,920 –> 00:10:33,680
everything else clicks. Door stop moving and that’s when the next creature shows itself.
91
00:10:33,680 –> 00:10:42,800
Rooms with no steward. Often teams. Where rules fade. Where rot begins to feed.
92
00:10:42,800 –> 00:10:51,600
Creature two. Often teams. Rooms with no steward. Rules fade. Then the doors stop moving.
93
00:10:52,640 –> 00:11:00,960
And the rooms go still. Orphaned teams. Rooms with no steward. Rules fade. Lights flicker.
94
00:11:00,960 –> 00:11:07,840
Connectors keep whispering into the dark. Posting logs to no one. Files still sink to laptops
95
00:11:07,840 –> 00:11:14,880
that left the company last winter. Conversations freeze mid-sentence. No owner means no ritual.
96
00:11:14,880 –> 00:11:22,240
No ritual means no end. And with no end policy slides off like rain on glass. Why this matters?
97
00:11:22,240 –> 00:11:29,680
Because the room persists. A team is not a chat. It is a share point side with teeth. It holds channels,
98
00:11:29,680 –> 00:11:37,120
libraries tabs, apps, external guests and tokens. When owners vanish the house forgets to lock this room.
99
00:11:37,120 –> 00:11:44,000
Life cycle stops binding. DLP stops biting. Retention never starts the clock.
100
00:11:44,000 –> 00:11:50,880
And that’s when the stale becomes sacred. The trivial becomes permanent. The sensitive drifts
101
00:11:50,880 –> 00:11:56,720
unchallenged through sink and share. The thing most people miss is quiet activity.
102
00:11:56,720 –> 00:12:03,040
Inactive doesn’t mean empty. Apps still post. Flow still write, but still file messages.
103
00:12:03,040 –> 00:12:08,960
You see no chat so you call it dead. It isn’t. It’s unattended. And unattended systems keep working
104
00:12:08,960 –> 00:12:13,040
for whoever still holds a key. Let me show you exactly how to expose it.
105
00:12:13,040 –> 00:12:20,480
Three checks. First, 90 day activity. Posts file edits meetings. Flag teams with nothing but
106
00:12:20,480 –> 00:12:28,960
app events. Second, last owner check. Owners who left HR disabled accounts or a single owner with no backup.
107
00:12:28,960 –> 00:12:33,920
Third, external guest count. Rooms with many guests and no owners are high risk.
108
00:12:33,920 –> 00:12:41,440
Combine these into a label. No owner high guest. That string should chill you. It means strangers out
109
00:12:41,440 –> 00:12:47,280
number stewards. Now a pass you can run this week. Pull a team’s inventory with last activity date.
110
00:12:47,280 –> 00:12:54,240
Owner count, guest count, connected SharePoint site size and active connectors. Sort by no owner
111
00:12:54,240 –> 00:13:02,560
and oldest activity. For each trigger an archive workflow. Notify prior owners, their manager
112
00:13:02,560 –> 00:13:09,520
and a nominated business unit lead. Give a clear fork. Reassign ownership and restate purpose
113
00:13:09,520 –> 00:13:16,720
or accept archive. If reassigned, require two owners confirm sensitivity label,
114
00:13:16,720 –> 00:13:24,480
rebind life cycle and review external guests. If archived, export records to a governed library,
115
00:13:24,480 –> 00:13:31,200
apply retention, lock external sharing and retire the site. Do not keep it just in case.
116
00:13:31,200 –> 00:13:37,840
A graveyard is still a place in your house. A micro story, a project team ended 18 months ago. No
117
00:13:37,840 –> 00:13:43,520
closure. The connector from a third party tool kept writing logs each night. A guest vendor
118
00:13:43,520 –> 00:13:49,440
still had access. A member’s laptop since re-imaged had a local sink of a finance folder.
119
00:13:49,440 –> 00:13:57,680
Nothing dramatic, just slow, steady leak paths. After we ran the checks, 90 day quiet, last owner zero,
120
00:13:57,680 –> 00:14:03,280
guest count five, we archived the team, preserved the record set and removed the guests.
