SharePoint / OneDrive (Microsoft)
One-liner — Microsoft 365’s document and collaboration repositories — for most enterprises the single biggest pile of unstructured content, and therefore the primary corpus enterprise RAG and Copilot retrieve from.
What it does — SharePoint Online (sites/libraries) and OneDrive for Business (personal storage) hold the documents, intranet pages, and files knowledge workers create. In an AI stack they are content sources: the data RAG pipelines and microsoft-365-copilot index and answer over. The governance concern is not the product but its permissions — RAG inherits whatever access model (often over-shared) lives in SharePoint, which is exactly why entitlement-aware-rag and DSPM exist.
Where it sits in the stack — content-sources in the retrieval layer (Day-1 if doing RAG). Risk role: it holds the sensitive data — the trove an attacker wants exfiltrated. Pairs with microsoft-purview (classification/DLP) and microsoft-graph (entitlement-aware retrieval).
Deployment & architecture — SaaS (SharePoint Online / OneDrive in Microsoft 365); legacy on-prem SharePoint Server still exists. Surfaced to AI via Microsoft Graph, Copilot connectors, and third-party RAG ingestion.
Positioning & differentiators — Not a security product; it is the content the rest of the stack governs. Sibling content sources: confluence, google-drive.
Ownership, funding & M&A — First-party Microsoft 365 service (Microsoft Corp, public, NASDAQ: MSFT). No M&A. Confidence: high.
CTO / hedge-fund lens — Day-1 RAG input, not a buying decision — you already own it. The real work is fixing SharePoint permissions and labeling before pointing an LLM at it, so RAG does not surface MNPI or over-shared files to the wrong users.
Competitors / alternatives — confluence, google-drive (peer content repositories).
Sources
- [raw/sources/2026-06-28—retrieval-infra—first-party-ownership.md] — supports: Microsoft 365 ownership; confidence: high
History
- [2026-06-28] Stub created from seed registry.
- [2026-06-28] Researched (light); brief stub — RAG content source, not a security product. Ownership Microsoft (public, high). Flagged permissions/DSPM as the real governance concern.