The Short Answer
Bad results from Microsoft Copilot almost always trace back to one of two problems, and neither of them is the tool itself. The first is how you are prompting it. The second is how your Microsoft 365 environment was set up before Copilot was turned on. Understanding the difference between those two root causes matters because fixing one will not fix the other.
Root Cause One: Most People Are Still Using Copilot Like a Search Engine
What that looks like in practice
I am Paul Smith, and I lead vCIO strategy here at Datasmith Network Solutions. I talked to a few business owners who have given up on Copilot, the conversation almost always follows the same pattern. They typed something short into the prompt box, got a generic response, tried it a few more times, got a few more generic responses, and concluded the tool was not worth their time. The request itself is the problem.
When you type “summarize my emails” or “write a proposal” into Copilot without any additional context, you are asking it to make dozens of decisions on your behalf that you have not thought through. What emails? From what time period? For what purpose? What proposal? For which client? What tone? What length? Copilot will answer all of those questions on its own, and the answer it produces reflects its best guess at what a generic version of that task should look like.
The warehouse vs. home analogy
I describe what happens with an analogy drawn from my own team’s experience: you are asking Copilot to give you an answer sized for a 100,000 square foot warehouse when what you needed was a 2,600 square foot house. The tool is not wrong. It is answering a different question than the one you actually had.
This is the pattern that drives most early abandonment. The user sends a short vague input, gets something generic, and interprets that output as evidence the tool does not work. Copilot is working exactly as designed. The bottleneck is not the technology. It is the way the request was built.
How to Actually Prompt Copilot So It Gives You Useful Output
The five elements of a well-structured prompt
There is a specific structure that produces consistently useful output from Copilot, and it has five elements: role, context, goal, tonality, and outcome. Leaving any one of them out degrades the result in a predictable way.
Role means telling Copilot what it is doing for you in this conversation. Not who it is pretending to be, but what function it is performing. “You are reviewing the notes from a client meeting.” “You are summarizing email threads related to a specific project.” This focuses Copilot before it starts generating.
Context means giving Copilot the specific information it needs to answer accurately. “This is a 30-minute intake meeting with a new client in the construction industry.” “These are six months of email from our largest account.” Without context, Copilot fills every gap with generic assumptions, and every assumption moves the output further from what you actually needed.
Goal means naming explicitly what you are trying to accomplish. “I need a five-point summary I can share with someone who was not in the meeting.” “I need to know whether there are any unresolved commitments in this thread.” The more precisely you define the goal, the more precisely Copilot delivers toward it.
Tonality means telling Copilot how the output should read. “Professional, concise, no jargon.” “Friendly and direct, appropriate for a small business owner.” Copilot defaults to a neutral professional register. If you need something different, you have to say so explicitly.
Outcome means describing what the deliverable actually looks like. “Give me a numbered list of no more than five items.” “Write this as a three-paragraph email with a clear call to action in the final sentence.” When you describe the format, Copilot delivers the format rather than choosing one for you.
A before-and-after example
Here a simple comparison of a common request poorly structured versus a version of it structured around those five elements:
| Before (Vague) |
After (Five-Element Structure) |
| “Write a follow-up email to my client.” | “You are writing a follow-up email on my behalf after an initial discovery call with a small business owner evaluating IT managed services. Goal: confirm next steps and proposal timeline. Tone: professional and warm. Format: three paragraphs, clear next step in the final sentence.” |
The output from the second version is not marginally better. It is genuinely usable without significant rewriting. The first version requires the kind of editing that takes as long as writing the email from scratch, which is how most people conclude that Copilot is not saving them any time.
Root Cause Two: Your Microsoft 365 Tenant May Be Working Against You
Copilot does not have its own security layer
Even when prompting improves significantly, some users will keep getting inconsistent results because the second root cause has nothing to do with how they are asking questions. It has to do with the environment Copilot is running inside.
I say it directly: you do not configure Copilot for security. Copilot inherits the back end of the tenant’s governance. What that means in practice is that Copilot works with whatever your Microsoft 365 environment already has in place. If your permissions are broad, your data is unclassified, and accounts from employees who left two or three years ago are still active in the system, Copilot inherits all of it. It surfaces content based on what it has access to, not what you intended it to have access to.
What that means when the environment has never been reviewed
This creates two specific problems. The first is that Copilot may surface information it should not. In an environment where access controls have never been set correctly and data has never been classified, Copilot can pull content from corners of your system that were never meant to be widely visible. The second is that Copilot does not flag this when it happens. It does not tell you it accessed something unexpected. It just answers the question with the data it found.
Why fixing your prompting will not fix this problem
No amount of better prompting fixes a tenant that has never been properly reviewed. These are two distinct problems, and they require two distinct solutions. If you are not sure whether your Microsoft 365 environment has ever been assessed, the article on Microsoft 365 security and governance explains what a proper review covers and what it typically finds in small business environments.
Why This Matters More Than Most People Realize
The data exposure risk
A poorly configured tenant means Copilot may surface information it should not have surfaced. In industries where data confidentiality matters, in organizations with employee access tiers, or in any business with sensitive client files, this is not an inconvenience. It is a data handling risk that does not announce itself when it happens.
