The Problem Nobody Wants to Talk About
Microsoft Copilot can read email. That's the feature. That's also the problem.
When an employee types "summarize recent discussions about Project Atlas" into Copilot, it doesn't just search their own inbox. It searches every email they have access to through Exchange Online permissions — including shared mailboxes, distribution group archives, and delegated access inboxes they forgot they had.
For most organizations, Exchange permissions are a legacy minefield. Decades of "just give them access" decisions have created permission sprawl that nobody fully understands. Add Copilot on top, and those forgotten permissions become active data exposure vectors.
This isn't theoretical. In January 2026, a financial services firm discovered that Copilot was surfacing board meeting discussions to mid-level managers who had inherited shared mailbox access from a predecessor three years earlier. The access was technically legitimate. The exposure was not.
How Copilot Accesses Exchange Data
Copilot connects to Exchange Online through the Microsoft Graph API, using the same permissions model that governs Outlook. This means Copilot can access:
- The user's own mailbox — every email, sent item, draft, and deleted item still in retention
- Shared mailboxes — any mailbox the user has Full Access or Send As permissions on
- Distribution group emails — if the user is a member, those emails land in their mailbox
- Delegated access — calendars and inboxes shared through delegation
- Public folders — if your organization still uses them (and many do)
The Delegation Problem
Exchange delegation is where things get dangerous. When an executive assistant gets delegate access to the CEO's inbox, that's intentional and understood. But Copilot doesn't distinguish between "I need to manage the CEO's calendar" and "I should be able to search through every email the CEO has ever received."
Full Access delegation grants exactly what it says — full access. Copilot treats this the same way Outlook does: if you can open the mailbox, Copilot can search it.
The difference is behavioral. An assistant with delegate access might open the CEO's inbox twice a day to manage scheduling. Copilot, prompted with the right query, will surface content from that inbox proactively. The permission is the same. The exposure is exponentially larger.
The Shared Mailbox Sprawl
Shared mailboxes are the silent killer of Exchange security hygiene. Most organizations have dozens, sometimes hundreds, of shared mailboxes:
- Department mailboxes — hr@company.com, finance@company.com
- Project mailboxes — created for specific initiatives, never decommissioned
- Role-based mailboxes — support@, legal@, compliance@
- Legacy mailboxes — former employees converted to shared mailboxes
Each of these has an access list that grows over time and rarely shrinks. When someone leaves a project, does IT revoke their shared mailbox access? Almost never. When a department reorganizes, do shared mailbox permissions get reviewed? Rarely.
Now add Copilot. Every user with access to a shared mailbox can query its contents through natural language. "What has legal@ been discussing about the pending lawsuit?" is a perfectly valid Copilot prompt — and if you have access to the legal shared mailbox, you'll get an answer.
Real-World Scenario
Consider a typical scenario at a mid-size company:
- The HR shared mailbox (hr@company.com) has 15 members
- Three of those members left HR two years ago but still have access
- The mailbox contains salary negotiations, disciplinary actions, and termination discussions
- One of the former HR members, now in marketing, asks Copilot: "What's the company policy on performance improvement plans?"
- Copilot, helpfully, surfaces actual PIP discussions from the HR mailbox — complete with employee names
This isn't a bug. It's permissions working exactly as configured. It's just that nobody ever imagined a tool that would make exercising those permissions this easy.
Distribution Groups and Hidden Exposure
Distribution groups create another subtle exposure vector. When an email is sent to a distribution group, every member receives a copy in their mailbox. That copy is now searchable by Copilot.
The risk comes from groups with broad membership. An "All Managers" distribution group might receive quarterly financial results, strategic planning updates, or M&A discussions. Every manager's Copilot instance can now surface this content in response to related queries.
This becomes particularly dangerous with nested groups. If "All Managers" includes "Regional Directors" which includes "EMEA Leadership," the actual membership list might be much larger than anyone realizes.
The Calendar Intelligence Risk
Exchange calendars are often overlooked in Copilot security discussions, but they contain surprisingly sensitive information:
- Meeting subjects that reveal strategic initiatives
- Attendee lists that reveal organizational relationships
- Meeting notes and attachments shared through calendar invites
- Room bookings that reveal who's meeting with whom
When Copilot summarizes your week or prepares you for a meeting, it's pulling from calendar data across every calendar you have access to. Delegate access to an executive's calendar means Copilot can tell you who the CEO is meeting with this week — and what it's about.
