QuotaSprawl | The Hidden Governance Risk Behind Copilot Pages | R.A.H.S.I. Framework™ Analysis

Copilot Pages and Copilot Notebooks are not just collaboration features.

They are a new storage, governance, and compliance surface.

Microsoft confirms that Copilot Pages create .page files and Copilot Notebooks create .pod files inside a user-owned SharePoint Embedded container. That same container is also used by Loop My workspace.

Here is the governance catch:

In the SharePoint admin center, PowerShell, and Purview audit data, the container appears under the application name Loop — even when it only stores Copilot Pages or Copilot Notebooks.

That creates QuotaSprawl.

A user can create Copilot Pages, Notebooks, and Loop workspace content that all count against the organization’s SharePoint storage quota. The container can reach up to 25 TB, and there is no admin control to set quota limits on individual Copilot Pages / Notebook containers.

This is not only a storage issue.

It is an enterprise control-plane issue.

What must be governed?

🛡️Storage Visibility

Track SharePoint Embedded containers, storage growth, user-owned content, and quota impact.

🛡️Admin Policy

Use Cloud Policy to control creation and viewing of Copilot Pages and Copilot Notebooks.

🛡️Loop Dependency

To prevent the shared container from being created, both Loop workspace creation and Copilot Pages / Notebooks creation must be disabled for the same user.

🛡️Permissions

Copilot Pages can be shared with page-level access. Copilot Notebooks can expose referenced files to shared users where permissions allow.

🛡️Purview and Audit

Use Microsoft Purview for retention, eDiscovery, DLP, audit exports, sensitivity labels, and compliance workflows.

🛡️Lifecycle Risk

User-owned containers follow OneDrive-style cleanup: 30 days active, then soft delete, then 93 days to permanent deletion.

R.A.H.S.I. Framework™ View

R — Recognize quota sprawl

A — Audit SharePoint Embedded containers

H — Harden sharing and permissions

S — Standardize Purview governance

I — Integrate AI collaboration controls

Copilot Pages are powerful.

But without quota, lifecycle, and compliance governance, they can quietly expand the Microsoft 365 risk surface.

The future of AI collaboration must be secure by design, governed by policy, and visible to administrators.