Microsoft Copilot for small businesses: when it’s worth it

Microsoft is pushing Copilot hard. The licence is £25 per user per month. For a 20-person business that’s £6,000 a year before VAT. Worth it?

Sometimes. Not always. Here’s a straight read on when Copilot pays back and when it doesn’t.

What Copilot actually does

Microsoft 365 Copilot sits inside the apps your team already uses — Outlook, Word, Excel, PowerPoint, Teams — and uses GPT-4-class AI to do things like:

  • Summarise a long email thread or document
  • Draft a reply, a brief, or a meeting agenda
  • Pull together a deck from a Word brief
  • Build a pivot table or formula in Excel without you knowing the syntax
  • Search across your SharePoint, OneDrive and Outlook by asking a question in plain English

The last one is the killer feature for businesses with messy file storage. Instead of remembering where the Q3 budget lives, you ask Copilot “what was our Q3 budget for the marketing team?” and it finds it.

When it’s worth it

You produce lots of written work. Consultancies, accountancies, marketing agencies, legal firms. If your team writes 20+ documents or emails an hour, Copilot saves 30-50% of that time. The licence pays for itself.

Your data is in Microsoft 365 already. If your files are scattered across Dropbox, Google Drive, and email attachments, Copilot can’t see them. It only knows what’s in your Microsoft tenant.

Your team is comfortable with AI tools. If they’re already using ChatGPT or Claude personally, Copilot extends what they do. If they think AI is suspicious, you’ll pay for licences nobody uses.

You handle sensitive information. Copilot keeps everything inside your tenant. Free ChatGPT doesn’t — anything pasted into it could be used to train the model. For client-confidential or regulated data, Copilot is the safer option.

When to wait

Your file structure is a mess. Copilot is only as good as the data it can see. If SharePoint permissions are wrong (junior staff seeing the board pack), Copilot will surface that data when asked. Sort the permissions before turning Copilot on.

You haven’t set up sensitivity labels. Without labels, Copilot doesn’t know which files are confidential. Set the labels first — we can do this in 1-2 days for most businesses.

You’re a 3-person team. The maths are tight. ChatGPT Plus at £15-£20/month gives you most of the same value if you don’t need it talking to your files. Revisit Copilot at 10+ staff.

You’re on Business Basic. Copilot requires Microsoft 365 Business Standard or Premium. Business Basic users would need to upgrade first — increasing the real cost from £25 to £30-£35/user/month.

What to lock down first

Before you give Copilot access to your data:

  1. Sensitivity labels. Mark documents as Public, Internal, Confidential, or Restricted. Copilot respects these labels.
  2. SharePoint permissions audit. Make sure shared sites only contain what should be shared. Move anything sensitive into a properly-permissioned site.
  3. External sharing review. If files are shared with “anyone with the link”, Copilot might surface them in queries. Tighten this up.
  4. Retention policy. What gets deleted, when. Old confidential drafts shouldn’t sit in OneDrive forever.
  5. Training the team. 45 minutes on how to prompt Copilot, what to feed it, what not to. Most rollouts fail because no one was shown how to use it.

The AI policy

Every business using AI — Copilot, ChatGPT, Claude, anything — should have a one-page written policy. What’s OK to put into AI tools, what isn’t, what happens if someone leaks client data into a public model.

We give every client a template. The short version: client-confidential data goes into Copilot only (it stays in your tenant). Generic drafting and research can go into any tool. Personal data of identifiable people — think GDPR — is never pasted into a public LLM.

Is our data training Microsoft’s AI?

Short answer: no. Microsoft 365 Copilot uses your tenant data to answer your questions. It doesn’t train the underlying GPT model on your content. Microsoft’s documentation on this is worth reading if your legal or compliance team asks.

This is different from free ChatGPT, where what you paste in can be used for model training unless you turn the setting off. It’s also different from Microsoft’s Bing Chat, which sits outside your tenant.

Want a quick assessment?

We do a Copilot-readiness check as part of the Microsoft 365 work. 30 minutes on a call, written read on whether your data is ready, what to lock down first, and whether the licence will pay back at your team size. Book a chat.

Submit a Comment

Your email address will not be published. Required fields are marked *