You have full permissions to a SharePoint file, but Copilot refuses to read it. This problem usually occurs because Copilot relies on additional data access settings beyond standard file permissions. The cause is often a missing search index, a blocked Graph API connection, or a restrictive data source policy in the Microsoft 365 admin center. This article explains the technical root causes and provides step-by-step fixes to resolve the issue.
Key Takeaways: Restoring Copilot Access to SharePoint Files
- Microsoft 365 admin center > Settings > Copilot > Data sources: Controls which Microsoft Graph data Copilot can read for grounded responses.
- SharePoint site > Site settings > Search and offline availability: Ensures the file is indexed and discoverable by Microsoft Search.
- Microsoft Graph API permissions for Copilot: Requires delegated permissions to read SharePoint files on behalf of the signed-in user.
Why Copilot Cannot Read a SharePoint File Despite Proper Permissions
When you grant a user direct permissions to a SharePoint file, that user can open the file in the browser or desktop app. However, Copilot accesses files through the Microsoft Graph API, which enforces additional layers of control. The following three factors commonly block Copilot even when file-level permissions are correct.
Search Indexing and Content Discovery
Copilot uses Microsoft Search to locate files. If a SharePoint site or document library is not configured to allow search indexing, Copilot cannot find the file. The site must be set to allow content to appear in search results. Even if the user has Read permissions, a site that blocks search visibility will prevent Copilot from reading the file.
Copilot Data Source Policies
The Microsoft 365 admin center includes a Copilot settings page that defines which data sources Copilot can access. An administrator may restrict Copilot to only indexed SharePoint sites or specific Microsoft Graph data types. If the target file resides on a site not included in the allowed data sources, Copilot cannot read it regardless of user permissions.
Graph API Delegated Permissions
Copilot runs under the signed-in user’s identity. The user must have the correct delegated permissions granted through an app registration or through the default Microsoft 365 permissions. In some tenants, administrators revoke or limit Graph API scopes such as Sites.Read.All or Files.Read.All. Without these scopes, Copilot cannot fetch file content through the API even if the file itself is accessible via direct URL.
Steps to Restore Copilot Access to a SharePoint File
Follow these steps in order. Each step addresses one of the root causes described above.
- Verify the SharePoint site search settings
Go to the SharePoint site where the file is stored. Select Settings gear at the top right. Choose Site information then View all site settings. Under Search, click Search and offline availability. Ensure the radio button Allow this site to appear in search results is selected. Click OK. - Check the document library search settings
Navigate to the library containing the file. Select the gear icon and choose Library settings. Under General settings, click Advanced settings. In the Search section, confirm Allow items from this document library to appear in search results? is set to Yes. Click OK. - Reindex the site or library
If search settings were changed, force a reindex. Go back to Search and offline availability under Site settings. Click Reindex site. For a single library, go to Library settings > Advanced settings > Reindex document library. Wait up to 30 minutes for the index to update. - Confirm Copilot data source policies in the admin center
Sign in to the Microsoft 365 admin center. Go to Settings > Copilot > Data sources. Under Microsoft Graph data, ensure SharePoint and OneDrive are enabled. If specific sites are listed, verify that the site containing the file is included. Add the site URL if missing. Save changes. - Check Graph API permission grants
In the Microsoft 365 admin center, go to Settings > Org settings > Microsoft Graph API permissions. Look for the permission Sites.Read.All or Files.Read.All granted to the Copilot service principal. If missing, an administrator must grant consent. Use the Azure portal: navigate to Azure Active Directory > App registrations > All applications > select the Copilot app > API permissions. Add Microsoft Graph > Delegated permissions > Sites.Read.All. Click Grant admin consent. - Test with a different file on the same site
Create a new text file in the same SharePoint library. Give yourself Read permissions. Ask Copilot to summarize it. If Copilot reads the new file, the original file may have corruption or metadata issues. Re-upload the original file.
If Copilot Still Cannot Read the File After the Main Fix
Some scenarios require additional troubleshooting. Below are the most common remaining issues and their solutions.
Copilot Returns Generic Output Instead of Tenant-Specific Data
This usually indicates that Copilot is using public web data rather than your tenant’s SharePoint content. In the Copilot pane, check the Sources dropdown. If it shows Web instead of Work or Organization, click the dropdown and select Work. This forces Copilot to search only Microsoft Graph data within your tenant.
File Is in a Restricted Sensitivity Label
Microsoft Purview Information Protection sensitivity labels can block Copilot from reading file content even if the user has Read permissions. Open the file in the browser. Look for a sensitivity label banner at the top. If the label includes encryption or restricts machine reading, Copilot cannot access the content. Request that the document owner change the label to a less restrictive one, or ask your administrator to create a label that allows Copilot access.
File Type Not Supported by Copilot
Copilot supports common file types such as .docx, .xlsx, .pptx, .pdf, and .txt. It does not support .odt, .ods, .odp, .rtf, or .html files. If your file uses an unsupported format, convert it to a supported type. For example, save a .odt file as .docx in Word.
Browser Cache or Session Issues
A stale authentication token can prevent Copilot from fetching the file. Sign out of all Microsoft 365 apps in your browser. Clear the browser cache and cookies. Sign back in and try again.
| Item | File Permissions Only | Copilot Access |
|---|---|---|
| Requires SharePoint site search indexing | No | Yes |
| Requires Graph API delegated permissions | No | Yes |
| Affected by Copilot data source policies | No | Yes |
| Blocked by sensitivity label encryption | No (user can open) | Yes |
After applying the fixes in this article, you can now force Copilot to read SharePoint files that it previously ignored. Start by verifying search indexing and data source policies. If the issue persists, check Graph API permission grants and sensitivity labels. As an advanced tip, use the Microsoft 365 admin center audit log to search for Copilot interaction events to see exactly which API call failed and why.