Artificial Intelligence (AI) is the hottest topic in the workplace right now. From Microsoft Copilot to intelligent agents and custom AI-driven applications, organizations everywhere are rushing to enable AI, enticed by the promise of productivity, efficiency, and innovation. But amid this enthusiasm, one critical factor often gets overlooked – Information Architecture (IA).
Before going too far down the AI journey, organizations need to take a step back and get their information architecture in Microsoft 365 (M365) – particularly in SharePoint Online (SPO) and Teams – in order. Without the right foundations, AI could inadvertently expose sensitive information, leading to compliance breaches, reputational risks, or worse.
What is Information Architecture (IA)?
At its core, Information Architecture is about structuring, organising, and managing your data so that it is accessible, usable, and secure. In the context of M365, this means:
- Defining how documents and data are stored and categorized in SharePoint and Teams.
- Designing a logical SPO site structure that mirrors organisational needs, avoids sprawling, ad hoc sites, and helps users intuitively find what they need.
- Establishing the right permissions model, ensuring access is granted on a least-privilege basis and consistently applied across sites and Teams.
- Making sure metadata, labels, and content types are in place to drive better navigation and search experiences, helping users avoid the all-too-familiar “needle in a haystack” hunt.
Think of IA as the blueprint for your digital workplace – without it, AI will be working in a cluttered warehouse rather than a well-organised library.
Why is IA so important before AI?
AI thrives on data. When you prompt AI tools like Copilot to build a business case presentation or summarise a report, it doesn’t just look at your immediate files. It can surface data from across the organization – even information users didn’t realise was accessible.
Consider this scenario: A business analyst asks AI to create slides for a new business case. Instead of pulling from recent project documents, Copilot surfaces a snippet from a confidential client proposal tucked away in a poorly secured SharePoint site. Suddenly, sensitive client information finds its way into an internal draft presentation – an unintended but very real risk.
This isn’t about employees being careless. It’s about AI removing the barriers of discoverability – if sensitive data exists and permissions allow access, AI can use it. That’s why IA must come first.
Common Pitfalls Without IA
Without a well-designed IA, organizations often stumble into the same traps:
- Site sprawl: Hundreds of SharePoint sites and Teams created without a strategy, leaving users confused about where to store or find documents. For AI, this means it may surface irrelevant or outdated content because the system cannot distinguish which site holds the current truth.
- Broken permissions: Over-reliance on sharing links or inherited permissions, giving more people access than intended. AI doesn’t second-guess permissions – if someone has access, it will happily serve up sensitive content, whether or not they should realistically be using it.
- Poor navigation and search: Documents buried in poorly labelled folders, leaving employees to waste time searching or recreating work. AI amplifies this problem by drawing on whatever it can find – including misfiled or draft versions – and presenting them as authoritative.
- Shadow IT: Teams bypassing official sites and processes, leading to data silos and duplicated information. AI can’t tell the difference between the “official” source and the copy in a rogue location, which risks surfacing the wrong information.
In short, these pitfalls don’t just slow people down – they directly undermine AI adoption. What was once “hard to find” suddenly becomes “impossible to miss,” and without the right IA, the wrong content could be what gets exposed.
Protecting Sensitive Data
A robust IA strategy ensures that sensitive data is identified, labelled, and protected. Key elements include:
- Data Loss Prevention (DLP): Preventing accidental sharing of sensitive data.
- Information Protection Labels: Classifying and controlling access to confidential documents.
- Governance Policies: Establishing rules for lifecycle management, retention, and access.
These guardrails ensure that when AI interacts with organisational data, it doesn’t inadvertently compromise compliance or security.
These guardrails ensure that when AI interacts with organisational data, it doesn’t inadvertently compromise compliance or security. For a deeper dive into how Microsoft Purview and a DSPM (Data Security Posture Management) framework secure your AI journey, check out Hambik’s blog on DSPM for AI.
Real-World Example
Imagine a marketing team working on a new campaign. They ask Copilot to “create a pitch deck based on past proposals.” Copilot obliges – but in doing so, it pulls confidential pricing details from a restricted finance folder that happened to be mislabelled. The marketing team, unaware of the source, shares the deck widely. What started as a small oversight in IA snowballs into a compliance issue.
This is why information protection can’t be an afterthought. The strength of AI lies in its ability to connect dots – but without strong IA, it may connect the wrong ones.
The Role of Governance
Governance goes hand-in-hand with IA. Without proper governance, even the best architecture will deteriorate over time. Establishing governance frameworks means:
- Clear ownership of data and sites.
- Defined processes for access requests and permissions.
- Ongoing audits to maintain compliance.
Governance ensures IA remains a living system, evolving with the business and its data needs.
Start with Discovery: Know Your Data
At Insentra, we often say: “Know your data before you know your AI.” That starts with a discovery exercise:
- Identify where your sensitive data lives.
- Map data flows across SPO and Teams.
- Highlight gaps where governance, site structure, or labelling is missing.
This process forms the foundation for protecting data and preparing for safe AI adoption.
Governance and Continuous Improvement
Governance goes hand-in-hand with IA. Without proper governance, even the best architecture will deteriorate over time. Establishing governance frameworks means:
- Clear ownership of data and sites.
- Defined processes for access requests and permissions.
- Ongoing audits to maintain compliance.
Governance ensures IA remains a living system, evolving with the business and its data needs. It also ties directly into continuous improvement. A practical starting point is an Information Architecture Implementation or Advisory Engagement, where experts help design a scalable structure, apply governance, and set up protection policies. From there, organizations can iterate, building maturity in data management while enabling AI safely and effectively.
Learn more about our Advisory Services – designed to help organizations discover, classify, and govern their data before embarking on their AI journey.
Strong IA, Smarter AI
AI represents a transformative opportunity, but only if organizations put the right foundations in place first. Information Architecture in M365 – especially SPO and Teams – is that foundation. By designing clear site structures, strengthening permissions, improving navigation and search, knowing your data, protecting sensitive information, and establishing governance, you safeguard your organization from unintentional data exposure and position yourself for long-term AI success.
So before you sprint into AI, make sure your IA is ready to run alongside it.
Join our Generative AI Sprint 1 and learn how to build the right foundations in Microsoft 365 for safe, effective AI adoption.