121
00:14:03,840 –> 00:14:09,840
We reran a copilot prompt about vendor billing. Before cleanup, it cited the old channel notes
122
00:14:09,840 –> 00:14:15,200
and an outdated spreadsheet. After cleanup and a restored owner pair in the successor team,
123
00:14:15,200 –> 00:14:21,920
copilot cited the new SOP and current ledger. Not magic, just stewardship restored.
124
00:14:21,920 –> 00:14:30,240
Now the quick wins. Turn on auto exploration for inactive teams with owner attestation every 180 days.
125
00:14:30,800 –> 00:14:38,480
Creation policy required two owners at birth and force a purpose field on creation,
126
00:14:38,480 –> 00:14:47,200
project, department, community, mapped to life cycle rules. Disable adding connectors unless owners
127
00:14:47,200 –> 00:14:54,000
exist. Block guest access when there is no owner to attest. If a team can’t prove its caretakers,
128
00:14:54,560 –> 00:15:03,200
it can’t host outsiders. Common mistakes, parking lot teams where ideas go to die, projects that wrap
129
00:15:03,200 –> 00:15:11,280
up without a retire step, zombie connectors, jira, email to channel, legacy bots, still writing to empty
130
00:15:11,280 –> 00:15:19,040
halls, and worst of all, leaving a single heroic owner who burns out quits and takes the keys with
131
00:15:19,040 –> 00:15:27,280
them. That’s how rooms become orphaned, not with noise, with neglect. If you remember nothing else,
132
00:15:27,280 –> 00:15:34,320
remember this. A room without a steward is a risk without a name. Give it a name, force a choice,
133
00:15:34,320 –> 00:15:42,480
renew with purpose or retire with proof. Once you do the fog thins and that’s when the swamp wakes,
134
00:15:43,120 –> 00:15:52,000
rot data feeding on what’s left. Creature three rot data redundant obsolete trivial feeding the fog
135
00:15:52,000 –> 00:16:02,000
and then the swamp rot data redundant obsolete trivial it looks harmless small files old versions
136
00:16:02,000 –> 00:16:09,760
final seven final V8 really stacks of copies in deep crooked folders but this is the fog that
137
00:16:09,760 –> 00:16:17,520
drowns the signal search breathes it in copilot drinks it and the answers come back thick slow wrong
138
00:16:17,520 –> 00:16:25,920
why this matters is plain rot steals attention it steals precision version piles mother the current
139
00:16:25,920 –> 00:16:32,080
truth stale copies sit closer to the path than the live record the model lands on what’s easy not
140
00:16:32,080 –> 00:16:38,240
what’s right and once the fog gets dense your tenants best people start to move by memory
141
00:16:38,880 –> 00:16:46,000
not evidence that’s when the bad decisions feel normal they sound calm they wear your badge the thing
142
00:16:46,000 –> 00:16:53,520
most people miss wrote grows from friction too many fields at the gate too much ceremony for small work
143
00:16:53,520 –> 00:17:01,520
and users slip away to folders they build ladders of depth ten levels down names that lie archive
144
00:17:01,520 –> 00:17:07,600
that still sinks old work kept just in case until just in case becomes policy by accident
145
00:17:08,240 –> 00:17:15,040
the swamp doesn’t charge it waits deep silent feeding let me show you exactly how to expose it
146
00:17:15,040 –> 00:17:21,600
run a content inventory across your high traffic libraries pull age size last modified last
147
00:17:21,600 –> 00:17:29,040
opened add duplicate hashes to spot twins group by path depth to surface the deepest nests then
148
00:17:29,040 –> 00:17:35,440
map each cluster to a retention category records you must keep reference you should keep trivial
149
00:17:35,440 –> 00:17:42,000
you should purge don’t guess don’t argue let the metrics draw the shape now the pass that clears
150
00:17:42,000 –> 00:17:49,120
the water start with final chaos use duplicate hashes and fuzzy name matches to collapse near duplicates
151
00:17:49,120 –> 00:17:56,880
keep the canonical record tied to a content type delete the shadows next cut the version piles
152
00:17:56,880 –> 00:18:03,600
