July 1, 2026

What Records and Information Professionals Told Us About Microsoft 365 Governance in 2026

More Info

Microsoft 365 has transformed the way organisations collaborate, making it easier than ever to create, share and access information. But as environments grow, so too does the challenge of managing that information effectively.

This week, FYB hosted a RIMPA webinar, From SharePoint Sprawl to M365 Maturity, exploring why information governance has become one of the biggest challenges facing organisations today and how a structured governance framework can turn information chaos into an AI-ready, compliant environment.

During the webinar, we asked attendees a series of live survey questions to better understand where organisations are on their Microsoft 365 (M365) governance journey.

The results provide a valuable snapshot of where many Australian organisations currently sit on their Microsoft 365 governance journey - and highlight why information governance has become a strategic priority for both Records and Information Management professionals and IT teams.

Here are the key insights.

Duplicate documents remain one of the biggest Microsoft 365 governance challenges

One of our first survey questions revealed one of the most persistent challenges in Microsoft 365 environments:

How many places does the "final version" of an important document live in your organisation?

The results were telling.

  • 13% said there was only one authoritative version.
  • 46% said two or three versions existed.
  • 32% admitted they'd "stopped counting."

Duplicate information remains one of the most common symptoms of SharePoint sprawl. Multiple versions create confusion, reduce confidence in information and make it increasingly difficult to know which record is the official one.

What this means for Records and Information Professionals

This isn't simply a document management problem.

Every duplicate increases the likelihood of:

  • Conflicting information
  • Incorrect business decisions
  • Over-retention of records
  • More information to review during FOI or legal discovery
  • Increased privacy and compliance risk

The goal isn't just reducing duplicates - it's establishing a single authoritative record supported by sound information governance.

What this means for IT

Technology alone won't solve duplication.

Site provisioning, permissions and storage policies are important, but without governance around classification, ownership and lifecycle management, duplicate content will continue to grow.

Why AI is making information governance more important than ever

AI was a recurring theme throughout the webinar, and the survey responses reflected the uncertainty many organisations are currently experiencing.

When asked whether AI assistants such as Microsoft Copilot had been introduced:

  • 24% said AI was working well.
  • 29% said AI had been introduced, but not in a governed way.
  • 36% said AI wasn't yet permitted within their organisation.

The message was clear: AI readiness isn't simply about deploying Copilot or another assistant.

It's about whether the information underneath can be trusted.

As discussed during the webinar, AI doesn't tidy up poor information - it amplifies whatever already exists. Duplicate content, outdated documents, inconsistent metadata and unmanaged repositories all become more visible when AI begins searching across them.

What this means for Records and Information Professionals

Information governance has become AI governance.

Classification, metadata, retention, disposal and defensible recordkeeping are no longer just compliance activities - they directly influence the quality, reliability and security of AI-generated responses.

What this means for IT

Before enabling organisation-wide AI tools, consider whether your organisation has:

  • Appropriate access controls
  • Duplicate information under control
  • Sensitive information properly managed
  • Governance over SharePoint sites and Teams
  • Retention and disposal policies in place

Without these foundations, AI can increase organisational risk rather than productivity.

Information governance is still viewed primarily as compliance

One of the strongest findings from the survey was how organisations perceive information governance.

Nearly half of respondents (48%) said information governance is viewed primarily as "a compliance box to tick."

Only 35% believed leadership sees it as a core organisational discipline.

This helps explain why governance initiatives often struggle to attract investment. Too often, governance is viewed as an administrative or compliance exercise rather than a strategic capability that enables better business outcomes.

In reality, mature information governance delivers:

  • Faster access to trusted information
  • Better decision making
  • Reduced privacy and compliance risk
  • Greater confidence in AI
  • Lower storage and operational costs

For Records and Information Management professionals, this presents an opportunity to reposition governance as a business enabler - not just a compliance obligation.

Most organisations are still early in their governance maturity journey

When attendees were asked where they currently sit on the journey from information chaos to control:

  • 62% described themselves as having emerging awareness and coordination
  • 23% said they were still operating in reactive chaos
  • 13% considered themselves to have clearly defined governance
  • Only 2% felt they were genuinely well governed

The positive news is that most organisations recognise the challenge and have begun improving governance.

The next step is moving beyond awareness towards consistent policies, automated controls and embedded governance practices.

As highlighted during the webinar, governance maturity isn't achieved through technology alone. It requires a structured approach combining policy, process, technology and organisational culture.

Why organisations still struggle to find the right records

Our final insight came from a challenge many Records and Information professionals know all too well.

If an FOI or discovery request landed today, how difficult would it be to locate all the related records?

While 71% believed they could locate records within a few hours, only 3% said they could find everything in just a few clicks.

Another 20% anticipated a frantic search across numerous locations.

These results suggest that while many organisations have improved visibility, very few have reached true information maturity where records can be located quickly, confidently and consistently.

For both Records professionals and IT teams, improving discoverability isn't just about better search—it's about ensuring information is consistently classified, managed and governed throughout its lifecycle.

Why this matters

One of the strongest messages from the webinar was that SharePoint sprawl isn't really a SharePoint problem.

It's a governance problem.

Microsoft 365 is an incredibly powerful collaboration platform. But without clear ownership, classification, retention and accountability, organisations inevitably accumulate duplicate content, unmanaged sites and increasing compliance risk.

AI hasn't created these issues.

It has simply made them more visible - and more urgent.

The destination isn't a tidier SharePoint. It's a governed, defensible and AI-ready organisation.

Key Takeaways

  • Microsoft 365 sprawl is primarily a governance challenge, not a technology challenge.
  • AI increases the importance of trusted, well-governed information.
  • Most organisations are still in the early stages of governance maturity.
  • Records and Information Management professionals have a critical role in improving AI readiness and reducing organisational risk.
  • IT and Records teams must work together to embed governance into Microsoft 365 rather than treating it as a separate initiative.
  • Organisations that invest in governance today will be better positioned to meet future compliance obligations and realise the full value of AI.

Ready to move from Microsoft 365 sprawl to governance?

Whether you're developing an information governance framework, implementing an EDRMS, integrating Microsoft 365 with OpenText Content Manager, or preparing your organisation for AI, FYB can help.

Our consultants work with organisations across government and regulated industries to develop practical governance frameworks, implement records management solutions, and integrate Microsoft 365 with OpenText Content Manager to improve compliance, reduce risk and support the way people work.

Contact us to discuss where your organisation sits on the information governance maturity journey and how we can help you take the next step.

Contact us

Request a demo

Thank you! Your submission has been received and an FYB Team Member will be in contact soon.
Oops! Something went wrong while submitting the form.

Request a demo

Thank you! Your submission has been received and an FYB Team Member will be in contact soon.
Oops! Something went wrong while submitting the form.

Access Power Automate Masterclass on demand

Learn how to streamline repetitive processes and ensure you are meeting recordkeeping compliance requirements with Microsoft Power Automate, Power2CM and Micro Focus Content Manager.
Thank you, a link to access the resource will arrive in your inbox soon.

In the meantime, check our our blog for more helpful resources.
Oops! Something went wrong while submitting the form.

Our Other Blogs

Bridging the Gap Between Microsoft 365 and Content Manager
Why Every Organisation Needs an AI Register
Transforming Collaboration into Compliance: Integrating Microsoft 365 with OpenText Content Manager