- \n
- Designing a logical SPO site structure that mirrors organisational needs, avoids sprawling, ad hoc sites, and helps users intuitively find what they need. <\/li>\n<\/ul>\n\n\n\n
- \n
- Establishing the right permissions model, ensuring access is granted on a least-privilege basis and consistently applied across sites and Teams. <\/li>\n<\/ul>\n\n\n\n
- \n
- Making sure metadata, labels, and content types are in place to drive better navigation and search experiences, helping users avoid the all-too-familiar \u201cneedle in a haystack\u201d hunt. <\/li>\n<\/ul>\n\n\n\n
Think of IA as the blueprint for your digital workplace \u2013 without it, AI will be working in a cluttered warehouse rather than a well-organised library.<\/p>\n\n\n\n
Why is IA so important before AI?<\/h2>\n\n\n\n
AI thrives on data. When you prompt AI tools like Copilot to build a business case presentation or summarise a report, it doesn\u2019t just look at your immediate files. It can surface data from across the organisation \u2013 even information users didn\u2019t realise was accessible. <\/p>\n\n\n\n
Consider this scenario: A business analyst asks AI to create slides for a new business case. Instead of pulling from recent project documents, Copilot surfaces a snippet from a confidential client proposal tucked away in a poorly secured SharePoint site. Suddenly, sensitive client information finds its way into an internal draft presentation \u2013 an unintended but very real risk. <\/p>\n\n\n\n
This isn\u2019t about employees being careless. It\u2019s about AI removing the barriers of discoverability \u2013 if sensitive data exists and permissions allow access, AI can use it. That\u2019s why IA must come first.<\/p>\n\n\n\n
Common Pitfalls Without IA <\/h2>\n\n\n\n
Without a well-designed IA, organisations often stumble into the same traps: <\/p>\n\n\n\n
- \n
- Site sprawl:<\/strong> Hundreds of SharePoint sites and Teams created without a strategy, leaving users confused about where to store or find documents. For AI, this means it may surface irrelevant or outdated content because the system cannot distinguish which site holds the current truth. <\/li>\n<\/ul>\n\n\n\n
- \n
- Broken permissions<\/strong>: Over-reliance on sharing links or inherited permissions, giving more people access than intended. AI doesn\u2019t second-guess permissions \u2013 if someone has access, it will happily serve up sensitive content, whether or not they should realistically be using it. <\/li>\n<\/ul>\n\n\n\n
- \n
- Poor navigation and search:<\/strong> Documents buried in poorly labelled folders, leaving employees to waste time searching or recreating work. AI amplifies this problem by drawing on whatever it can find \u2013 including misfiled or draft versions \u2013 and presenting them as authoritative. <\/li>\n<\/ul>\n\n\n\n
- \n
- Shadow IT:<\/strong> Teams bypassing official sites and processes, leading to data silos and duplicated information. AI can\u2019t tell the difference between the \u201cofficial\u201d source and the copy in a rogue location, which risks surfacing the wrong information. <\/li>\n<\/ul>\n\n\n\n
In short, these pitfalls don\u2019t just slow people down \u2013 they directly undermine AI adoption. What was once \u201chard to find\u201d suddenly becomes \u201cimpossible to miss,\u201d and without the right IA, the wrong content could be what gets exposed.<\/p>\n\n\n\n
Protecting Sensitive Data<\/h2>\n\n\n\n
A robust IA strategy ensures that sensitive data is identified, labelled, and protected. Key elements include: <\/p>\n\n\n\n
- \n
- Data Loss Prevention (DLP): Preventing accidental sharing of sensitive data. <\/li>\n<\/ul>\n\n\n\n
- \n
- Information Protection Labels: Classifying and controlling access to confidential documents. <\/li>\n<\/ul>\n\n\n\n
- \n
- Governance Policies: Establishing rules for lifecycle management, retention, and access. <\/li>\n<\/ul>\n\n\n\n
These guardrails ensure that when AI interacts with organisational data, it doesn\u2019t inadvertently compromise compliance or security. <\/p>\n\n\n\n
These guardrails ensure that when AI interacts with organisational data, it doesn\u2019t inadvertently compromise compliance or security. For a deeper dive into how Microsoft Purview and a DSPM (Data Security Posture Management) framework secure your AI journey, check out Hambik\u2019s blog on DSPM for AI<\/a>.<\/p>\n\n\n\n
Real-World Example<\/h2>\n\n\n\n