cap major versions to a sane number trim miners on libraries that were never meant to be design
153
00:18:03,600 –> 00:18:12,880
repose then attack depth enforce a hub and spoke structure with lean metadata so users don’t need
154
00:18:12,880 –> 00:18:20,880
ladders two mandatory fields only purpose and type make them a two click truth not a chore
155
00:18:20,880 –> 00:18:27,600
finally start the clock apply default retention 30 days for drafts in working libraries
156
00:18:27,600 –> 00:18:34,480
180 days for reference in team spaces seven years for records in governed libraries when the clock
157
00:18:34,480 –> 00:18:42,160
runs the fog receipts a micro story we ran this purge plan in a department hub before search for
158
00:18:42,160 –> 00:18:49,840
expense policy returned 12 results on page one eight were stale two were drafts the live record was
159
00:18:49,840 –> 00:18:57,360
on page two buried by depth and duplicate names after duplicates gone versions trimmed labels applied
160
00:18:57,360 –> 00:19:05,120
clock running same query two results both current co-pilot’s answer variance dropped citation
161
00:19:05,120 –> 00:19:11,120
precision rose not because the model learned a secret because the swamp lost its food quick wins
162
00:19:11,120 –> 00:19:18,640
you can take this week publish a three tier term set for purpose record reference working bind two
163
00:19:18,640 –> 00:19:25,760
required fields to your core libraries content type and purpose set default retention on the top three
164
00:19:25,760 –> 00:19:32,640
libraries by volume trim versions above 20 on non record libraries and run a weekly duplicate
165
00:19:32,640 –> 00:19:40,720
hash report to starve the final v7 creature before it nests common mistakes making 13 fields mandatory
166
00:19:40,720 –> 00:19:48,880
on day one bulk tagging old content with lies to pass validation skipping user training so people
167
00:19:48,880 –> 00:19:55,600
keep feeding the swamp with deep folders and the worst believing AI will classify trash into treasure
168
00:19:55,600 –> 00:20:02,640
it won’t it will tag the trash fast if you remember nothing else remember this
169
00:20:02,640 –> 00:20:10,560
roti is the fog that makes lies sound gentle clear it and the house can finally breathe
170
00:20:10,560 –> 00:20:16,960
clear it and you’ll start to see shapes moving at the edge shadow sites strays that wandered in from
171
00:20:16,960 –> 00:20:25,200
the cold their turn comes next was creature four shadow sites stray creatures wandering in from
172
00:20:25,200 –> 00:20:34,640
the cold and then you see them strays shadow sites born from autonomy without guard rails a form
173
00:20:34,640 –> 00:20:41,920
submitted a checkbox missed a template cloned without purpose each one small harmless then hundreds
174
00:20:41,920 –> 00:20:48,480
then eight hundred subsides with a single file a single owner a single silent drift they don’t
175
00:20:48,480 –> 00:20:56,320
scream they echo and the echo bends your map why this matters is simple every strays a new door a
176
00:20:56,320 –> 00:21:03,040
parallel structure a duplicated permission set search now walks two paths to the same idea
177
00:21:03,040 –> 00:21:08,960
and returns both weighted by accident uses fall into the copy closest to their hand
178
00:21:08,960 –> 00:21:15,120
the live record goes hungry while a shadow gets clicks links and trusted never earned
179
00:21:16,000 –> 00:21:23,600
this isn’t malice it’s growth without bones the thing most people miss sprawl feels like speed
180
00:21:23,600 –> 00:21:31,600
spin up a site ship it until the links break the owner leaves and the page you need
181
00:21:31,600 –> 00:21:37,280
lives three hubs away with the same name and a different label then copilot grounds on which one
182
00:21:37,280 –> 00:21:43,120
the one it can see not the one with the blessing the lie is quiet but it lands let me show you
183
00:21:43,120 –> 00:21:49,520
exactly how to hunt them start with the site directory export pull title url template owner
184
00:21:49,520 –> 00:21:56,560
last activity item count and whether it’s attached to a hub sought by no hub low item count
