Astris CSP
Help portal Begin a conversation
AI · Sovereignty · 2026

What is the role of Microsoft 365 in an AI-adopted enterprise?

15 June 2026
Stack AI GovernanceMicrosoft 365Data Sovereignty

Every platform a wealth management firm uses now arrives with its own AI. The administration system has one, the compliance tooling has one. Microsoft has Copilot, embedded into Teams and SharePoint, with Work IQ emerging. Each is offered as the natural home for your firm’s intelligence. Each wants to become the central point everything else connects through.

That ambition is the thing worth examining, because it is about to collide with how AI actually changes the way a firm works.

Here is the honest position for today: Microsoft 365 with Copilot is the safest place for a regulated firm to begin. The data residency is handled, the governance is auditable, and a compliance officer can describe the boundary to a regulator without flinching. For a family office or trust company starting out with AI, that matters more than AI capability. We advise most firms in this position to stay there for now, and we will say so plainly in any AI policy we write.

So let me be plain: a holding pattern is not a destination.

The role of Microsoft 365 is already shifting from the place you work to one of the places your AI reads from. Once an intelligence layer reads across everything for you, you stop going to the application. You stop opening Outlook to read the email. You stop opening the task system to update the task. The intelligence comes to you, having already read across all of it. Outlook stops being the work cockpit and becomes a specialised document store for comms data, which it always was underneath. Useful and governed, but critically, no longer where the work happens.

This is where the vendor ambition turns from convenience into liability. Work IQ, today, is built to embed people deeply enough that leaving becomes painful. That design made sense when the goal was keeping humans inside one environment. The question for a firm planning more than two years out is whether it still needs to accept that arrangement.

So the real risk is not picking the wrong AI. It is what happens to your firm’s accumulated context when people jump from one product’s AI to the next, losing the thread each time, because no single vendor wants to let that context travel.

The architecture that answers this is not another embedded assistant. It is an open connection layer, an API or MCP endpoint, that lets a model of your choosing read across your systems without any one of them owning the relationship. The firms that get this right will treat their AI capability the way they already treat their custodians and their jurisdictions: deliberately diversified, never wholly dependent on a single provider’s goodwill.

Which leads to the question that should actually govern the decision. Sovereignty.

For a firm operating across the Caribbean, the USA, the Channel Islands, and Switzerland, where data sits has always been a first-order question, not a technical footnote. AI does not simplify this. It adds a second layer underneath the first. It is no longer enough to know where your files sit. You now have to know where the model that reads them runs, and what that host is required to retain. A model served inside Europe is not automatically sovereign if the infrastructure beneath it must keep a rolling record of everything it processed for a jurisdiction on the other side of the world. The same residency logic a multi-jurisdictional firm already applies to its file system now has to extend to its intelligence layer. Most firms have not yet asked the question. Their providers have not raised it.

So the role of Microsoft 365 in an AI-adopted enterprise is this. It is the safe and governed place to begin, and for now we recommend it as exactly that. It is also, increasingly, a data store rather than a cockpit, one well-governed source among several that a model-independent layer reads from. The mistake would be to confuse the first role with the second, and to let the most embedded vendor quietly become the permanent centre of a firm’s intelligence simply because it was the safest place to start.

The firms that will navigate the next two years well are the ones asking, now, where their sovereignty actually lives once the interface, the data, and the model are no longer the same company.

Where does your sovereignty live once the interface, the data, and the model are no longer the same company?

← Briefings & journal