Auditing Exchange Permissions for Copilot
Before deploying Copilot — or if you've already deployed it — you need a comprehensive Exchange permissions audit. Here's how:
Step 1: Inventory Shared Mailbox Access
Use Exchange Online PowerShell to enumerate shared mailbox permissions:
Get-Mailbox -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | Where-Object { $_.User -ne "NT AUTHORITY\SELF" }
This gives you every user with access to every shared mailbox. Export this list and review it with department heads. The question for each permission: "Does this person still need this access?"
Step 2: Audit Delegation
Get-Mailbox -RecipientTypeDetails UserMailbox | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" -and $_.User -ne "NT AUTHORITY\SELF" }
Full Access delegations are the highest risk. Each one should have a documented business justification.
Step 3: Review Distribution Group Membership
Get-DistributionGroup | Select-Object Name, @{N="Members";E={(Get-DistributionGroupMember $_.Identity).Count}}
Focus on groups that receive sensitive communications. Check for stale members, nested groups, and overly broad membership.
Step 4: Check Send-As and Send-On-Behalf Permissions
Get-Mailbox | Get-RecipientPermission | Where-Object { $_.Trustee -ne "NT AUTHORITY\SELF" }
Send-As permissions don't directly affect Copilot data access, but they indicate permission relationships that should be reviewed holistically.
Mitigation Strategies
Immediate Actions
Revoke stale shared mailbox access. This is the highest-impact, lowest-effort fix. Remove users who no longer need access to shared mailboxes. Set a policy that shared mailbox access is reviewed quarterly.
Implement the principle of least privilege for delegation. Instead of Full Access delegation, use Reviewer or Editor roles where possible. Full Access should require manager approval and annual recertification.
Use Information Barriers. Microsoft Purview Information Barriers can prevent Copilot from crossing organizational boundaries. If your legal team shouldn't see sales communications (and vice versa), Information Barriers enforce that — even if permissions technically allow it.
Medium-Term Improvements
Deploy sensitivity labels on email. Sensitivity labels applied to emails can restrict Copilot's ability to surface that content. Mark confidential communications as "Highly Confidential" and configure Copilot to respect those labels. For a deeper dive on setting this up, check out our sensitivity labels configuration guide.
Implement mailbox auditing. Enable unified audit logging in Microsoft Purview to track what Copilot accesses in Exchange. This won't prevent exposure, but it gives you visibility into what's being surfaced.
Create Copilot-specific access policies. Use Restricted SharePoint Search (RSS) and related controls to limit which data sources Copilot can access. While RSS primarily targets SharePoint, it's part of a broader strategy to limit Copilot's data perimeter.
Long-Term Architecture
Move to a Zero Trust model for data access. Every access request — including Copilot's — should be verified against current identity, device, and risk signals. Our guide to Zero Trust architecture for Copilot deployments covers this in detail.
Implement data lifecycle management. Emails that should have been deleted years ago are still sitting in shared mailboxes, accessible to Copilot. Implement retention policies that automatically purge content past its useful life. But be aware — retention policies interact with Copilot in non-obvious ways.
Adopt a governance framework. Exchange permissions should be part of your broader Copilot governance strategy, not managed in isolation. Review our Copilot governance framework guide for a comprehensive approach.
The Broader Pattern
The Exchange permission problem is a symptom of a larger issue: Microsoft Copilot inherits every permission mistake your organization has ever made. Email is just one vector. SharePoint, OneDrive, Teams — they all have the same fundamental problem.
The organizations that deploy Copilot successfully are the ones that treat it as a catalyst for permission hygiene, not just a productivity tool. They use the Copilot deployment as an excuse to do the access reviews they should have been doing all along.
The ones that struggle are the ones that deploy Copilot first and deal with the fallout later. By then, the CEO's merger discussions are already in a junior analyst's Copilot history.
Take Action Now
Don't wait for an incident to audit your Exchange permissions. Use the E2E Agentic Bridge Scanner to identify permission gaps across your M365 environment — including Exchange delegation, shared mailbox access, and distribution group exposure. Find out what Copilot can see before your employees do.