185
00:21:56,560 –> 00:22:04,480
and stale activity those rows are your strays next group by naming patterns teams that cloned
186
00:22:04,480 –> 00:22:10,160
old templates committees that birthed microsites for minutes you’ll see families of fragments
187
00:22:10,160 –> 00:22:16,080
that’s your consolidation map now the path that brings them home move from subsites to a hub and
188
00:22:16,080 –> 00:22:25,840
spoke design define purpose templates department project community each binding sensitivity label
189
00:22:25,840 –> 00:22:34,080
dlp default retention and two mandatory fields capsite types no bespoke snowflakes without review
190
00:22:34,800 –> 00:22:41,600
create a single intake path that collects purpose and data owner at birth every new site joins a hub
191
00:22:41,600 –> 00:22:48,880
where global nav scope search and label inheritance hold it in place no adoptee leaves the hub
192
00:22:48,880 –> 00:22:55,120
without a reason and a caretaker an example you can feel a division had 12 microsites for policy
193
00:22:55,120 –> 00:23:02,960
snippets single pages one owner each no hub search returned five travel policy hits all close
194
00:23:02,960 –> 00:23:11,440
cousins all wrong in small costly ways we lifted them into a policy hub stitched the content into a
195
00:23:11,440 –> 00:23:19,360
clean information architecture set label inheritance and shut the orphans before five results
196
00:23:19,360 –> 00:23:25,360
three stale after one canonical page one archive notice co-pilot’s grounding stopped bouncing
197
00:23:25,360 –> 00:23:34,000
between clones quick wins now automate naming prefixes by purpose suffixes by region or project code
198
00:23:34,000 –> 00:23:42,160
enforce template choice at creation no blank site require owner and steward fields both real users
199
00:23:42,160 –> 00:23:49,200
both attesting at 180 days disable subsite creation across the tenant publish a site directory
200
00:23:49,200 –> 00:23:56,160
everyone can see with ownership visible shame is a quiet control and review no hub sites monthly
201
00:23:56,160 –> 00:24:02,960
strays thrive in the dark turn on the lights common mistakes subsite nostalgia we’ve always done
202
00:24:02,960 –> 00:24:10,720
it this way governance committees that demand 13 fields and kill adoption parallel structures two
203
00:24:10,720 –> 00:24:18,560
sites for the same team because someone lost the URL and worst of all letting shadow sites persist
204
00:24:18,560 –> 00:24:25,040
because cleaning later feels expensive later always cost more if you remember nothing else remember this
205
00:24:25,040 –> 00:24:34,160
strays are not free space they’re dead consolidate into hubs bind labels at birth make purpose a
206
00:24:34,160 –> 00:24:40,400
field not a feeling once the strays stop wandering the mirror stop warping and that’s when you meet
207
00:24:40,400 –> 00:24:50,640
the mask copilot’s calm voice wearing your face the hallucination a shadow wearing your face
208
00:24:50,640 –> 00:24:59,280
administrator do you hear it now your own tone smooth assured a shadow wearing your face
209
00:24:59,280 –> 00:25:05,920
hallucination isn’t madness it’s math in the dark copilot grounds on what it can reach
210
00:25:07,120 –> 00:25:14,000
starved with over zealous restricted content discovery and restricted access control and it guesses
211
00:25:14,000 –> 00:25:21,520
across gaps drown it in permissive sprawl and it averages the noise two paths same cliff
212
00:25:21,520 –> 00:25:27,280
the answer sounds confident because that’s what language does when it’s certain of the wrong room
213
00:25:27,280 –> 00:25:34,640
the thing most people miss is the link between governance and truth you don’t fix hallucination with
214
00:25:34,640 –> 00:25:41,040
the clever prompt you fix the floor lean i.a. so concepts have one home labels that match risk
215
00:25:41,040 –> 00:25:48,320
dlp that blocks x fill at the source retention that turns someday into dates on a calendar then you measure
216
00:25:48,320 –> 00:25:55,520