The abandonment cost
A poorly trained user means Copilot gets quietly abandoned. The pattern is consistent: an employee tries it a few times, gets generic output, goes back to doing things the way they have always done them, and says nothing. The subscription keeps running. No one knows the tool is sitting unused. The cost of the license continues. This is how businesses end up paying for software that produces no measurable value, and it is also why reviewing whether your team is actually using Copilot is as important as checking whether they have access to it.
If you want to understand exactly what you are currently paying for, the article on Microsoft 365 Copilot pricing breaks down the licensing structure clearly.
Both problems are fixable. They are just different problems, and they need to be addressed separately.
What Good Copilot Use Actually Looks Like
What we heard from other MSPs
At a Microsoft Copilot seminar I attended this past spring, I had the opportunity to see a range of businesses demonstrate how they were using the tool in practice. The contrast between the businesses getting consistent value and the ones that were frustrated with it was not about which version of Microsoft 365 they were running or how long they had been using it.
The businesses seeing real, day-to-day value had done two things: they had cleaned up their Microsoft 365 tenant before Copilot was enabled, and they had invested time in learning how to structure requests properly. Neither of those things happened by accident. Both required a deliberate decision to treat Copilot as something that needed setup, not something that would work automatically the moment access was granted.
What the difference looks like in day-to-day use
Once both problems are addressed, what Copilot does in practice changes from occasional experiment to an embedded part of the workflow. Meeting notes appear automatically and accurately. Email summaries that would have taken ten minutes of reading take thirty seconds. First drafts of follow-up emails or internal reports are ready before the next item on your calendar. These are not edge case uses. They are what Copilot does consistently when it is running on a clean tenant and being prompted with enough structure to give it a real target.
Frequently Asked Questions
Why is Microsoft Copilot giving me bad results?
Bad results from Microsoft Copilot almost always come from one of two problems: how you are prompting it, or how your Microsoft 365 tenant is configured. Vague, unstructured prompts produce generic output because Copilot fills in every missing detail on your behalf. Separately, if your Microsoft 365 environment has never been properly reviewed, Copilot inherits those governance gaps and may surface information unpredictably. Both problems are fixable, but they require different solutions.
How do I write a better Microsoft Copilot prompt?
A well-structured Copilot prompt includes five elements: role (what Copilot is doing for you), context (the specific details it needs), goal (what you are trying to accomplish), tonality (how the output should read), and outcome (what the deliverable looks like). Providing all five consistently produces output that is usable without significant editing.
What is the five-element Copilot prompt structure?
The five elements of a well-structured Microsoft Copilot prompt are:
- Role: tell Copilot what it is doing for you;
- Context: give it the specific details it needs to answer accurately;
- Goal: name exactly what you are trying to accomplish;
- Tonality: describe how the output should read;
- Outcome: describe what the deliverable looks like.
Leaving any one of these out degrades the result in a predictable way.
Does my Microsoft 365 configuration affect Copilot results?
Yes. Microsoft Copilot does not have its own security or data layer. It inherits the governance configuration of your Microsoft 365 tenant. If your permissions are broad, your data is unclassified, or old user accounts are still active, Copilot will surface content based on what it can access, not what you intended. A proper Microsoft 365 security and governance review is a prerequisite for reliable Copilot performance.
What does it mean that Copilot inherits tenant governance?
Microsoft Copilot does not have a separate security layer of its own. When Copilot searches your Microsoft 365 environment, it operates with the same permissions and access controls already configured for your tenant. If those controls are loose, outdated, or were never properly set up, Copilot will behave unpredictably and may surface information it should not. This is why Microsoft 365 tenant governance review is a prerequisite for a reliable Copilot deployment, not an optional step.
What to Do Next
You are not alone, and the problem is solvable
If you have tried Copilot and consistently gotten responses that felt generic or off-target, you are in the majority, not the minority. Most people who use it without setup or prompting training get underwhelming results, because the tool was not designed to perform without those things.
What makes the June 23 webinar different
If you have already attended a broad overview event about Copilot’s capabilities, you may have come away with a clear picture of what Copilot can theoretically do without a clear picture of what is making it not work for your specific business. The high-level capabilities of Copilot are well documented and easy to find. What is harder to find is a practical conversation about what the setup process actually requires and what realistic expectations look like once that work is done.
The June 23 webinar Datasmith is running is designed specifically for that gap. It is not a feature walkthrough. It is a practical, small-business-focused session on why most Copilot deployments underperform, what the setup process actually involves, and what you can reasonably expect once both problems are addressed.
Register here for the June 23 at 11 AM EST Microsoft Copilot Webinar.
If you are curious to know if the results your company is getting from Copilot are bad, and who’s to blame for that, Datasmith offers a complimentary IT assessment for companies in New England. We want to understand how you are making use of that tool, how it is configured in your environment, to give you a thorough direction on what and how to fix it. It is a conversation without any commercial obligation. If you feel this could be useful to you, go ahead and schedule a time with us.