Imagine a marketing team working on a new campaign. They ask Copilot to \u201ccreate a pitch deck based on past proposals.\u201d Copilot obliges \u2013 but in doing so, it pulls confidential pricing details from a restricted finance folder that happened to be mislabelled. The marketing team, unaware of the source, shares the deck widely. What started as a small oversight in IA snowballs into a compliance issue. <\/p>\n\n\n\n
This is why information protection can\u2019t be an afterthought. The strength of AI lies in its ability to connect dots \u2013 but without strong IA, it may connect the wrong ones.<\/p>\n\n\n\n
The Role of Governance<\/h2>\n\n\n\n
Governance goes hand-in-hand with IA. Without proper governance, even the best architecture will deteriorate over time. Establishing governance frameworks means: <\/p>\n\n\n\n
- \n
- Clear ownership of data and sites.<\/li>\n\n\n\n
- Defined processes for access requests and permissions.<\/li>\n\n\n\n
- Ongoing audits to maintain compliance. <\/li>\n<\/ul>\n\n\n\n
Governance ensures IA remains a living system, evolving with the business and its data needs.<\/p>\n\n\n\n
Start with Discovery: Know Your Data<\/h2>\n\n\n\n
At Insentra, we often say: \u201cKnow your data before you know your AI.\u201d That starts with a discovery exercise: <\/p>\n\n\n\n
- \n
- Identify where your sensitive data lives.<\/li>\n\n\n\n
- Map data flows across SPO and Teams.<\/li>\n\n\n\n
- Highlight gaps where governance, site structure, or labelling is missing. <\/li>\n<\/ul>\n\n\n\n
This process forms the foundation for protecting data and preparing for safe AI adoption.<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.insentragroup.com\/nz\/wp-content\/uploads\/sites\/18\/2025\/09\/image-1.png\")
<\/figure>\n\n\n\nGovernance and Continuous Improvement<\/h2>\n\n\n\n
Governance goes hand-in-hand with IA. Without proper governance, even the best architecture will deteriorate over time. Establishing governance frameworks means: <\/p>\n\n\n\n
- \n
- Clear ownership of data and sites.<\/li>\n\n\n\n
- Defined processes for access requests and permissions.<\/li>\n\n\n\n
- Ongoing audits to maintain compliance. <\/li>\n<\/ul>\n\n\n\n
Governance ensures IA remains a living system, evolving with the business and its data needs. It also ties directly into continuous improvement. A practical starting point is an Information Architecture Implementation or Advisory Engagement<\/strong>, where experts help design a scalable structure, apply governance, and set up protection policies. From there, organisations can iterate, building maturity in data management while enabling AI safely and effectively. <\/p>\n\n\n\n
- Governance Policies: Establishing rules for lifecycle management, retention, and access. <\/li>\n<\/ul>\n\n\n\n
- Information Protection Labels: Classifying and controlling access to confidential documents. <\/li>\n<\/ul>\n\n\n\n
- Data Loss Prevention (DLP): Preventing accidental sharing of sensitive data. <\/li>\n<\/ul>\n\n\n\n
- Shadow IT:<\/strong> Teams bypassing official sites and processes, leading to data silos and duplicated information. AI can\u2019t tell the difference between the \u201cofficial\u201d source and the copy in a rogue location, which risks surfacing the wrong information. <\/li>\n<\/ul>\n\n\n\n
- Poor navigation and search:<\/strong> Documents buried in poorly labelled folders, leaving employees to waste time searching or recreating work. AI amplifies this problem by drawing on whatever it can find \u2013 including misfiled or draft versions \u2013 and presenting them as authoritative. <\/li>\n<\/ul>\n\n\n\n
- Broken permissions<\/strong>: Over-reliance on sharing links or inherited permissions, giving more people access than intended. AI doesn\u2019t second-guess permissions \u2013 if someone has access, it will happily serve up sensitive content, whether or not they should realistically be using it. <\/li>\n<\/ul>\n\n\n\n
- Site sprawl:<\/strong> Hundreds of SharePoint sites and Teams created without a strategy, leaving users confused about where to store or find documents. For AI, this means it may surface irrelevant or outdated content because the system cannot distinguish which site holds the current truth. <\/li>\n<\/ul>\n\n\n\n
- Making sure metadata, labels, and content types are in place to drive better navigation and search experiences, helping users avoid the all-too-familiar \u201cneedle in a haystack\u201d hunt. <\/li>\n<\/ul>\n\n\n\n
- Establishing the right permissions model, ensuring access is granted on a least-privilege basis and consistently applied across sites and Teams. <\/li>\n<\/ul>\n\n\n\n