let me show you exactly how to prove it run paired prompts before and after cleanup use the same
217
00:25:55,520 –> 00:26:03,520
tenant same query same user persona summarize the customer return process for electronics before
218
00:26:04,160 –> 00:26:12,080
record citations links and answer variants across three runs you’ll see drift 2019 pdf’s
219
00:26:12,080 –> 00:26:20,080
drafts in deep folders a locked 2024 page the user can’t see after the ritual hub alignment label
220
00:26:20,080 –> 00:26:27,920
inheritance permission collapse rot purge run the same prompt log citations you’ll see fewer sources
221
00:26:27,920 –> 00:26:35,360
newer dates pages in the right hub with labels that match the risk variance drops not magic foundation
222
00:26:35,360 –> 00:26:42,000
measure three things citation precision percent of references that point to current authoritative
223
00:26:42,000 –> 00:26:50,000
pages answer variants how much the response changes across repeated runs access mismatch how often
224
00:26:50,000 –> 00:26:57,200
citations point to content the user can’t open if precision rises variance falls and mismatch
225
00:26:57,200 –> 00:27:04,800
hits zero you didn’t teach the model a trick you taught the house to stop lying an example a support
226
00:27:04,800 –> 00:27:12,400
team asked what’s our escalation path for failed rma’s before co-pilot cited an outlook thread and
227
00:27:12,400 –> 00:27:20,160
a wiki page last touched in 2022 both visible the real process lived in a locked team with a label
228
00:27:20,160 –> 00:27:27,280
that starved discovery after governance move the s o p to a service hub mapped the content type
229
00:27:27,280 –> 00:27:32,320
applied the right sensitivity label that still allowed discovery for the support group co-pilot
230
00:27:32,320 –> 00:27:41,360
cited the hub s o p and a current checklist same model different ground quick wins establish answer
231
00:27:41,360 –> 00:27:49,120
acceptance criteria no citation no trust require at least two authoritative sources for medium risk
232
00:27:49,120 –> 00:27:55,920
topics one for low risk human review for high risk turn on human in the loop for decisions that
233
00:27:55,920 –> 00:28:04,000
carry money access or legal weight build a feedback loop thumbs down triggers a review of both the answer
234
00:28:04,000 –> 00:28:12,080
and the ground i.e. labels permissions retention if the answer failed because the house lied fix the
235
00:28:12,080 –> 00:28:20,320
house not the prompt common mistakes expecting a i to classify trash into truth overusing rcd
236
00:28:20,320 –> 00:28:26,720
until search and co-pilot star then blaming the model ignoring sensitive exposure maps where
237
00:28:26,720 –> 00:28:34,480
labels don’t match real risk and worst treating hallucinations as close enough because they read well
238
00:28:34,480 –> 00:28:41,440
close enough is how errors become policy if you remember nothing else remember this the shadow
239
00:28:41,440 –> 00:28:48,320
wears your face when your house wears a mask strip the mask bind i a to hubs bind life cycle to purpose
240
00:28:48,320 –> 00:28:54,800
bind labels to risk bind dlp to exit points bind retention to time do this and when co-pilot speaks
241
00:28:54,800 –> 00:29:01,600
it sounds like you because it stands on ground that’s finally true the binding the governance ritual
242
00:29:01,600 –> 00:29:09,280
that holds administrator tools won’t save you rituals will repeated owned measured that’s how you
243
00:29:09,280 –> 00:29:15,840
hold the house why this matters is blunt you can’t out app a pattern of neglect you bind behavior
244
00:29:15,840 –> 00:29:22,480
to structure so drift stops rooms gets duets the swamp drains and strays come home the ritual is
245
00:29:22,480 –> 00:29:33,280
five binds information architecture life cycle sensitivity labels dlp retention not as slogans
246
00:29:33,280 –> 00:29:42,240
as circuits when one moves the others fire start with information architecture the spine hubs as
247
00:29:42,240 –> 00:29:53,920
anchors spokes by purpose department project community services each hub owns a clear map top
248
00:29:53,920 –> 00:30:01,040
nav that matches how people ask not how org charts look content types are few and named in human
249
00:30:01,040 –> 00:30:10,080
words policy s op record working doc to required fields purpose and content type that’s it the rest
250
00:30:10,080 –> 00:30:15,920
is optional suggested and easy this is scaffolding not burden when i a is lean people stop building
251
00:30:15,920 –> 00:30:22,320
ladders of folders once you nail that everything else clicks because every concept has one home
252
00:30:22,320 –> 00:30:31,040
and every home has one path life cycle is the current create a test archive dispose
253
00:30:31,040 –> 00:30:41,200
birth has rules two owners declared purpose template chosen at 180 days owners attest is
254
00:30:41,200 –> 00:30:48,400
still alive if yes they confirm label guests connectors and purpose if no they trigger archive
255
00:30:48,400 –> 00:30:56,000
archive isn’t a dump it’s a move with proof export records to a governed library apply retention
256
00:30:56,000 –> 00:31:03,760
lock sharing retire the site disposal runs on schedule with evidence a disposition review a log
257
00:31:03,760 –> 00:31:13,120
a signature life cycle makes later a date not a wish sensitivity labels are the skin tight mapped to
258
00:31:13,120 –> 00:31:22,800
risk not mood labels bind to sites and libraries not just files public internal confidential restricted
259
00:31:22,800 –> 00:31:30,320
each label turns on controls you can feel confidential blocks anyone links forces shared by people
260
00:31:30,320 –> 00:31:38,800
and limits external guests to name domains labels inherit down the tree site to library to file
261
00:31:38,800 –> 00:31:45,280
unless a file is raised higher by content inspection auto apply where you can through trainable
262
00:31:45,280 –> 00:31:53,600
classifiers detect p i i contracts financials but treat classifiers as scouts not judges
263
00:31:53,600 –> 00:32:01,040
owners confirm when stakes are high dlp is the teeth it sits at the exits pattern packs catch obvious
264
00:32:01,040 –> 00:32:09,520
sins credit cards ss ends health data context sharpens the bite block upload of payroll spreadsheets
265
00:32:09,520 –> 00:32:16,000
to teams with external guests alert owners when a confidential file is shared beyond the group
266
00:32:16,000 –> 00:32:20,400
require business justification for overrides and send the transcript to the steward
267
00:32:20,400 –> 00:32:27,920
dlp doesn’t nag it stops ex-fill at the source and wakes a human the parasite that pretends to be
268
00:32:27,920 –> 00:32:35,840
trusted hates dlp because it can’t sneak past a door the talks back retention is time cold
269
00:32:35,840 –> 00:32:43,280
fair and final defaults by content type not feelings working doc 30 days in draft libraries
270
00:32:43,280 –> 00:32:50,160
unless promoted reference 180 days in team libraries unless renewed record seven years in governed
271
00:32:50,160 –> 00:32:56,160
libraries or whatever regulation says with legal hold paths ready proof of disposition is part of
272
00:32:56,160 –> 00:33:04,080
the ritual when something dies you can show who when and why retention makes our out to starve
273
00:33:04,080 –> 00:33:11,920
because someday becomes a schedule you don’t argue with now you tie the binds into an operating
274
00:33:11,920 –> 00:33:19,040
cadence monthly drift review permissions diffs on top hubs and high risk sites review unique
275
00:33:19,040 –> 00:33:27,520
permissions anyone links external guests close the cracks quarterly r.o.t. purge run inventory duplicate
276
00:33:27,520 –> 00:33:37,520
hashes depth reports trim versions collapse twins re home strays semi annual owner attestations
277
00:33:37,520 –> 00:33:44,400
every team and site proves it has two owners a purpose a label that fits risk and guests that
278
00:33:44,400 –> 00:33:50,800
pass the sniff test miss an attestation lose the keys the house stops drifting when the stewards
279
00:33:50,800 –> 00:33:58,560
must speak guardrails at the front door a creation policy with request or justification purpose
280
00:33:58,560 –> 00:34:05,360
selection and enforced templates two owners required automated naming by purpose and region
281
00:34:05,360 –> 00:34:13,680
or project code templates bind labels dlp retention and ia at birth so controls are default not optional
282
00:34:14,160 –> 00:34:21,920
no sub site creation intake goes through one path logged and visible change management is the oil
283
00:34:21,920 –> 00:34:30,000
targeted training not a sermon job aids that show two clicks to done for mandatory fields short
284
00:34:30,000 –> 00:34:37,840
videos that teach the why the thing most people miss is that labels protect you not block you bake
285
00:34:37,840 –> 00:34:46,560
automation where friction hurts autosuggest metadata pre-fill based on site purpose show a nag only
286
00:34:46,560 –> 00:34:53,520
when risk is real and gives stewards dashboards they can read site health permission anomalies guest
287
00:34:53,520 –> 00:35:00,560
lists r.o.t. trends if they can see the house they will keep it evidence keeps the ritual honest run
288
00:35:00,560 –> 00:35:07,360
audits and save them access diffs that show who can versus who should with delta’s shrinking month
289
00:35:07,360 –> 00:35:14,960
over month before after sight maps that move from spaghetti to hub and spoke prompt result logs
290
00:35:14,960 –> 00:35:22,720
that show citation precision rising and answer variance falling search precision uplift where page
291
00:35:22,720 –> 00:35:28,560
one becomes authoritative not lucky these aren’t vanity graphs they’re the pulse if the pulse
292
00:35:28,560 –> 00:35:38,080
flattens the ritual slipped adjust repeat limitations be honest auto classifiers miss edge cases
293
00:35:38,080 –> 00:35:45,200
labels miss fire if owners don’t confirm dlp can overblock if you get greedy retention hurts when
294
00:35:45,200 –> 00:35:53,600
culture hordes that’s why humans sit in the loop where it matters records managers approve deletion
295
00:35:54,240 –> 00:36:00,880
stewards bless exceptions compliance reviews the spikes the ritual is human led toolbacked
296
00:36:00,880 –> 00:36:07,520
not the other way round and here’s the last quiet bind accountability every hub has an owner and
297
00:36:07,520 –> 00:36:17,840
a steward names faces they attest they receive alerts they approve exceptions they get credit when
298
00:36:17,840 –> 00:36:24,880
precision rises and variance falls when the house holds it’s because someone held it do this
299
00:36:24,880 –> 00:36:31,440
and the creatures lose their food drift hits a wall of group based access often rooms die on schedule
300
00:36:31,440 –> 00:36:38,640
or revive with purpose are out things under clocks and light strays find a hub and a name and
301
00:36:38,640 –> 00:36:47,680
copilot no longer starved or drowned stops guessing and starts citing same AI different ground
302
00:36:47,680 –> 00:36:57,120
the ritual holds immediate actions do this before you turn on more AI runner permissions diff
303
00:36:57,120 –> 00:37:05,920
on your top five hubs who can versus who should close the largest deltas today disable ad hoc item
304
00:37:05,920 –> 00:37:13,040
links on confidential and above force share by people and force two owners with 180 day attestation
305
00:37:13,040 –> 00:37:20,320
published two required fields purpose and content type and a three tier term set apply default
306
00:37:20,320 –> 00:37:27,760
retention to your three highest volume libraries archive one often team end to end with proof
307
00:37:27,760 –> 00:37:35,120
rerun the same copilot prompts and lock citation precision and variance the house holds if you do
308
00:37:35,120 –> 00:37:42,720
the key truth AI can’t fix a broken house it only reflects it governance shapes the ground so answers
309
00:37:42,720 –> 00:37:49,520
stop lying if you want the live walkthrough of the five binds with real audits maps and prompt
310
00:37:49,520 –> 00:37:55,840
logs subscribe now then cue the next episode where we run copilot in a clean tenant and listen to
